From patchwork Tue Nov 29 17:56:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 629720 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EE8BC4167B for ; Tue, 29 Nov 2022 17:56:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233673AbiK2R4h (ORCPT ); Tue, 29 Nov 2022 12:56:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236718AbiK2R42 (ORCPT ); Tue, 29 Nov 2022 12:56:28 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87C7669ABF for ; Tue, 29 Nov 2022 09:56:26 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 22BAC61883 for ; Tue, 29 Nov 2022 17:56:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EDAEFC433D6; Tue, 29 Nov 2022 17:56:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669744585; bh=sJWC16ILyfOZbxbYy2fDoMRiovsRGsCARg2aTQp3F7w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eFgtduMxiw/oWvzdPa3/ta8K9yNNPqSrp7FhvkoV62mImIJmZaAJId/xe1P54I0q0 Di62i/2jIUq9iKsuEXccAMgjxJ93MW8NRy0x6FvbagbMGkqrR31YB6CRPhE7ueiwTw 75kQX0BIfQFXZSLMT3HbcJDBo493g5rh0KZ+Yi4N5mQxUxlucWS5p+Aqyk6hoEgzGa BiMPSFKzh278eejPyiJpQB8yohIGdytnnt77ZFGQpo68xANcz0PbLrIPaU1EwO+Ek6 SQaXdMlGnhaF7aH0OVoYzhV226VAr3hdctYeamNoZDAfAVVjhxihD3bB4fl4E0DcDn hisXCcK9Ywbjg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: grub-devel@gnu.org, Ard Biesheuvel , Huacai Chen , Atish Patra , Heinrich Schuchardt , Daniel Kiper , Leif Lindholm Subject: [PATCH v2 1/2] efi: libstub: Always enable initrd command line loader and bump version Date: Tue, 29 Nov 2022 18:56:15 +0100 Message-Id: <20221129175616.2089294-2-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221129175616.2089294-1-ardb@kernel.org> References: <20221129175616.2089294-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2817; i=ardb@kernel.org; h=from:subject; bh=sJWC16ILyfOZbxbYy2fDoMRiovsRGsCARg2aTQp3F7w=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjhke9Kz2RUlfp+gIYhmk64X5pkVsVyFWPV20I4WZH Q6FAh8yJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCY4ZHvQAKCRDDTyI5ktmPJJP0C/ 9xhsRl0z2uL+HnC9hp1kb2Q+Qc6QCLJoCMX9m63FAMhjXJpSJ3wJspyG+Tm6Or5DCy8yXiwKEeGhkT FCZTYrOG8rrv2ouYKeNivNi0klw/nPhYlV8yekTbuQCTle2GiYVq6f8BfvzklH3NooSCLpsBoWpKbU sa4hKMQVDx03MXUkuIZRee1hFpWTED1k8Qw2i3PuvegrER/2kV1DUoqaGpLiXIjDtipBsDUnvo3gEI lwwp0rEUiS+eTtMiePEXa94JwTDC6+y90NB+a8/epaVOqxXBKhbaLMexcFn1JSuJR5R9rltbrbCy0p 6cYqv/90De4nHh+31we1w1EQFJH47c2YowyMi5HqtoCcaUZ8NK+sTf/751SvzhUrmHrl6IC5QdKBv8 cykX1FuiXDKOCy6vC+qur936OWmADx4sju99QnDQ+6fkrSFhQNSkz0gJv863oGvVa2sOJzJAhq2Tse ID36gncfYdALPTUkwPx5E9+9BeRfGDQLkaHPdCWbA1hzY= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In preparation for setting a cross-architecture baseline for EFI boot support, remove the Kconfig option that permits the command line initrd loader to be disabled. Also, bump the minor version so that any image built with the new version can be identified as supporting this. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/Kconfig | 15 --------------- drivers/firmware/efi/libstub/efi-stub-helper.c | 3 +-- include/linux/pe.h | 2 +- 3 files changed, 2 insertions(+), 18 deletions(-) diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index 08ed88e49ea307b0..043ca31c114ebf2a 100644 --- a/drivers/firmware/efi/Kconfig +++ b/drivers/firmware/efi/Kconfig @@ -106,21 +106,6 @@ config EFI_ARMSTUB_DTB_LOADER functionality for bootloaders that do not have such support this option is necessary. -config EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER - bool "Enable the command line initrd loader" if !X86 - depends on EFI_STUB && (EFI_GENERIC_STUB || X86) - default y if X86 - help - Select this config option to add support for the initrd= command - line parameter, allowing an initrd to be loaded into memory that - resides on a file system backed by an implementation of - EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. - - This method has been superseded by the simpler LoadFile2 based - initrd loading method, but the initrd= loader is retained as it - can be used from the UEFI Shell or other generic loaders that - don't implement the Linux specific LoadFile2 method. - config EFI_BOOTLOADER_CONTROL tristate "EFI Bootloader Control" select UCS2_STRING diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 739454d8063af8b1..f5a4bdacac642846 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -538,8 +538,7 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image, unsigned long soft_limit, unsigned long hard_limit) { - if (!IS_ENABLED(CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER) || - (IS_ENABLED(CONFIG_X86) && image == NULL)) + if (image == NULL) return EFI_UNSUPPORTED; return handle_cmdline_files(image, L"initrd=", sizeof(L"initrd=") - 2, diff --git a/include/linux/pe.h b/include/linux/pe.h index 1d3836ef9d92dcd8..056a1762de904fc1 100644 --- a/include/linux/pe.h +++ b/include/linux/pe.h @@ -29,7 +29,7 @@ * handover_offset and xloadflags fields in the bootparams structure. */ #define LINUX_EFISTUB_MAJOR_VERSION 0x1 -#define LINUX_EFISTUB_MINOR_VERSION 0x0 +#define LINUX_EFISTUB_MINOR_VERSION 0x1 #define MZ_MAGIC 0x5a4d /* "MZ" */ From patchwork Tue Nov 29 17:56:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 629293 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E21CC433FE for ; Tue, 29 Nov 2022 17:56:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235506AbiK2R4g (ORCPT ); Tue, 29 Nov 2022 12:56:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233673AbiK2R4b (ORCPT ); Tue, 29 Nov 2022 12:56:31 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 580B942F70 for ; Tue, 29 Nov 2022 09:56:30 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id DAC57B817C0 for ; Tue, 29 Nov 2022 17:56:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED93EC43470; Tue, 29 Nov 2022 17:56:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669744587; bh=UX93Xl8KiBVbp6MazX5tzLKdEIA++jV0RAYgrrZ5i2M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OBac+tSVeFqBfQB+2X2sWffQraGRVsXOIsJWPNIEYbLpwFjL1ssaWlMAqitscl/X8 5LHdtDozX95JodfIi6YU0MFb5XqlVec647PEWHhFWi48Gq/zC7c6xiwlgR612JyG2h U8vGf1lRNYaNFZwoXk+1px0ZPTW3A3x/OykxyNhQ3QEa0/1O7FEteNbMidg1Htwpe3 Y0REgcjaKRXuBe27mr5YHTG6cjp9x67Se77yeO6Ro6MR9oocz75b7EiTm1Sr9S0wCh mRj5l/pAx0XMftJPqIZGyuG2a4hPOyBOu2eQqm0/IeNTvLqM3d+pd3tU0dJVSMqkR+ xPW1/cg8JKQpg== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: grub-devel@gnu.org, Ard Biesheuvel , Huacai Chen , Atish Patra , Heinrich Schuchardt , Daniel Kiper , Leif Lindholm Subject: [PATCH v2 2/2] efi: Put Linux specific magic number in the DOS header Date: Tue, 29 Nov 2022 18:56:16 +0100 Message-Id: <20221129175616.2089294-3-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221129175616.2089294-1-ardb@kernel.org> References: <20221129175616.2089294-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4801; i=ardb@kernel.org; h=from:subject; bh=UX93Xl8KiBVbp6MazX5tzLKdEIA++jV0RAYgrrZ5i2M=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjhke/31BoxRvtCpCKP6kv/TAGn3cFwzp0iDpBEqkL oY4sT8+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCY4ZHvwAKCRDDTyI5ktmPJCxTC/ 0U7ixjpXqIqJ7gPITFYfkKCvZ9C4nWPxVUK3nN02pMkWmYpTXd9NgPFlvtIr7+lLkF8BunhBzvejM/ s/J/zztSFSAe4o8CCELsbY7Ivhostrwcd5UHI/BNu5j31Hq0cI5X49LkdCC6FRpPaycu40q7Dor7qS vsszvG7bV/A/0ZVYI44YKzA71j6+cVZXmAh6i+xJTBAAw2yPbmdqZiHJudsUxJxsVs9uttwHNLXmv6 /U02+6jG9uOiGisQfWJWxLLJ7bwxOiqCv5rO8cQyi3IM6x3T4Yt5zVikz13pk5bQNm7zQF6D+5hEiW 52EKK3CLZjfsJCid8XgjLSXqjUAOujkyozuQcdjZYSGo/vxoaifAaX0x8SdNzUfvIHcNp8AeuMuc8T l/w19gEpyjTI5pVV43Di0LquoaOhZLRWaFj1xUkzDuLFBVe0i+bivheYVYMfP4R3svLKI+MaCcEVNx WAysVIxpgq10TyuvRVFXw43UiLSOVDEpLBfv2r7EHwaIM= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org GRUB currently relies on the magic number in the image header of ARM and arm64 EFI kernel images to decide whether or not the image in question is a bootable kernel. However, the purpose of the magic number is to identify the image as one that implements the bare metal boot protocol, and so GRUB, which only does EFI boot, can only boot images that could potentially be booted in a non-EFI manner as well. This is problematic for the new zboot decompressor image format, as it can only boot in EFI mode, and must therefore not use the bare metal boot magic number in its header. For this reason, the strict magic number was dropped from GRUB, to permit essentially any kind of EFI executable to be booted via the 'linux' command, blurring the line between the linux loader and the chainloader. So let's use the same field in the DOS header that RISC-V and arm64 already use for their 'bare metal' magic numbers to store a 'generic Linux kernel' magic number, which can be used to identify bootable kernel images in PE format which don't necessarily implement a bare metal boot protocol in the same binary. Note that, in the context of EFI, the MSDOS header is only described in terms of the fields that it shares with the hybrid PE/COFF image format, (i.e., the magic number at offset #0 and the PE header offset at byte offset #0x3c). Since we aim for compatibility with EFI only, and not with MS-DOS or MS-Windows, we can use the remaining space in the MS-DOS header however we want. Let's set the generic magic number for x86 images as well: existing bootloaders already have their own methods to identify x86 Linux images that can be booted in a non-EFI manner, and having the magic number in place there will ease any future transitions in loader implementations to merge the x86 and non-x86 EFI boot paths. Note that 32-bit ARM already uses the same location in the header for a different purpose, but the ARM support is already widely implemented and the EFI zboot decompressor is not available on ARM anyway, so we just disregard it here. Cc: Huacai Chen Cc: Atish Patra Cc: Heinrich Schuchardt Cc: Daniel Kiper Cc: Leif Lindholm Signed-off-by: Ard Biesheuvel Reviewed-by: Daniel Kiper to your both patches. --- arch/loongarch/kernel/head.S | 3 ++- arch/x86/boot/header.S | 3 ++- drivers/firmware/efi/libstub/zboot-header.S | 3 ++- include/linux/pe.h | 7 +++++++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/loongarch/kernel/head.S b/arch/loongarch/kernel/head.S index 84970e2666588963..caa74439700eee93 100644 --- a/arch/loongarch/kernel/head.S +++ b/arch/loongarch/kernel/head.S @@ -25,7 +25,8 @@ _head: .dword kernel_entry /* Kernel entry point */ .dword _end - _text /* Kernel image effective size */ .quad 0 /* Kernel image load offset from start of RAM */ - .org 0x3c /* 0x20 ~ 0x3b reserved */ + .org 0x38 /* 0x20 ~ 0x38 reserved */ + .long LINUX_PE_MAGIC .long pe_header - _head /* Offset to the PE header */ pe_header: diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index f912d777013052ea..be8f78a7ee325475 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -80,10 +80,11 @@ bs_die: ljmp $0xf000,$0xfff0 #ifdef CONFIG_EFI_STUB - .org 0x3c + .org 0x38 # # Offset to the PE header. # + .long LINUX_PE_MAGIC .long pe_header #endif /* CONFIG_EFI_STUB */ diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S index bc2d7750d7f14174..ec4525d40e0cf6d6 100644 --- a/drivers/firmware/efi/libstub/zboot-header.S +++ b/drivers/firmware/efi/libstub/zboot-header.S @@ -20,7 +20,8 @@ __efistub_efi_zboot_header: .long __efistub__gzdata_size - 12 // payload size .long 0, 0 // reserved .asciz COMP_TYPE // compression type - .org .Ldoshdr + 0x3c + .org .Ldoshdr + 0x38 + .long LINUX_PE_MAGIC .long .Lpehdr - .Ldoshdr // PE header offset .Lpehdr: diff --git a/include/linux/pe.h b/include/linux/pe.h index 056a1762de904fc1..1db4c944efd78f51 100644 --- a/include/linux/pe.h +++ b/include/linux/pe.h @@ -31,6 +31,13 @@ #define LINUX_EFISTUB_MAJOR_VERSION 0x1 #define LINUX_EFISTUB_MINOR_VERSION 0x1 +/* + * LINUX_PE_MAGIC appears at offset 0x38 into the MSDOS header of EFI bootable + * Linux kernel images that target the architecture as specified by the PE/COFF + * header machine type field. + */ +#define LINUX_PE_MAGIC 0x818223cd + #define MZ_MAGIC 0x5a4d /* "MZ" */ #define PE_MAGIC 0x00004550 /* "PE\0\0" */