5 files changed, 1 insertions, 125 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot-native_257.1.bb b/meta/recipes-core/systemd/systemd-boot-native_257.3.bb
index 15db156d4f..05ebe7b63e 100644
--- a/meta/recipes-core/systemd/systemd-boot-native_257.1.bb
+++ b/meta/recipes-core/systemd/systemd-boot-native_257.3.bb
@@ -1,8 +1,6 @@
 require systemd.inc
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
-SRC_URI += "file://0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch"
 inherit native
 deltask do_configure
diff --git a/meta/recipes-core/systemd/systemd-boot_257.1.bb b/meta/recipes-core/systemd/systemd-boot_257.3.bb
index 6a50ac05aa..6a50ac05aa 100644
--- a/meta/recipes-core/systemd/systemd-boot_257.1.bb
+++ b/meta/recipes-core/systemd/systemd-boot_257.3.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 65785ac098..31d26a9fc1 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                    file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "47eea9ee9f46537bc18d6a64fa21fd9c50538e13"
+SRCREV = "876ee10e0eb4bbb0920bdab7817a9f06cc34910f"
 SRCBRANCH = "v257-stable"
 SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}"
diff --git a/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch b/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch
deleted file mode 100644
index 3be56cb9c0..0000000000
--- a/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 60d76dce7b013406412bc9720dbf05fb558ea099 Mon Sep 17 00:00:00 2001
-From: Daan De Meyer <daan.j.demeyer@gmail.com>
-Date: Tue, 4 Feb 2025 09:24:26 +0100
-Subject: [PATCH] ukify/measure: Revert changes to use SizeOfImage from Linux
- PE binary
-With 19812661f1f65ebe777d1626b5abf6475faababc, we make sure at runtime
-in the stub itself that SizeOfImage from the Linux EFISTUB PE binary is
-taken into account, so there's no need to take this into account in ukify
-itself. By reverting the ukify change, we again ensure that Misc_VirtualSize
-reflects the actual size of the Linux EFISTUB PE binary in the .linux section
-which lots of tooling depends on. It also makes sure we don't measure a bunch
-of extra zeroes in the stub which should fix systemd-pcrlock measurements as
-well.
-This effectively reverts 2188c759f97e40b97ebe3e94e82239f36b525b10 and
-0005411352f9bda0d9887c37b9e75a2bce6c1133.
-Fixes #35851
---
- src/measure/measure.c | 32 --------------------------------
- src/ukify/ukify.py    | 16 ++--------------
- 2 files changed, 2 insertions(+), 46 deletions(-)
-Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38801c91292fde004bec0974ed5602984701e03b]
-diff --git a/src/measure/measure.c b/src/measure/measure.c
-index e583444e0bf..2057ce2a0e6 100644
--- a/src/measure/measure.c
-+++ b/src/measure/measure.c
-@@ -544,38 +544,6 @@ static int measure_kernel(PcrState *pcr_states, size_t n) {
-                         m += sz;
-                 }
- 
-                if (c == UNIFIED_SECTION_LINUX) {
-                        _cleanup_free_ PeHeader *pe_header = NULL;
-
-                        r = pe_load_headers(fd, /*ret_dos_header=*/ NULL, &pe_header);
-                        if (r < 0)
-                                log_warning_errno(r, "Failed to parse kernel image file '%s', ignoring: %m", arg_sections[c]);
-                        else if (m < pe_header->optional.SizeOfImage) {
-                                memzero(buffer, BUFFER_SIZE);
-
-                                /* Our EFI stub measures VirtualSize bytes of the .linux section into PCR 11.
-                                 * Notably, VirtualSize can be larger than the section's size on disk. In
-                                 * that case the extra space is initialized with zeros, so the stub ends up
-                                 * measuring a bunch of zeros. To accommodate this, we have to measure the
-                                 * same number of zeros here. We opt to measure extra zeros here instead of
-                                 * modifying the stub to only measure the number of bytes on disk as we want
-                                 * newer ukify + systemd-measure to work with older versions of the stub and
-                                 * as of 6.12 the kernel image's VirtualSize won't be larger than its size on
-                                 * disk anymore (see https://github.com/systemd/systemd/issues/34578#issuecomment-2382459515).
-                                 */
-
-                                while (m < pe_header->optional.SizeOfImage) {
-                                        uint64_t sz = MIN(BUFFER_SIZE, pe_header->optional.SizeOfImage - m);
-
-                                        for (size_t i = 0; i < n; i++)
-                                                if (EVP_DigestUpdate(mdctx[i], buffer, sz) != 1)
-                                                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run digest.");
-
-                                        m += sz;
-                                }
-                        }
-                }
-
-                 fd = safe_close(fd);
- 
-                 if (m == 0) /* We skip over empty files, the stub does so too */
-diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
-index 3f36aa7af6b..08e7622c499 100755
--- a/src/ukify/ukify.py
-+++ b/src/ukify/ukify.py
-@@ -388,7 +388,6 @@ class Section:
-     tmpfile: Optional[IO[Any]] = None
-     measure: bool = False
-     output_mode: Optional[str] = None
-    virtual_size: Optional[int] = None
- 
-     @classmethod
-     def create(cls, name: str, contents: Union[str, bytes, Path, None], **kwargs: Any) -> 'Section':
-@@ -918,10 +917,7 @@ def pe_add_sections(uki: UKI, output: str) -> None:
- 
-         new_section.set_file_offset(offset)
-         new_section.Name = section.name.encode()
-        if section.virtual_size is not None:
-            new_section.Misc_VirtualSize = section.virtual_size
-        else:
-            new_section.Misc_VirtualSize = len(data)
-+        new_section.Misc_VirtualSize = len(data)
-         # Non-stripped stubs might still have an unaligned symbol table at the end, making their size
-         # unaligned, so we make sure to explicitly pad the pointer to new sections to an aligned offset.
-         new_section.PointerToRawData = round_up(len(pe.__data__), pe.OPTIONAL_HEADER.FileAlignment)
-@@ -1166,6 +1162,7 @@ def make_uki(opts: UkifyConfig) -> None:
-         ('.uname',   opts.uname,      True),
-         ('.splash',  opts.splash,     True),
-         ('.pcrpkey', pcrpkey,         True),
-+        ('.linux',   linux,           True),
-         ('.initrd',  initrd,          True),
-         ('.ucode',   opts.microcode,  True),
-     ]  # fmt: skip
-@@ -1182,15 +1179,6 @@ def make_uki(opts: UkifyConfig) -> None:
-     for section in opts.sections:
-         uki.add_section(section)
- 
-    if linux is not None:
-        try:
-            virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage
-        except pefile.PEFormatError:
-            print(f'{linux} is not a valid PE file, not using SizeOfImage.')
-            virtual_size = None
-
-        uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size))
-
-     # Don't add a sbat section to profile PE binaries.
-     if opts.join_profiles or not opts.profile:
-         if linux is not None:
-- 
-2.43.0
diff --git a/meta/recipes-core/systemd/systemd_257.1.bb b/meta/recipes-core/systemd/systemd_257.3.bb
index cdf72a5015..cdf72a5015 100644
--- a/meta/recipes-core/systemd/systemd_257.1.bb
+++ b/meta/recipes-core/systemd/systemd_257.3.bb

diff --git a/meta/recipes-core/systemd/systemd-boot-native_257.1.bb b/meta/recipes-core/systemd/systemd-boot-native_257.3.bb index 15db156d4f..05ebe7b63e 100644 --- a/meta/recipes-core/systemd/systemd-boot-native_257.1.bb +++ b/meta/recipes-core/systemd/systemd-boot-native_257.3.bb
@@ -1,8 +1,6 @@
1	require systemd.inc	1	require systemd.inc
2	FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"	2	FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
3		3
4	SRC_URI += "file://0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch"
5
6	inherit native	4	inherit native
7		5
8	deltask do_configure	6	deltask do_configure


diff --git a/meta/recipes-core/systemd/systemd-boot_257.1.bb b/meta/recipes-core/systemd/systemd-boot_257.3.bb index 6a50ac05aa..6a50ac05aa 100644 --- a/meta/recipes-core/systemd/systemd-boot_257.1.bb +++ b/meta/recipes-core/systemd/systemd-boot_257.3.bb


diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 65785ac098..31d26a9fc1 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc
@@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later"
15	LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \	15	LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
16	file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"	16	file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
17		17
18	SRCREV = "47eea9ee9f46537bc18d6a64fa21fd9c50538e13"	18	SRCREV = "876ee10e0eb4bbb0920bdab7817a9f06cc34910f"
19	SRCBRANCH = "v257-stable"	19	SRCBRANCH = "v257-stable"
20	SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}"	20	SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}"
21		21


diff --git a/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch b/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch deleted file mode 100644 index 3be56cb9c0..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-ukify-measure-Revert-changes-to-use-SizeOfImage-from.patch +++ /dev/null
@@ -1,122 +0,0 @@
1	From 60d76dce7b013406412bc9720dbf05fb558ea099 Mon Sep 17 00:00:00 2001
2	From: Daan De Meyer <daan.j.demeyer@gmail.com>
3	Date: Tue, 4 Feb 2025 09:24:26 +0100
4	Subject: [PATCH] ukify/measure: Revert changes to use SizeOfImage from Linux
5	PE binary
6
7	With 19812661f1f65ebe777d1626b5abf6475faababc, we make sure at runtime
8	in the stub itself that SizeOfImage from the Linux EFISTUB PE binary is
9	taken into account, so there's no need to take this into account in ukify
10	itself. By reverting the ukify change, we again ensure that Misc_VirtualSize
11	reflects the actual size of the Linux EFISTUB PE binary in the .linux section
12	which lots of tooling depends on. It also makes sure we don't measure a bunch
13	of extra zeroes in the stub which should fix systemd-pcrlock measurements as
14	well.
15
16	This effectively reverts 2188c759f97e40b97ebe3e94e82239f36b525b10 and
17	0005411352f9bda0d9887c37b9e75a2bce6c1133.
18
19	Fixes #35851
20	---
21	src/measure/measure.c \| 32 --------------------------------
22	src/ukify/ukify.py \| 16 ++--------------
23	2 files changed, 2 insertions(+), 46 deletions(-)
24
25	Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
26
27	Upstream-Status: Backport [https://github.com/systemd/systemd/commit/38801c91292fde004bec0974ed5602984701e03b]
28
29	diff --git a/src/measure/measure.c b/src/measure/measure.c
30	index e583444e0bf..2057ce2a0e6 100644
31	--- a/src/measure/measure.c
32	+++ b/src/measure/measure.c
33	@@ -544,38 +544,6 @@ static int measure_kernel(PcrState *pcr_states, size_t n) {
34	m += sz;
35	}
36
37	- if (c == UNIFIED_SECTION_LINUX) {
38	- _cleanup_free_ PeHeader *pe_header = NULL;
39	-
40	- r = pe_load_headers(fd, /ret_dos_header=/ NULL, &pe_header);
41	- if (r < 0)
42	- log_warning_errno(r, "Failed to parse kernel image file '%s', ignoring: %m", arg_sections[c]);
43	- else if (m < pe_header->optional.SizeOfImage) {
44	- memzero(buffer, BUFFER_SIZE);
45	-
46	- /* Our EFI stub measures VirtualSize bytes of the .linux section into PCR 11.
47	- * Notably, VirtualSize can be larger than the section's size on disk. In
48	- * that case the extra space is initialized with zeros, so the stub ends up
49	- * measuring a bunch of zeros. To accommodate this, we have to measure the
50	- * same number of zeros here. We opt to measure extra zeros here instead of
51	- * modifying the stub to only measure the number of bytes on disk as we want
52	- * newer ukify + systemd-measure to work with older versions of the stub and
53	- * as of 6.12 the kernel image's VirtualSize won't be larger than its size on
54	- * disk anymore (see https://github.com/systemd/systemd/issues/34578#issuecomment-2382459515).
55	- */
56	-
57	- while (m < pe_header->optional.SizeOfImage) {
58	- uint64_t sz = MIN(BUFFER_SIZE, pe_header->optional.SizeOfImage - m);
59	-
60	- for (size_t i = 0; i < n; i++)
61	- if (EVP_DigestUpdate(mdctx[i], buffer, sz) != 1)
62	- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run digest.");
63	-
64	- m += sz;
65	- }
66	- }
67	- }
68	-
69	fd = safe_close(fd);
70
71	if (m == 0) /* We skip over empty files, the stub does so too */
72	diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
73	index 3f36aa7af6b..08e7622c499 100755
74	--- a/src/ukify/ukify.py
75	+++ b/src/ukify/ukify.py
76	@@ -388,7 +388,6 @@ class Section:
77	tmpfile: Optional[IO[Any]] = None
78	measure: bool = False
79	output_mode: Optional[str] = None
80	- virtual_size: Optional[int] = None
81
82	@classmethod
83	def create(cls, name: str, contents: Union[str, bytes, Path, None], **kwargs: Any) -> 'Section':
84	@@ -918,10 +917,7 @@ def pe_add_sections(uki: UKI, output: str) -> None:
85
86	new_section.set_file_offset(offset)
87	new_section.Name = section.name.encode()
88	- if section.virtual_size is not None:
89	- new_section.Misc_VirtualSize = section.virtual_size
90	- else:
91	- new_section.Misc_VirtualSize = len(data)
92	+ new_section.Misc_VirtualSize = len(data)
93	# Non-stripped stubs might still have an unaligned symbol table at the end, making their size
94	# unaligned, so we make sure to explicitly pad the pointer to new sections to an aligned offset.
95	new_section.PointerToRawData = round_up(len(pe.__data__), pe.OPTIONAL_HEADER.FileAlignment)
96	@@ -1166,6 +1162,7 @@ def make_uki(opts: UkifyConfig) -> None:
97	('.uname', opts.uname, True),
98	('.splash', opts.splash, True),
99	('.pcrpkey', pcrpkey, True),
100	+ ('.linux', linux, True),
101	('.initrd', initrd, True),
102	('.ucode', opts.microcode, True),
103	] # fmt: skip
104	@@ -1182,15 +1179,6 @@ def make_uki(opts: UkifyConfig) -> None:
105	for section in opts.sections:
106	uki.add_section(section)
107
108	- if linux is not None:
109	- try:
110	- virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage
111	- except pefile.PEFormatError:
112	- print(f'{linux} is not a valid PE file, not using SizeOfImage.')
113	- virtual_size = None
114	-
115	- uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size))
116	-
117	# Don't add a sbat section to profile PE binaries.
118	if opts.join_profiles or not opts.profile:
119	if linux is not None:
120	--
121	2.43.0
122


diff --git a/meta/recipes-core/systemd/systemd_257.1.bb b/meta/recipes-core/systemd/systemd_257.3.bb index cdf72a5015..cdf72a5015 100644 --- a/meta/recipes-core/systemd/systemd_257.1.bb +++ b/meta/recipes-core/systemd/systemd_257.3.bb