Re: 回复: Non-reproducible binaries generated by GenFw

Laszlo Ersek

Hi Liming,

On 03/11/21 05:44, gaoliming wrote:
I verify -z option. It can remove DEBUG entry and make sure the generated image be reproduced.
I tried the "--zero" option myself (as seen in the BZ), but it didn't
work. What I did was the following: in the original run of the "build"
utility, I redirected the standard output and the standard error to a
log file. Then, I located the "GenFw" invocation that produced the
"Shell.efi" binary from the "Shell.dll" file. I also checked that the
"Shell.dll" file did not contain the full pathname, embedded -- so it
was GenFw that embedded the full file path indeed.

Then, I re-run the GenFw utility myself, interactively, and added the
"--zero" flag to the command line. The output did not change,
"Shell.efi" still contained the full pathname embedded. I also couldn't
find a spot in the GenFw source code where "--zero" would have prevented
a call to WriteDebug64(), or otherwise eliminated the NB10 entry.

... So at this point I'm not sure if I simply messed up my testing. :(

Ross -- can you please confirm? Does Liming's suggestion work for you?




As per, GenFw
writes non-reproducible binaries by embedding a build path. In fact in
a build of ovmf with embedded shell, this one path is the sole source
of non-determinism.

WriteDebug64() is always called in GenFw on output and that embeds
into the NB10 entry the input filename. As build paths change this is
a source of non-determinism. There already exists a --zero option to
wipe out debug paths but this is in release builds so I'm not sure
what the best solution is. I can see several options:

1) Release builds should not call WriteDebug64() at all
2) --zero should wipe the NB10 entry, and release builds should pass that
3) GenFw should support path remapping (like gcc's -ffile-prefix-map)
to turn build paths into something consistent.

Any suggestions?


