f

siderolabs · Jan 9, 2025 · 9b913e5 · 9b913e5
1 parent d287b3f
commit 9b913e5
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/internal/pkg/secureboot/uki/internal/pe/pe.go b/internal/pkg/secureboot/uki/internal/pe/pe.go
@@ -14,6 +14,7 @@ import (
 	"os"
 	"os/exec"
 	"slices"
+	"time"
 
 	"github.com/siderolabs/gen/xslices"
 	"github.com/siderolabs/talos/internal/pkg/secureboot"
@@ -160,6 +161,7 @@ func AssembleNative(srcPath, dstPath, arch string, sections []Section) error {
 	}
 
 	newFileHeader := peFile.FileHeader
+	newFileHeader.TimeDateStamp = uint32(time.Now().Unix()) // [TODO]: use SOURCE_DATE_EPOCH
 
 	// find the first VMA address
 	lastSection := peFile.Sections[len(peFile.Sections)-1]
@@ -343,6 +345,10 @@ func AssembleNative(srcPath, dstPath, arch string, sections []Section) error {
 			return fmt.Errorf("failed to copy section data: %w", err)
 		}
 
+		if n > int64(rawSection.SizeOfRawData) {
+			return fmt.Errorf("section data is too large: %d > %d", n, rawSection.SizeOfRawData)
+		}
+
 		if n < int64(rawSection.SizeOfRawData) {
 			_, err = io.CopyN(out, zeroReader{}, int64(rawSection.SizeOfRawData)-n)
 			if err != nil {

diff --git a/internal/pkg/secureboot/uki/internal/pe/pe_test.go b/internal/pkg/secureboot/uki/internal/pe/pe_test.go
@@ -19,6 +19,7 @@ import (
 
 func TestAssembleNative(t *testing.T) {
 	tmpDir := t.TempDir()
+	//tmpDir := "/tmp"
 
 	outNative := filepath.Join(tmpDir, "uki-native.bin")
 	outObjcopy := filepath.Join(tmpDir, "uki-objcopy.bin")
@@ -65,6 +66,11 @@ func TestAssembleNative(t *testing.T) {
 		},
 	}))
 
+	diff, err := exec.Command("binwalk", "-Wi", outObjcopy, outNative).CombinedOutput()
+	require.NoError(t, err, string(diff))
+
+	t.Log(string(diff))
+
 	outputNative, err := exec.Command("objdump", "-x", outNative).CombinedOutput()
 	require.NoError(t, err, string(outputNative))
 
@@ -73,8 +79,28 @@ func TestAssembleNative(t *testing.T) {
 
 	assert.Equal(t, string(outputObjcopy), string(outputNative))
 
-	outputDiffoscope, err := exec.Command("diffoscope", outObjcopy, outNative).CombinedOutput()
-	require.NoError(t, err, string(outputDiffoscope))
+	for _, sectionName := range []string{
+		".text",
+		".rodata",
+		".data",
+		".sbat",
+		".sdmagic",
+		".reloc",
+		".uname",
+		".linux",
+	} {
+		sectionObjcopy, err := exec.Command("objdump", "-s", "--section", sectionName, outObjcopy).CombinedOutput()
+		require.NoError(t, err, string(sectionObjcopy))
+
+		sectionObjcopy = bytes.ReplaceAll(sectionObjcopy, []byte(outObjcopy), []byte("uki.bin"))
+
+		sectionNative, err := exec.Command("objdump", "-s", "--section", sectionName, outNative).CombinedOutput()
+		require.NoError(t, err, string(sectionNative))
+
+		sectionNative = bytes.ReplaceAll(sectionNative, []byte(outNative), []byte("uki.bin"))
+
+		assert.Equal(t, string(sectionObjcopy), string(sectionNative))
+	}
 
 	t.Fail()
 }