Dynamically size ESP partition to support images > 512MB

internal/gpt.go

@@ -5,21 +5,20 @@ import (
 	"crypto/sha512"
 	"encoding/binary"
 	"hash/crc32"
+	"math"
 )
 
-// Disk size constants
 const (
-	diskSizeBytes   = 1024 * 1024 * 1024 // 1GB
-	diskSizeSectors = diskSizeBytes / 512
-	partitionName   = "esp"
+	mib           = 1024 * 1024
+	gib           = 1024 * mib
+	partitionName = "esp"
 )
 
 // LBA (Logical Block Address) constants
 const (
 	gptHeaderLBA      = 1
 	partitionEntryLBA = 2
 	espStartingLBA    = 2048
-	espEndingLBA      = 1026047
 )
 
 // GUID constants for disk and partition
@@ -28,8 +27,15 @@ const (
 	espPartitionGUID = "87654321-4321-8765-4321-876543218765"
 )
 
-// Generates the deterministic UEFI disk GUID hash for TDX measurements
-func calculateUEFIDiskGUIDHash() []byte {
+// Generates the deterministic UEFI disk GUID hash for TDX measurements.
+// Sizes are derived from the EFI file size in the same way as mkosi.postoutput
+func calculateUEFIDiskGUIDHash(efiSize int) []byte {
+	// Compute partition geometry to match systemd-repart + sgdisk behavior
+	espBytes := int(math.Ceil(float64(efiSize+32*mib)/4096)) * 4096 // repart rounds SizeMaxBytes up to 4096
+	diskBytes := int(math.Ceil(float64(espBytes+mib)/float64(gib))) * gib
+	diskSizeSectors := uint64(diskBytes / 512)
+	espEndingLBA := uint64(espStartingLBA + espBytes/512 - 1)
+
 	// GPT Header at LBA 1
 	header := struct {
 		Signature                [8]byte

internal/mr.go

@@ -256,7 +256,7 @@ func MeasureRTMR1And2(kernelData []byte, initrdData []byte, kernelCmdline string
 	rtmr1Log := [][]byte{
 		measureSha384([]byte("Calling EFI Application from Boot Option")),
 		measureSha384([]byte{0x00, 0x00, 0x00, 0x00}), // Separator.
-		calculateUEFIDiskGUIDHash(),
+		calculateUEFIDiskGUIDHash(len(kernelData)),
 		ukiAuthHash.Hash(crypto.SHA384),
 		kernelAuthHash.Hash(crypto.SHA384),
 		measureSha384([]byte("Exit Boot Services Invocation")),