NEWS: Clarify overlapping UKI PE section offsets

NEWS

@@ -229,8 +229,14 @@ CHANGES WITH 252 in spe:
         * The sd-boot stub exports a StubFeatures flag, which is used by
           bootctl to show features supported by the stub that was used to boot.
 
-        * sd-boot will now try to detect and warn about overlapping PE sections
-          in the UKI.
+        * The PE section offsets that are used by tools that assemble unified
+          kernel images have historically been hard-coded. This may lead to
+          overlapping PE sections which may break on boot. The UKI will now try
+          to detect and warn about this.
+
+          Any tools that assemble UKIs must update to calculate these offsets
+          dynamically. Future sd-stub versions may use offsets that will not
+          work with the currently used set of hard-coded offsets!
 
         * sd-stub now accepts (and passes to the initrd and then to the full
           OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed

man/systemd-stub.xml

@@ -396,6 +396,10 @@
     /usr/lib/systemd/boot/efi/linuxx64.efi.stub \
     foo-unsigned.efi</programlisting>
 
+    <para>Note that these PE section offsets are example values and a properly assembled image must not
+    contain any overlapping sections (this includes already existing sections inside the stub before
+    assembly) or boot may fail.</para>
+
     <para>This generates one PE executable file <filename>foo-unsigned.efi</filename> from the six individual
     files for OS release information, kernel command line, boot splash image, kernel image, main initrd and
     UEFI boot stub.</para>