chore: bump sd-boot to v254-rc1

Bump sd-boot.
Fix parsing PE executable offsets.
Set the PE file alignment to be 512 bytes.

Signed-off-by: Noel Georgi <git@frezbo.dev>

Dockerfile

@@ -28,10 +28,6 @@ FROM ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub
 FROM --platform=amd64 ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub-amd64
 FROM --platform=arm64 ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub-arm64
 
-FROM ghcr.io/siderolabs/sd-stub:${PKGS} AS pkg-sd-stub
-FROM --platform=amd64 ghcr.io/siderolabs/sd-stub:${PKGS} AS pkg-sd-stub-amd64
-FROM --platform=arm64 ghcr.io/siderolabs/sd-stub:${PKGS} AS pkg-sd-stub-arm64
-
 FROM ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot
 FROM --platform=amd64 ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot-amd64
 FROM --platform=arm64 ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot-arm64
@@ -740,7 +736,6 @@ COPY --from=gen-uki-certs /src/_out /
 
 FROM --platform=${BUILDPLATFORM} ukify-tools AS uki-build-amd64
 WORKDIR /build
-COPY --from=pkg-sd-stub-amd64 / _out/
 COPY --from=pkg-sd-boot-amd64 / _out/
 COPY --from=pkg-kernel-amd64 /boot/vmlinuz _out/vmlinuz-amd64
 COPY --from=initramfs-archive-amd64 /initramfs.xz _out/initramfs-amd64.xz
@@ -756,7 +751,6 @@ COPY --from=uki-build-amd64 /build/_out/uki-certs/db.auth /db.auth
 
 FROM --platform=${BUILDPLATFORM} ukify-tools AS uki-build-arm64
 WORKDIR /build
-COPY --from=pkg-sd-stub-arm64 / _out/
 COPY --from=pkg-sd-boot-arm64 / _out/
 COPY --from=pkg-kernel-arm64 /boot/vmlinuz _out/vmlinuz-arm64
 COPY --from=initramfs-archive-arm64 /initramfs.xz _out/initramfs-arm64.xz

Makefile

@@ -13,8 +13,8 @@ DOCKER_LOGIN_ENABLED ?= true
 NAME = Talos
 
 ARTIFACTS := _out
-TOOLS ?= ghcr.io/siderolabs/tools:v1.5.0-alpha.0-16-gcd3b692
-PKGS ?= v1.5.0-alpha.0-31-g43451e6
+TOOLS ?= ghcr.io/siderolabs/tools:v1.5.0-alpha.0-17-g9b6d512
+PKGS ?= v1.5.0-alpha.0-33-g205cab6
 EXTRAS ?= v1.5.0-alpha.0-1-ga73d524
 # renovate: datasource=github-tags depName=golang/go
 GO_VERSION ?= 1.20

cmd/installer/pkg/iso.go

@@ -18,8 +18,12 @@ import (
 )
 
 const (
-	// UKIISOSize is the size of the UKI ISO.
-	UKIISOSize = 120 * 1024 * 1024
+	// MiB is the size of a megabyte.
+	MiB = 1024 * 1024
+	// UKIISOSizeAMD64 is the size of the AMD64 UKI ISO.
+	UKIISOSizeAMD64 = 80 * MiB
+	// UKIISOSizeARM64 is the size of the ARM64 UKI ISO.
+	UKIISOSizeARM64 = 120 * MiB
 )
 
 // CreateISO creates an iso by invoking the `grub-mkrescue` command.
@@ -71,7 +75,13 @@ func CreateUKIISO(iso, dir, arch string) error {
 		return err
 	}
 
-	if err := f.Truncate(UKIISOSize); err != nil {
+	isoSize := UKIISOSizeAMD64
+
+	if arch == "arm64" {
+		isoSize = UKIISOSizeARM64
+	}
+
+	if err := f.Truncate(int64(isoSize)); err != nil {
 		return err
 	}
 

hack/ukify/main.go

@@ -88,8 +88,8 @@ type section struct {
 	name    constants.Section
 	file    string
 	measure bool
-	size    uint32
-	vma     uint32
+	size    uint64
+	vma     uint64
 }
 
 func buildUKI(source, output string, sections []section) error {
@@ -107,9 +107,16 @@ func buildUKI(source, output string, sections []section) error {
 	// find the first VMA address
 	lastSection := peFile.Sections[len(peFile.Sections)-1]
 
-	const alignment = 0xfff
+	// align the VMA to 512 bytes
+	// https://github.com/saferwall/pe/blob/main/helper.go#L22-L26
+	const alignment = 0x1ff
 
-	baseVMA := lastSection.Header.VirtualAddress + lastSection.Header.VirtualSize
+	header, ok := peFile.NtHeader.OptionalHeader.(pe.ImageOptionalHeader64)
+	if !ok {
+		return fmt.Errorf("failed to get optional header")
+	}
+
+	baseVMA := header.ImageBase + uint64(lastSection.Header.VirtualAddress) + uint64(lastSection.Header.VirtualSize)
 	baseVMA = (baseVMA + alignment) &^ alignment
 
 	// calculate sections size and VMA
@@ -119,7 +126,7 @@ func buildUKI(source, output string, sections []section) error {
 			return err
 		}
 
-		sections[i].size = uint32(st.Size())
+		sections[i].size = uint64(st.Size())
 		sections[i].vma = baseVMA
 
 		baseVMA += sections[i].size

pkg/machinery/gendata/data/pkgs

@@ -1 +1 @@
-v1.5.0-alpha.0-31-g43451e6
+v1.5.0-alpha.0-33-g205cab6