starlingx/integ
Code Issues Proposed changes
c71a3ea424
integ/grub/grub-efi/debian/patches/0008-efi-chainloader-implement-an-UEFI-Exit-service.patch
Li Zhou 48a2e836ff Debian: grub-efi: porting from LAT 
This is done for moving packages that are related to secure boot
out of LAT and into integ.

Use grub version: 2.06-1 .

Port grub-efi from LAT and make its build independent from grub2.
The patches for code and changes for debian build are ported from
layers ( meta-lat and meta-secure-core ) of yocto upstream.
Make grub-efi independent from grub2 because some code changes
for secure boot can make grub-pc's build fail.

This porting of grub-efi customizes grub images and grub.cfg for
efi boot. Install those files customized to grub-efi-amd64 package.

Test Plan:
 The tests are done with all the changes for this porting,
 which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
 they are in a chain for secure boot verification.
 - PASS: secure boot OK on qemu.
 - PASS: secure boot OK on PowerEdge R430 lab.
 - PASS: secure boot NG on qemu/hardware when shim/grub-efi images
         are without the right signatures.

Story: 2009221
Task: 46402

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia3b482c1959b5e6462fe54f0b0e59a69db1b1ca7
2022-10-08 21:50:14 -04:00

84 lines
2.7 KiB
Diff
Raw Blame History

From a210b02b15d68bfe38651295f35edb1a21cef475 Mon Sep 17 00:00:00 2001
From: Matt Fleming <matt.fleming@intel.com>
Date: Fri, 27 Mar 2015 08:11:19 -0700
Subject: [PATCH] efi: chainloader: implement an UEFI Exit service
Upstream-Status: Inappropriate [embedded specific]
Implement an UEFI Exit service for shim in grub.
When exiting, grub will call the UEFI boot-time service Exit. The
effect of this is that UEFI will jump to the entry point of the
UEFI started image. If we execute an image using shim within grub,
shim takes care of loading/parsing/relocating/executing the image.
Under this scenario, we also need to take care of the Exit call. Thus,
we need to reimplement the function to make sure we perform a jump
to the instruction after which shim executed the image.
Once we have taken care of the exit of the shim-executed image
the system Exit call is restored.
Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
[lz: Adapt git shortlog.]
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
grub-core/kern/x86_64/efi/callwrap.S | 23 +++++++++++++++++++++++
include/grub/efi/api.h | 4 ++++
2 files changed, 27 insertions(+)
diff --git a/grub-core/kern/x86_64/efi/callwrap.S b/grub-core/kern/x86_64/efi/callwrap.S
index 1337fd9..b849c2c 100644
--- a/grub-core/kern/x86_64/efi/callwrap.S
+++ b/grub-core/kern/x86_64/efi/callwrap.S
@@ -48,6 +48,26 @@ FUNCTION(efi_wrap_1)
addq $40, %rsp
ret
+FUNCTION(efi_call_foo)
+ pushq %rbp
+ pushq %r12
+ pushq %r13
+ pushq %r14
+ pushq %r15
+ movq %rsp, saved_sp(%rip)
+ subq $48, %rsp
+ mov %rsi, %rcx
+ call *%rdi
+
+FUNCTION(efi_shim_exit)
+ movq saved_sp(%rip), %rsp
+ popq %r15
+ popq %r14
+ popq %r13
+ popq %r12
+ popq %rbp
+ ret
+
FUNCTION(efi_wrap_2)
subq $40, %rsp
mov %rsi, %rcx
@@ -127,3 +147,6 @@ FUNCTION(efi_wrap_10)
call *%rdi
addq $88, %rsp
ret
+
+ .data
+saved_sp: .quad 0
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index f1a5221..de3bbbd 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -1776,6 +1776,10 @@ typedef struct grub_efi_rng_protocol grub_efi_rng_protocol_t;
grub_uint64_t EXPORT_FUNC(efi_wrap_0) (void *func);
grub_uint64_t EXPORT_FUNC(efi_wrap_1) (void *func, grub_uint64_t arg1);
+grub_efi_status_t EXPORT_FUNC(efi_shim_exit) (grub_efi_handle_t handle, grub_efi_status_t exit_status,
+ grub_efi_uintn_t exit_data_size, grub_efi_char16_t *exit_data) __attribute__((noreturn));
+grub_uint64_t EXPORT_FUNC(efi_call_foo) (void *func, grub_uint64_t arg1,
+ grub_uint64_t arg2);
grub_uint64_t EXPORT_FUNC(efi_wrap_2) (void *func, grub_uint64_t arg1,
grub_uint64_t arg2);
grub_uint64_t EXPORT_FUNC(efi_wrap_3) (void *func, grub_uint64_t arg1,
--
2.17.1
View Git Blame Copy Permalink