48a2e836ff
This is done for moving packages that are related to secure boot
out of LAT and into integ.
Use grub version: 2.06-1 .
Port grub-efi from LAT and make its build independent from grub2.
The patches for code and changes for debian build are ported from
layers ( meta-lat and meta-secure-core ) of yocto upstream.
Make grub-efi independent from grub2 because some code changes
for secure boot can make grub-pc's build fail.
This porting of grub-efi customizes grub images and grub.cfg for
efi boot. Install those files customized to grub-efi-amd64 package.
Test Plan:
The tests are done with all the changes for this porting,
which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
they are in a chain for secure boot verification.
- PASS: secure boot OK on qemu.
- PASS: secure boot OK on PowerEdge R430 lab.
- PASS: secure boot NG on qemu/hardware when shim/grub-efi images
are without the right signatures.
Story: 2009221
Task: 46402
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia3b482c1959b5e6462fe54f0b0e59a69db1b1ca7
162 lines
5.4 KiB
Diff
162 lines
5.4 KiB
Diff
From 1b807419bd99382cfeb9584ab7e8c10a0e416c5d Mon Sep 17 00:00:00 2001
|
|
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
|
Date: Fri, 27 Mar 2015 08:09:58 -0700
|
|
Subject: [PATCH] shim: add needed data structures
|
|
|
|
Upstream-Status: Inappropriate [embedded specific]
|
|
|
|
Add the needed data structures for shim to load, parse, relocate and
|
|
execute a binary. This includes file-parsing structures, an identifier for
|
|
the UEFI protocol for image verification under secure boot provided by shim.
|
|
|
|
Shim is thin loader developed by Matthew Garret
|
|
(https://github.com/rhinstaller/shim). This code was ported from such project.
|
|
|
|
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
|
---
|
|
include/grub/efi/shim.h | 132 ++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 132 insertions(+)
|
|
create mode 100644 include/grub/efi/shim.h
|
|
|
|
diff --git a/include/grub/efi/shim.h b/include/grub/efi/shim.h
|
|
new file mode 100644
|
|
index 0000000..4b92a00
|
|
--- /dev/null
|
|
+++ b/include/grub/efi/shim.h
|
|
@@ -0,0 +1,132 @@
|
|
+/*
|
|
+ * shim.h - interface to shim: UEFI first-stage bootloader
|
|
+ *
|
|
+ * Copyright 2015 Intel Corporation.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ *
|
|
+ * Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in the
|
|
+ * documentation and/or other materials provided with the
|
|
+ * distribution.
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ *
|
|
+ * Significant portions of this code are derived from Red Hat shim: UEFI
|
|
+ * first-stage bootloader.
|
|
+ * (https://github.com/rhinstaller/shim) and are Copyright 2012 Red Hat, Inc
|
|
+ */
|
|
+
|
|
+#ifndef GRUB_SHIM_HEADER
|
|
+#define GRUB_SHIM_HEADER 1
|
|
+
|
|
+#include <grub/efi/pe32.h>
|
|
+
|
|
+struct grub_nt_headers32
|
|
+{
|
|
+ grub_efi_uint32_t signature;
|
|
+ struct grub_pe32_coff_header file_hdr;
|
|
+ struct grub_pe32_optional_header opt_hdr;
|
|
+};
|
|
+
|
|
+struct grub_nt_headers64
|
|
+{
|
|
+ grub_efi_uint32_t signature;
|
|
+ struct grub_pe32_coff_header file_hdr;
|
|
+ struct grub_pe64_optional_header opt_hdr;
|
|
+};
|
|
+
|
|
+struct grub_image_base_relocation
|
|
+{
|
|
+ grub_efi_uint32_t virtual_address;
|
|
+ grub_efi_uint32_t block_size;
|
|
+};
|
|
+
|
|
+struct grub_shim_pe_coff_loader_image_context {
|
|
+ grub_efi_uint64_t image_address;
|
|
+ grub_efi_uint64_t image_size;
|
|
+ grub_efi_uint64_t entry_point;
|
|
+ grub_efi_uintn_t header_size;
|
|
+ grub_efi_uint16_t image_type;
|
|
+ grub_efi_uint16_t num_sections;
|
|
+ struct grub_pe32_section_table *first_section;
|
|
+ struct grub_pe32_data_directory *reloc_dir;
|
|
+ struct grub_pe32_data_directory *sec_dir;
|
|
+ grub_efi_uint64_t number_of_rva_and_sizes;
|
|
+ union grub_shim_optional_header_union *pe_hdr;
|
|
+};
|
|
+
|
|
+struct grub_shim_lock
|
|
+{
|
|
+ grub_efi_status_t
|
|
+ (*verify) (void *buffer,
|
|
+ grub_uint32_t size);
|
|
+
|
|
+ grub_efi_status_t
|
|
+ (*hash) (grub_int8_t *data,
|
|
+ grub_int32_t datasize,
|
|
+ struct grub_shim_pe_coff_loader_image_context *context,
|
|
+ grub_uint8_t sha256hash,
|
|
+ grub_uint8_t sha1hash);
|
|
+
|
|
+ grub_efi_status_t
|
|
+ (*context) (void *data,
|
|
+ grub_uint32_t datasize,
|
|
+ struct grub_shim_pe_coff_loader_image_context *context);
|
|
+};
|
|
+
|
|
+union grub_shim_optional_header_union
|
|
+{
|
|
+ struct grub_nt_headers32 pe32;
|
|
+ struct grub_nt_headers64 pe32plus;
|
|
+ struct grub_te_header te;
|
|
+};
|
|
+
|
|
+#define GRUB_EFI_SHIM_PROTOCOL_GUID \
|
|
+ { 0x605dab50, 0xe046, 0x4300, \
|
|
+ { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
|
|
+ }
|
|
+
|
|
+#define SIGNATURE_16(A, B) ((A) | (B << 8))
|
|
+#define SIGNATURE_32(A, B, C, D) (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16))
|
|
+
|
|
+#define EFI_IMAGE_DOS_SIGNATURE SIGNATURE_16('M', 'Z')
|
|
+#define EFI_IMAGE_NT_SIGNATURE SIGNATURE_32('P', 'E', '\0', '\0')
|
|
+
|
|
+#define EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC 5
|
|
+
|
|
+#define ALIGN_VALUE(Value, Alignment) ((Value) + (((Alignment) - (Value)) & ((Alignment) - 1)))
|
|
+#define ALIGN_POINTER(Pointer, Alignment) ((void *) (ALIGN_VALUE ((grub_efi_uintn_t)(Pointer), (Alignment))))
|
|
+
|
|
+/* Based relocation types. */
|
|
+
|
|
+#define EFI_IMAGE_REL_BASED_ABSOLUTE 0
|
|
+#define EFI_IMAGE_REL_BASED_HIGH 1
|
|
+#define EFI_IMAGE_REL_BASED_LOW 2
|
|
+#define EFI_IMAGE_REL_BASED_HIGHLOW 3
|
|
+#define EFI_IMAGE_REL_BASED_HIGHADJ 4
|
|
+#define EFI_IMAGE_REL_BASED_MIPS_JMPADDR 5
|
|
+#define EFI_IMAGE_REL_BASED_ARM_MOV32A 5
|
|
+#define EFI_IMAGE_REL_BASED_ARM_MOV32T 7
|
|
+#define EFI_IMAGE_REL_BASED_IA64_IMM64 9
|
|
+#define EFI_IMAGE_REL_BASED_MIPS_JMPADDR16 9
|
|
+#define EFI_IMAGE_REL_BASED_DIR64 10
|
|
+
|
|
+
|
|
+#endif /* ! GRUB_SHIM_HEADER */
|
|
--
|
|
2.17.1
|
|
|