Bug#1138699: systemd-boot-efi: does not load kernel on 64k boundary

Agathe Porte agathe.porte at oss.qualcomm.com
Tue Jun 2 14:24:41 BST 2026 

Package: systemd-boot-efi
Version: 261~rc2-1
Severity: normal
X-Debbugs-Cc: agathe.porte at oss.qualcomm.com
Control: tag -1 +patch

Dear Maintainer,

The systemd aarch64 stub located at /usr/lib/systemd/boot/efi/linuxaa64.efi.stub
does not load the kernel into a 64k boundary which is what the kernel
segments are aligned to in arm64:

	objdump -h /boot/vmlinuz-7.1-arm64

	/boot/vmlinuz-7.1-arm64:     file format pei-aarch64-little

	Sections:
	Idx Name          Size      VMA               LMA               File off  Algn
	  0 .text         02480000  0000000000010000  0000000000010000  00010000  2**2
			  CONTENTS, ALLOC, LOAD, READONLY, CODE
	  1 .data         00794a00  0000000002490000  0000000002490000  02490000  2**2
			  CONTENTS, ALLOC, LOAD, DATA

This is exposed by the following message during boot when using this
stub with ukify to create an UKI:

	FIRMWARE BUG: kernel image not aligned on 64k boundary

This check is done in linux’s drivers/firmware/efi/libstub/arm64-stub.c
which is chained from systemd-stub. It was introduced in the following
commit:

	commit c32ac11da3f83bb42b986702a9b92f0a14ed4182
	Author: Ard Biesheuvel <ardb at kernel.org>
	Date:   Mon Jul 26 16:31:44 2021 +0200

	    efi/libstub: arm64: Double check image alignment at entry

	    On arm64, the stub only moves the kernel image around in memory if
	    needed, which is typically only for KASLR, given that relocatable
	    kernels (which is the default) can run from any 64k aligned address,
	    which is also the minimum alignment communicated to EFI via the PE/COFF
	    header.

	    Unfortunately, some loaders appear to ignore this header, and load the
	    kernel at some arbitrary offset in memory. We can deal with this, but
	    let's check for this condition anyway, so non-compliant code can be
	    spotted and fixed.

	    Cc: <stable at vger.kernel.org> # v5.10+
	    Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
	    Tested-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>

The "some loaders" in the commit message seems to refer to systemd-stub,
because this issue is present and triggers on my T14s arm64 laptop.

I am currently running a workaround (attached as a patch) to have the
memory aligned on a 64k boundary to have the message go away. The proper
implementation would probably require to read the SectionAlignment of
the .linux section and align to it instead of hardcoding it to 64k as
demonstrated here.

Thanks,

Agathe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-stub-load-kernel-in-64k-aligned-memory.patch
Type: application/mbox
Size: 1556 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20260602/8c0f37a0/attachment.mbox>

More information about the Pkg-systemd-maintainers mailing list