Revision tags: v5.4.46, v5.7.2, v5.4.45, v5.7.1, v5.4.44, v5.7, v5.4.43, v5.4.42 |
|
#
27cd5511 |
| 19-May-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Use pool allocation for the command line Now that we removed the memory limit for the allocation of the command line, there is no longer a need to use the page based all
efi/libstub: Use pool allocation for the command line Now that we removed the memory limit for the allocation of the command line, there is no longer a need to use the page based allocator so switch to a pool allocation instead. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
80b1bfe1 |
| 20-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Don't parse overlong command lines Check if the command line passed in is larger than COMMAND_LINE_SIZE, and truncate it to the last full argument if so. Signed-off
efi/libstub: Don't parse overlong command lines Check if the command line passed in is larger than COMMAND_LINE_SIZE, and truncate it to the last full argument if so. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200521002921.69650-1-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
04b24409 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Use snprintf with %ls to convert the command line Now we can use snprintf to do the UTF-16 to UTF-8 translation for the command line. Drop the special "zero" trick
efi/libstub: Use snprintf with %ls to convert the command line Now we can use snprintf to do the UTF-16 to UTF-8 translation for the command line. Drop the special "zero" trick to handle an empty command line. This was unnecessary even before this since with options_chars == 0, efi_utf16_to_utf8 would not have accessed options at all. snprintf won't access it either with a precision of 0. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-25-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
15c316bc |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Get the exact UTF-8 length efi_convert_cmdline currently overestimates the length of the equivalent UTF-8 encoding. snprintf can now be used to do the conversion to
efi/libstub: Get the exact UTF-8 length efi_convert_cmdline currently overestimates the length of the equivalent UTF-8 encoding. snprintf can now be used to do the conversion to UTF-8, however, it does not have a way to specify the size of the UTF-16 string, only the size of the resulting UTF-8 string. So in order to use it, we need to precalculate the exact UTF-8 size. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-24-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
4b75bd36 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Add UTF-8 decoding to efi_puts In order to be able to use the UTF-16 support added to vsprintf in the previous commit, enhance efi_puts to decode UTF-8 into UTF-16. Invalid
efi/libstub: Add UTF-8 decoding to efi_puts In order to be able to use the UTF-16 support added to vsprintf in the previous commit, enhance efi_puts to decode UTF-8 into UTF-16. Invalid UTF-8 encodings are passed through unchanged. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-22-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
14c574f3 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/gop: Add an option to list out the available GOP modes Add video=efifb:list option to list the modes that are available. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
efi/gop: Add an option to list out the available GOP modes Add video=efifb:list option to list the modes that are available. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-20-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
23d5b73f |
| 20-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Implement printk-style logging Use the efi_printk function in efi_info/efi_err, and add efi_debug. This allows formatted output at different log levels. Add the not
efi/libstub: Implement printk-style logging Use the efi_printk function in efi_info/efi_err, and add efi_debug. This allows formatted output at different log levels. Add the notion of a loglevel instead of just quiet/not-quiet, and parse the efi=debug kernel parameter in addition to quiet. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200520170223.GA3333632@rani.riverdale.lan/ Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
8fb331e1 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/printf: Turn vsprintf into vsnprintf Implement vsnprintf instead of vsprintf to avoid the possibility of a buffer overflow. Signed-off-by: Arvind Sankar <nivedita@alum.mit.e
efi/printf: Turn vsprintf into vsnprintf Implement vsnprintf instead of vsprintf to avoid the possibility of a buffer overflow. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-17-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
2c7d1e30 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Add a basic printf implementation Copy vsprintf from arch/x86/boot/printf.c to get a simple printf implementation. Signed-off-by: Arvind Sankar <nivedita@alum.mit.e
efi/libstub: Add a basic printf implementation Copy vsprintf from arch/x86/boot/printf.c to get a simple printf implementation. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-5-nivedita@alum.mit.edu [ardb: add some missing braces in if...else clauses] Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
fd0528a2 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Buffer output of efi_puts Use a buffer to convert the string to UTF-16. This will reduce the number of firmware calls required to print the string from one per character
efi/libstub: Buffer output of efi_puts Use a buffer to convert the string to UTF-16. This will reduce the number of firmware calls required to print the string from one per character to one per string in most cases. Cast the input char to unsigned char before converting to efi_char16_t to avoid sign-extension in case there are any non-ASCII characters in the input. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-4-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
cb8c90a0 |
| 18-May-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Rename efi_[char16_]printk to efi_[char16_]puts These functions do not support formatting, unlike printk. Rename them to puts to make that clear. Move the implement
efi/libstub: Rename efi_[char16_]printk to efi_[char16_]puts These functions do not support formatting, unlike printk. Rename them to puts to make that clear. Move the implementations of these two functions next to each other. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200518190716.751506-3-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.41, v5.4.40, v5.4.39 |
|
#
0b8d9fc9 |
| 05-May-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Make efi_printk() input argument const char* To help the compiler figure out that efi_printk() will not modify the string it is given, make the input argument type const cha
efi/libstub: Make efi_printk() input argument const char* To help the compiler figure out that efi_printk() will not modify the string it is given, make the input argument type const char*. While at it, simplify the implementation as well. Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.38, v5.4.37 |
|
#
f61900fd |
| 30-Apr-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/libstub: Unify initrd loading across architectures Factor out the initrd loading into a common function that can be called both from the generic efi-stub.c and the x86-specific x86-s
efi/libstub: Unify initrd loading across architectures Factor out the initrd loading into a common function that can be called both from the generic efi-stub.c and the x86-specific x86-stub.c. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200430182843.2510180-10-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.36, v5.4.35, v5.4.34, v5.4.33 |
|
#
980771f6 |
| 16-Apr-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Drop __pure getters for EFI stub options The practice of using __pure getter functions to access global variables in the EFI stub dates back to the time when we had to c
efi/libstub: Drop __pure getters for EFI stub options The practice of using __pure getter functions to access global variables in the EFI stub dates back to the time when we had to carefully prevent GOT entries from being emitted, because we could not rely on the toolchain to do this for us. Today, we use the hidden visibility pragma for all EFI stub source files, which now all live in the same subdirectory, and we apply a sanity check on the objects, so we can get rid of these getter functions and simply refer to global data objects directly. So switch over the remaining boolean variables carrying options set on the kernel command line. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
ccc27ae7 |
| 16-Apr-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Drop __pure getter for efi_system_table The practice of using __pure getter functions to access global variables in the EFI stub dates back to the time when we had to ca
efi/libstub: Drop __pure getter for efi_system_table The practice of using __pure getter functions to access global variables in the EFI stub dates back to the time when we had to carefully prevent GOT entries from being emitted, because we could not rely on the toolchain to do this for us. Today, we use the hidden visibility pragma for all EFI stub source files, which now all live in the same subdirectory, and we apply a sanity check on the objects, so we can get rid of these getter functions and simply refer to global data objects directly. Start with efi_system_table(), and convert it into a global variable. While at it, make it a pointer-to-const, because we can. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
54439370 |
| 16-Apr-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi: Kill __efistub_global Now that both arm and x86 are using the linker script to place the EFI stub's global variables in the correct section, remove __efistub_global. Signed
efi: Kill __efistub_global Now that both arm and x86 are using the linker script to place the EFI stub's global variables in the correct section, remove __efistub_global. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20200416151227.3360778-4-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.32, v5.4.31, v5.4.30, v5.4.29, v5.6, v5.4.28, v5.4.27 |
|
#
fffb6804 |
| 19-Mar-2020 |
Arvind Sankar <nivedita@alum.mit.edu> |
efi/gop: Allow specifying mode number on command line Add the ability to choose a video mode for the selected gop by using a command-line argument of the form video=efifb:mod
efi/gop: Allow specifying mode number on command line Add the ability to choose a video mode for the selected gop by using a command-line argument of the form video=efifb:mode=<n> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Link: https://lore.kernel.org/r/20200320020028.1936003-12-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.26, v5.4.25, v5.4.24, v5.4.23, v5.4.22, v5.4.21, v5.4.20 |
|
#
f7b85b33 |
| 14-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub/x86: Make loaded_image protocol handling mixed mode safe Add the definitions and use the special wrapper so that the loaded_image UEFI protocol can be safely used from mixed
efi/libstub/x86: Make loaded_image protocol handling mixed mode safe Add the definitions and use the special wrapper so that the loaded_image UEFI protocol can be safely used from mixed mode. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
Revision tags: v5.4.19, v5.4.18 |
|
#
79d3219d |
| 04-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Take noinitrd cmdline argument into account for devpath initrd One of the advantages of using what basically amounts to a callback interface into the bootloader for loading
efi/libstub: Take noinitrd cmdline argument into account for devpath initrd One of the advantages of using what basically amounts to a callback interface into the bootloader for loading the initrd is that it provides a natural place for the bootloader or firmware to measure the initrd contents while they are being passed to the kernel. Unfortunately, this is not a guarantee that the initrd will in fact be loaded and its /init invoked by the kernel, since the command line may contain the 'noinitrd' option, in which case the initrd is ignored, but this will not be reflected in the PCR that covers the initrd measurement. This could be addressed by measuring the command line as well, and including that PCR in the attestation policy, but this locks down the command line completely, which may be too restrictive. So let's take the noinitrd argument into account in the stub, too. This forces any PCR that covers the initrd to assume a different value when noinitrd is passed, allowing an attestation policy to disregard the command line if there is no need to take its measurement into account for other reasons. As Peter points out, this would still require the agent that takes the measurements to measure a separator event into the PCR in question at ExitBootServices() time, to prevent replay attacks using the known measurement from the TPM log. Cc: Peter Jones <pjones@redhat.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
ec93fc37 |
| 03-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Add support for loading the initrd from a device path There are currently two ways to specify the initrd to be passed to the Linux kernel when booting via the EFI stub:
efi/libstub: Add support for loading the initrd from a device path There are currently two ways to specify the initrd to be passed to the Linux kernel when booting via the EFI stub: - it can be passed as a initrd= command line option when doing a pure PE boot (as opposed to the EFI handover protocol that exists for x86) - otherwise, the bootloader or firmware can load the initrd into memory, and pass the address and size via the bootparams struct (x86) or device tree (ARM) In the first case, we are limited to loading from the same file system that the kernel was loaded from, and it is also problematic in a trusted boot context, given that we cannot easily protect the command line from tampering without either adding complicated white/blacklisting of boot arguments or locking down the command line altogether. In the second case, we force the bootloader to duplicate knowledge about the boot protocol which is already encoded in the stub, and which may be subject to change over time, e.g., bootparams struct definitions, memory allocation/alignment requirements for the placement of the initrd etc etc. In the ARM case, it also requires the bootloader to modify the hardware description provided by the firmware, as it is passed in the same file. On systems where the initrd is measured after loading, it creates a time window where the initrd contents might be manipulated in memory before handing over to the kernel. Address these concerns by adding support for loading the initrd into memory by invoking the EFI LoadFile2 protocol installed on a vendor GUIDed device path that specifically designates a Linux initrd. This addresses the above concerns, by putting the EFI stub in charge of placement in memory and of passing the base and size to the kernel proper (via whatever means it desires) while still leaving it up to the firmware or bootloader to obtain the file contents, potentially from other file systems than the one the kernel itself was loaded from. On platforms that implement measured boot, it permits the firmware to take the measurement right before the kernel actually consumes the contents. Acked-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
91d150c0 |
| 10-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Clean up command line parsing routine We currently parse the command non-destructively, to avoid having to allocate memory for a copy before passing it to the standard parsi
efi/libstub: Clean up command line parsing routine We currently parse the command non-destructively, to avoid having to allocate memory for a copy before passing it to the standard parsing routines that are used by the core kernel, and which modify the input to delineate the parsed tokens with NUL characters. Instead, we call strstr() and strncmp() to go over the input multiple times, and match prefixes rather than tokens, which implies that we would match, e.g., 'nokaslrfoo' in the stub and disable KASLR, while the kernel would disregard the option and run with KASLR enabled. In order to avoid having to reason about whether and how this behavior may be abused, let's clean up the parsing routines, and rebuild them on top of the existing helpers. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
5193a33d |
| 10-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Move file I/O support code into separate file Split off the file I/O support code into a separate source file so it ends up in a separate object file in the static library,
efi/libstub: Move file I/O support code into separate file Split off the file I/O support code into a separate source file so it ends up in a separate object file in the static library, allowing the linker to omit it if the routines are not used. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
b8717454 |
| 10-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Move get_dram_base() into arm-stub.c get_dram_base() is only called from arm-stub.c so move it into the same source file as its caller. Signed-off-by: Ard Biesheuve
efi/libstub: Move get_dram_base() into arm-stub.c get_dram_base() is only called from arm-stub.c so move it into the same source file as its caller. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
1e45bf73 |
| 10-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub/x86: Permit cmdline data to be allocated above 4 GB We now support cmdline data that is located in memory that is not 32-bit addressable, so relax the allocation limit on sys
efi/libstub/x86: Permit cmdline data to be allocated above 4 GB We now support cmdline data that is located in memory that is not 32-bit addressable, so relax the allocation limit on systems where this feature is enabled. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|
#
a46a290a |
| 10-Feb-2020 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: Use consistent type names for file I/O protocols Align the naming of efi_file_io_interface_t and efi_file_handle_t with the UEFI spec, and call them efi_simple_file_system_p
efi/libstub: Use consistent type names for file I/O protocols Align the naming of efi_file_io_interface_t and efi_file_handle_t with the UEFI spec, and call them efi_simple_file_system_protocol_t and efi_file_protocol_t, respectively, using the same convention we use for all other type definitions that originate in the UEFI spec. While at it, move the definitions to efistub.h, so they are only seen by code that needs them. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
show more ...
|