[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Booting signed xen.efi through shim



>>> On 14.09.17 at 18:20, <tamas@xxxxxxxxxxxxx> wrote:
> Of course, you can grab them from here:
> https://drive.google.com/drive/folders/0B5duyI9SzNtWaXE0cjM1QzZJbVk?usp=shar 
> ing

So the dumps of the two (using my own tool) are identical except for
the expected difference due to the certificate. In particular neither
image has any strange relocation types afaics, and both have the
sort of unexpected, but also supposedly benign
IMAGE_SCN_LNK_NRELOC_OVFL flag set for .bss. Hence I'm afraid ...

> I've verified that xen-signed.efi boots with Secureboot enabled when
> booted directly but doesn't boot through the shim.

... you'll need to do some debugging in order to figure out what's
going on here. With the above the prime suspect is the shim though,
fiddling with the image after loading it into memory. So perhaps
dumping the .reloc section contents in order to compare it with
what's in the image may be a suitable approach.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.