48a2e836ff
This is done for moving packages that are related to secure boot
out of LAT and into integ.
Use grub version: 2.06-1 .
Port grub-efi from LAT and make its build independent from grub2.
The patches for code and changes for debian build are ported from
layers ( meta-lat and meta-secure-core ) of yocto upstream.
Make grub-efi independent from grub2 because some code changes
for secure boot can make grub-pc's build fail.
This porting of grub-efi customizes grub images and grub.cfg for
efi boot. Install those files customized to grub-efi-amd64 package.
Test Plan:
The tests are done with all the changes for this porting,
which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
they are in a chain for secure boot verification.
- PASS: secure boot OK on qemu.
- PASS: secure boot OK on PowerEdge R430 lab.
- PASS: secure boot NG on qemu/hardware when shim/grub-efi images
are without the right signatures.
Story: 2009221
Task: 46402
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia3b482c1959b5e6462fe54f0b0e59a69db1b1ca7
64 lines
2.4 KiB
Diff
64 lines
2.4 KiB
Diff
From 9645bb29a0ffb93c854cbeed175c62775ba38bb7 Mon Sep 17 00:00:00 2001
|
|
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
|
Date: Fri, 27 Mar 2015 08:29:13 -0700
|
|
Subject: [PATCH] efi: chainloader: boot the image using shim
|
|
|
|
Upstream-Status: Inappropriate [embedded specific]
|
|
|
|
If the image was loaded using shim, boot the image. Given that
|
|
shim loaded the image, the UEFI firmware will not know where to
|
|
jump after the execution completes. Thus, replace the UEFI boot
|
|
service Exit with our own implementation to make sure we jump
|
|
to the instruction after the call to the entry point.
|
|
|
|
Replace the system Exit service when done.
|
|
|
|
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
|
---
|
|
grub-core/loader/efi/chainloader.c | 27 ++++++++++++++++++++++++++-
|
|
1 file changed, 26 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
|
index 121af25..adaf3c9 100644
|
|
--- a/grub-core/loader/efi/chainloader.c
|
|
+++ b/grub-core/loader/efi/chainloader.c
|
|
@@ -609,9 +609,34 @@ grub_chainloader_boot (void)
|
|
grub_efi_status_t status;
|
|
grub_efi_uintn_t exit_data_size;
|
|
grub_efi_char16_t *exit_data = NULL;
|
|
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
|
+ grub_efi_status_t
|
|
+ (*saved_exit) (grub_efi_handle_t image_handle,
|
|
+ grub_efi_status_t exit_status,
|
|
+ grub_efi_uintn_t exit_data_size,
|
|
+ grub_efi_char16_t *exit_data) __attribute__((noreturn));
|
|
|
|
b = grub_efi_system_table->boot_services;
|
|
- status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data);
|
|
+
|
|
+ if (!shim_used)
|
|
+ status = efi_call_3 (b->start_image, image_handle, &exit_data_size, &exit_data);
|
|
+ else
|
|
+ {
|
|
+ saved_exit = grub_efi_system_table->boot_services->exit;
|
|
+ grub_efi_system_table->boot_services->exit = efi_shim_exit;
|
|
+ status = efi_call_foo(shim_entry_point,
|
|
+ (grub_efi_uint64_t)grub_efi_image_handle,
|
|
+ (grub_efi_uint64_t)grub_efi_system_table);
|
|
+ grub_efi_system_table->boot_services->exit = saved_exit;
|
|
+
|
|
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
|
+ if (!loaded_image)
|
|
+ /* TODO: this is serious, what to do? */
|
|
+ grub_error (GRUB_ERR_BAD_OS, "GRUB loaded image not found");
|
|
+ else
|
|
+ /* restore loaded image */
|
|
+ grub_memcpy(loaded_image, &shim_li_bak, sizeof(shim_li_bak));
|
|
+ }
|
|
if (status != GRUB_EFI_SUCCESS)
|
|
{
|
|
if (exit_data)
|
|
--
|
|
2.17.1
|
|
|