[RFC] efi_loader: UKI Secure Boot verification failure with PE section gaps

[Aleksandr Iashchenko]

Hi,

I am using U-Boot as UEFI firmware and trying to boot a Unified Kernel Image 
(UKI) with Secure Boot enabled.

I see a signature verification failure in U-Boot, even though the image is 
signed with the correct key (trusted in db).
The issue appears to be related to gaps between PE sections (UKI built by ukify 
from systemd).

My understanding of the current flow / why signature verification fails: 


1. efi_image_parse() computes bytes_hashed as a sum of aligned section sizes 
(without explicitly accounting for file gaps). This seems consistent with what 
sbsign is doing.
2. Then the final "extra data" region is defined as the range from efi + 
bytes_hashed up to the certificate table. This region will have non-zero length 
in case if there were gaps.
3. The start of "extra data" region will overlap with already added regions.
4. As a result, efi_image_region_add(..., nocheck=0) will reject this final 
region because of the detected overlap, so it is not included in the hashed 
region list. In contrast, sbsigntools still computes the hash including this 
final extra-data range, which leads to a mismatch and signature verification 
failure in U-Boot.

I'm not entirely sure - is this an issue on the U-Boot side? I reviewed the 
Authenticode specification (the PE/COFF hashing rules), but I did not find a 
clear description of how gaps between sections should be handled when computing 
the hashed regions. In practice, the way U-Boot computes the hash in this case 
it seems differs from how sbsigntools computes it. Would it make sense to 
include the final "extra data" region regardless of a potential overlap (i.e., 
using nocheck=1) so that verification remains consistent with the signing tools?

Thanks for your feedback.