From nobody Mon Feb 9 11:33:02 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104092+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104092+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1683263856; cv=none; d=zohomail.com; s=zohoarc; b=JD37ZG8mf5/zZVUquuN7jmzcfPebZOMyoEvKMIgYjHYpjshFMsPhix9khbpu4mKrtCwYpWhyzRGcUonoEHNKGOggaXgoy3E2FYNXE1qfRWn40E6NlnvDCNILbTu32HQEFv9LuB9SSxGp7oUPNe6kIRtwjQ0q4HngULNeEW14B+0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683263856; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Aa+roeb/EgYMHkhm/EAce1enYJ6MshY9qWNo4XjHme8=; b=esM7pCnhHCAqv7QY+FpPsLLlel1pcLaSIbgqDgQNb/BxkEcDv8NkvA/Tm+vmXzsRVqzg6GviDXBCND+HCQR5JOLbBHm5OJTmhcBoJYgWo7uMEXEAyFBa69YCnk/srQx6gYNltrnugIaIfMW0KD7dxn2J6Llqz00+FkyzbzkX9gQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104092+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683263856968218.46999526788647; Thu, 4 May 2023 22:17:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id lrdLYY1788612xSE4NR3U9SV; Thu, 04 May 2023 22:17:36 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.20160.1683263855749496387 for ; Thu, 04 May 2023 22:17:35 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-537-gCa6BSpDOVitAGD7k4zgiA-1; Fri, 05 May 2023 01:17:30 -0400 X-MC-Unique: gCa6BSpDOVitAGD7k4zgiA-1 X-Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C288385A5B1; Fri, 5 May 2023 05:17:29 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.60]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CB21111E3F2; Fri, 5 May 2023 05:17:29 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id E759E18003BA; Fri, 5 May 2023 07:17:27 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Jordan Justen , Stefan Berger , Gerd Hoffmann , Tom Lendacky , Jiewen Yao , Anthony Perard , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Ard Biesheuvel , Erdem Aktas , Oliver Steffen , Min Xu , James Bottomley , Julien Grall , Michael Roth , Pawel Polawski , Jiewen Yao , Ard Biesheuvel Subject: [edk2-devel] [PATCH v2 1/4] OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware Date: Fri, 5 May 2023 07:17:24 +0200 Message-Id: <20230505051727.56748-2-kraxel@redhat.com> In-Reply-To: <20230505051727.56748-1-kraxel@redhat.com> References: <20230505051727.56748-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: upJ6DHdtgXta6jV4a8oKJdFZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683263856; bh=9vhO/Ii1KLPQEVcgfkcMODVA/dh7Mz6KVqsBcizbyf0=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=Dr/TqAO+OEZZuVH3I7cmn0eK22kgfc9TPwVnFiqdFP2v733diaKJgV2oPEz0lBCQ3b/ irquGP3eSlgv/N1zCmTJPdJdZ3g/gaawpKrJPp/NWxOyMkjDFZ9r5rN5bVKm6ZIX0mS4n hDGaWKQDAFR5eU8d79zmBHWGJREYakcoB10= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683263857977100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Add new PCD PcdBootRestrictToFirmware. When set to TRUE restrict boot options to EFI applications embedded into the firmware image. Behavior should be identical to the PlatformBootManagerLibGrub library variant. Signed-off-by: Gerd Hoffmann Acked-by: Jiewen Yao Acked-by: Ard Biesheuvel --- OvmfPkg/OvmfPkg.dec | 3 + .../PlatformBootManagerLib.inf | 2 + .../PlatformBootManagerLib/BdsPlatform.c | 70 +++++++++++++++++-- 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 03ae29e7b034..cc5a4ceead25 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -422,6 +422,9 @@ [PcdsFixedAtBuild] # check to decide whether to abort dispatch of the driver it is linked = into. gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|""|VOID*|0x= 68 =20 + ## Restrict boot to EFI applications in firmware volumes. + gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.= inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e35..6b396eac7daf 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -61,6 +61,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES @@ -84,3 +85,4 @@ [Guids] gEfiGlobalVariableGuid gRootBridgesConnectedEventGroupGuid gUefiShellFileGuid + gGrubFileGuid diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg= /Library/PlatformBootManagerLib/BdsPlatform.c index 3b7dc53e9f86..8dc2bbf97371 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -290,6 +290,46 @@ RemoveStaleFvFileOptions ( EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } =20 +VOID +RestrictBootOptionsToFirmware ( + VOID + ) +{ + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + UINTN Index; + + BootOptions =3D EfiBootManagerGetLoadOptions ( + &BootOptionCount, + LoadOptionTypeBoot + ); + + for (Index =3D 0; Index < BootOptionCount; ++Index) { + EFI_DEVICE_PATH_PROTOCOL *Node1; + + // + // If the device path starts with Fv(...), + // then keep the boot option. + // + Node1 =3D BootOptions[Index].FilePath; + if (((DevicePathType (Node1) =3D=3D MEDIA_DEVICE_PATH) && + (DevicePathSubType (Node1) =3D=3D MEDIA_PIWG_FW_VOL_DP))) + { + continue; + } + + // + // Delete the boot option. + // + EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, + LoadOptionTypeBoot + ); + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + VOID PlatformRegisterOptionsAndKeys ( VOID @@ -485,7 +525,9 @@ PlatformBootManagerBeforeConsole ( Status )); =20 - PlatformRegisterOptionsAndKeys (); + if (!FeaturePcdGet (PcdBootRestrictToFirmware)) { + PlatformRegisterOptionsAndKeys (); + } =20 // // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL @@ -1754,9 +1796,12 @@ PlatformBootManagerAfterConsole ( // // Perform some platform specific connect sequence // - PlatformBdsConnectSequence (); - - EfiBootManagerRefreshAllBootOption (); + if (FeaturePcdGet (PcdBootRestrictToFirmware)) { + RestrictBootOptionsToFirmware (); + } else { + PlatformBdsConnectSequence (); + EfiBootManagerRefreshAllBootOption (); + } =20 // // Register UEFI Shell @@ -1767,6 +1812,15 @@ PlatformBootManagerAfterConsole ( LOAD_OPTION_ACTIVE ); =20 + // + // Register Grub + // + PlatformRegisterFvBootOption ( + &gGrubFileGuid, + L"Grub Bootloader", + LOAD_OPTION_ACTIVE + ); + RemoveStaleFvFileOptions (); SetBootOrderFromQemu (); =20 @@ -1935,6 +1989,14 @@ PlatformBootManagerUnableToBoot ( EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu; UINTN Index; =20 + if (FeaturePcdGet (PcdBootRestrictToFirmware)) { + AsciiPrint ( + "%a: No bootable option was found.\n", + gEfiCallerBaseName + ); + CpuDeadLoop (); + } + // // BootManagerMenu doesn't contain the correct information when return s= tatus // is EFI_NOT_FOUND. --=20 2.40.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104092): https://edk2.groups.io/g/devel/message/104092 Mute This Topic: https://groups.io/mt/98699779/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-