Hi Ard, Many thanks for your reply. > systemd-boot does not use the EFI handover protocol. Please try to > determine where this confusion comes from: are you using a UKI image > perhaps? I can confirm that both systemd-boot and stub will be used, and you are correct about the stub part, because currently, the stub will lead the system to handover protocol and trigger the problem. > I am trying to understand *why* this particular change works around > the issue. Please elaborate. When I removed the memset, and booted to efi_decompress_kernel, the boot service crashed, and it indicated that the memory region from _bss to the end of boot_heap cannot be overwritten. Upon inspecting the data in the BSS region found one thing is that the _bss address is not fixed on each boot (when the MOR bit is set to 1), and it changes randomly. For example, in normal boot the _bss address is 0xffee0000, if I set MOR to 1, then the address shifts to 0xff990000 or 0xff991000 or 0xff993000. I cannot predict which will be the starting address for the next boot. Since the entire BSS region was not cleaned, and it contains zeros and other data, so I tried to increase the boot_stack size by 0x3000 to cover the 'fragile' part. > My preliminary conclusion here is that your implementation of the EFI > handover protocol (which I fail to understand where it comes from) is > not allocating enough memory. This should be fixed on the bootloader > side, as not clearing the BSS does not prevent this memory from being > corrupted. I understand that the handover protocol is nearing the end of its support and it seems I am only one experiencing the issue. However, from the perspective of backward compatibility, I think this patch maybe useful.