Skip to content

fix(headless): reassemble DTBS ELF without sectools under --allow_unsigned#6

Open
xueqnie wants to merge 1 commit into
qualcomm:mainfrom
xueqnie:fix/headless-sectools-free-reassembly
Open

fix(headless): reassemble DTBS ELF without sectools under --allow_unsigned#6
xueqnie wants to merge 1 commit into
qualcomm:mainfrom
xueqnie:fix/headless-sectools-free-reassembly

Conversation

@xueqnie

@xueqnie xueqnie commented Jul 2, 2026

Copy link
Copy Markdown

qdte --nogui --allow_unsigned can't reassemble uefi_dtbs.elf because the v2/DTBS reassembly path hard-requires the external sectools binary. In headless/CI/Yocto environments sectools isn't present, so gf['sectoolsDir'] is None and reassembly crashes with a TypeError before it starts — the DTBs get edited but the ELF is never regenerated.

Under --allow_unsigned, sectools does no signing anyway; it just packs the DTBS blob into a single PT_LOAD ELF. This adds a native fallback: if sectools is available use it (signed path unchanged), otherwise reassemble natively using the packers already bundled in XBLConfig/elf_gen_tools.py, preserving entry/vaddr/paddr/alignment.

Complements #5. Tested against a real Hamoa uefi_dtbs.elf and end-to-end capsule apply on hardware (qualcomm-linux/meta-qcom#2456).

…igned

QDTE's v2 reassembly path (used for uefi_dtbs.elf and other DTBS-style
config ELFs) shells out to the external sectools binary to wrap the
DTBS payload back into an ELF. On a minimal Yocto sysroot -- the
headless --nogui / --allow_unsigned flow that downstream image builds
rely on -- sectools is not present. When --sectools_dir is not supplied,
gf['sectoolsDir'] is None and reassemble_config_elf() crashes before
reassembly starts (TypeError: ... not NoneType), so uefi_dtbs.elf can
never be reassembled in an unsigned build.

Under --allow_unsigned the sectools call does no signing -- it only
packs the (already page-aligned) DTBS data into a single PT_LOAD ELF at
the original entry/load address. Reproduce that natively using the ELF
header / program header packers already bundled in
XBLConfig/elf_gen_tools.py, and fall back to it whenever a usable
sectools path is not available. The signed path is unchanged. Also
initialise sectool_path and guard the gf['sectoolsDir'] join.

Verified against a real Hamoa uefi_dtbs.elf: qdte --nogui --modify
injects QcCapsuleRootCert into both cert-bearing DTBs and reassembles a
valid ELF (entry/class/alignment preserved, DTBs intact, certs confirmed
via pyfdt) with no sectools on PATH.

Signed-off-by: Xueqian Nie <xueqian.nie@oss.qualcomm.com>
@igoropaniuk

Copy link
Copy Markdown

Nice, we can also drop dependency on secboot in CI workflow introduced in #5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants