Trying to load EFI binaries with the ImageBase field in the PE binary fails with errors like
cloud-hypervisor: 61.698026ms: <_disk0_q0> ERROR:virtio-devices/src/thread_helper.rs:55 -- Error running worker: HandleEvent(Failed to process queue (submit): RequestExecuting(GetHostAddress(InvalidGuestAddress(GuestAddress(5603131392)))))
An example of such a binary is any UKI using the systemd boot stub compiled from recent versions of systemd, these set the ImageBase field to a pseudo-random value1. Forcing this to be opt.ImageBase = 0 allows the stub to be loaded by hypervisor-fw.
objdump of working EFI binary:
src/boot/efi/linuxx64.efi.stub: file format pei-x86-64
src/boot/efi/linuxx64.efi.stub
architecture: i386:x86-64, flags 0x00000103:
HAS_RELOC, EXEC_P, D_PAGED
start address 0x0000000000009135
Characteristics 0x22e
executable
line numbers stripped
symbols stripped
large address aware
debugging information removed
Time/Date Wed Jul 24 21:45:14 2024
Magic 020b (PE32+)
MajorLinkerVersion 0
MinorLinkerVersion 0
SizeOfCode 000000000001a8fe
SizeOfInitializedData 000000000000615e
SizeOfUninitializedData 0000000000000000
AddressOfEntryPoint 0000000000009135
BaseOfCode 0000000000001000
ImageBase 0000000000000000
SectionAlignment 00001000
FileAlignment 00000200
MajorOSystemVersion 0
MinorOSystemVersion 0
MajorImageVersion 257
MinorImageVersion 0
MajorSubsystemVersion 1
MinorSubsystemVersion 1
Win32Version 00000000
SizeOfImage 00026000
SizeOfHeaders 00000400
CheckSum 00000000
Subsystem 0000000a (EFI application)
DllCharacteristics 00000160
HIGH_ENTROPY_VA
DYNAMIC_BASE
NX_COMPAT
SizeOfStackReserve 0000000000100000
SizeOfStackCommit 0000000000001000
SizeOfHeapReserve 0000000000100000
SizeOfHeapCommit 0000000000001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010
objdump of broken EFI binary:
src/boot/efi/linuxx64.efi.stub: file format pei-x86-64
src/boot/efi/linuxx64.efi.stub
architecture: i386:x86-64, flags 0x00000103:
HAS_RELOC, EXEC_P, D_PAGED
start address 0x000000014df99135
Characteristics 0x22e
executable
line numbers stripped
symbols stripped
large address aware
debugging information removed
Time/Date Wed Jul 24 21:37:09 2024
Magic 020b (PE32+)
MajorLinkerVersion 0
MinorLinkerVersion 0
SizeOfCode 000000000001a8fe
SizeOfInitializedData 000000000000615e
SizeOfUninitializedData 0000000000000000
AddressOfEntryPoint 0000000000009135
BaseOfCode 0000000000001000
ImageBase 000000014df90000
SectionAlignment 00001000
FileAlignment 00000200
MajorOSystemVersion 0
MinorOSystemVersion 0
MajorImageVersion 257
MinorImageVersion 0
MajorSubsystemVersion 1
MinorSubsystemVersion 1
Win32Version 00000000
SizeOfImage 00026000
SizeOfHeaders 00000400
CheckSum 00000000
Subsystem 0000000a (EFI application)
DllCharacteristics 00000160
HIGH_ENTROPY_VA
DYNAMIC_BASE
NX_COMPAT
SizeOfStackReserve 0000000000100000
SizeOfStackCommit 0000000000001000
SizeOfHeapReserve 0000000000100000
SizeOfHeapCommit 0000000000001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010
Trying to load EFI binaries with the ImageBase field in the PE binary fails with errors like
An example of such a binary is any UKI using the systemd boot stub compiled from recent versions of systemd, these set the ImageBase field to a pseudo-random value1. Forcing this to be
opt.ImageBase = 0allows the stub to be loaded by hypervisor-fw.objdump of working EFI binary:
objdump of broken EFI binary:
Footnotes
https://github.com/systemd/systemd/blob/11d5e2b5fbf9f6bfa5763fd45b56829ad4f0777f/tools/elf2efi.py#L602 ↩