From nobody Tue May 21 07:33:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1711638564; cv=none; d=zohomail.com; s=zohoarc; b=NBGhWpTfbomGlAtniU4QcfMIJ0R0tZH6f2WEAgcAeeZR605LHlwqwEbMZM2M8KAvBW8dmovIst93F5uA6kzF2Q+WHwv73rAQTznrnGw7ZdvUnFWsQoSvy4D2PZ8W0OIf7gHhnPfj+FkFxN5QUfJ7pLtmKslw7XokumMxGxw0x/E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1711638564; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=DqdKROOU2Tlw2FDdDoeLuuSjku12CQCqlFzulfX+afo=; b=AONNpYHG1Ofrwsk3kxNJj226G7cadSUW7op9qy4P5dU0Y38vZ6N5lKb1qPGOhWFGOB203urv7jgcblHwDHNIEOzaKqTeD9Jh9u6Uemx/fI9H7VWqNuU/Oh4uTaSprW5RgrNpYPMq74BonHii5flSqWMR2SYb7qNai/qhLQ2PgXo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1711638564391235.18936795429158; Thu, 28 Mar 2024 08:09:24 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.698948.1091227 (Exim 4.92) (envelope-from ) id 1rprNP-0007mZ-Pp; Thu, 28 Mar 2024 15:09:11 +0000 Received: by outflank-mailman (output) from mailman id 698948.1091227; Thu, 28 Mar 2024 15:09:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprNP-0007mS-MT; Thu, 28 Mar 2024 15:09:11 +0000 Received: by outflank-mailman (input) for mailman id 698948; Thu, 28 Mar 2024 15:09:09 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprNN-0007WX-NS for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 15:09:09 +0000 Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [2607:f8b0:4864:20::f35]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 1f6a6a98-ed15-11ee-a1ef-f123f15fe8a2; Thu, 28 Mar 2024 16:09:07 +0100 (CET) Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-6969388c36fso5311286d6.1 for ; Thu, 28 Mar 2024 08:09:07 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id 4-20020a0562140d0400b00690bfb6aac7sm722826qvh.51.2024.03.28.08.09.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 08:09:05 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1f6a6a98-ed15-11ee-a1ef-f123f15fe8a2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1711638546; x=1712243346; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DqdKROOU2Tlw2FDdDoeLuuSjku12CQCqlFzulfX+afo=; b=ZrVpU/BQshHpnUpgBn7Kv/mpBmSiTdinC1aVzL5BIUrvM3hWgtFudij8JmXK+Tj+9O g3/ZB9837th6Mf5BSh8BSSUFqT6bcqUd5/KPOSbMPkDf1T1/CyQjYo2H3Wve9P1qkrqt xxaEKEg80/+uKezrabJuQaUY3/opOBKRKxDhU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711638546; x=1712243346; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DqdKROOU2Tlw2FDdDoeLuuSjku12CQCqlFzulfX+afo=; b=ma6+GuUqvQUyF0+ABwllHSRwT4Diteu2PvmkrUYvM+FzF/Q8WrGiDncByfAZihib96 W7RJJdXpfGuTS9mhkcFSk3XeQAPlda9uD4pZ5aGfT8HSjRtcJYehCKX8PIj8MILPKcVX IYfg5wgzRY0dL3Gt7ElPLIRJEH8vBd4EbKT3spM2kLVBIawE2uOXVFOCQaBT2mXajRy+ rw6SqOU0hsGu7T9oC4nsT2T2c1epPvcrIm+CkxWDu66wHJ6pAam3JS67mKRTp/HI0B4H QcoaukPbtk6ZlC8ChBYouB1J8/0LG5g5hqKueogzdD+HhCbTxyeLsK53rSQp19A8qZE4 OeoQ== X-Gm-Message-State: AOJu0Yx9rAxIi7WQfUIfmsbb6lEq9CXwtaEyOk6bEX83F03MNCTY/Cbo 04TYPxmmKK4Nbiq0Ybzi9PWGl8fZtJtFDcGf6kr6rBNHJB+3Oz6saLvgwouYe8ntPgFGDrtjrja pSQ== X-Google-Smtp-Source: AGHT+IFpeHGSFFVyn1zivBjiDehFXmszTc/WGV7pU0cGNLf/3VWGT+299hCsGHmLBOQrPDisuwMuWg== X-Received: by 2002:a0c:e0c4:0:b0:696:8525:5c3b with SMTP id x4-20020a0ce0c4000000b0069685255c3bmr3094885qvk.40.1711638546301; Thu, 28 Mar 2024 08:09:06 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , George Dunlap , Julien Grall , Stefano Stabellini Subject: [PATCH v2 1/2] x86: Add support for building a multiboot2 PE binary Date: Thu, 28 Mar 2024 15:11:05 +0000 Message-ID: <20240328151106.1451104-2-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240328151106.1451104-1-ross.lagerwall@citrix.com> References: <20240328151106.1451104-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1711638564697100002 Content-Type: text/plain; charset="utf-8" In addition to building xen.efi and xen.gz, build xen-mbi.exe. The latter is a PE binary that can be used with a multiboot2 loader that supports loading PE binaries. Using this option allows the binary to be signed and verified by Shim. This means the same xen-mbi.exe binary can then be used for BIOS boot, UEFI Boot and UEFI boot with Secure Boot verification (all with the convenience of GRUB2 as a bootloader). The new binary is created by modifying xen.efi: * Relocations are stripped since they are not needed. * The image base address is set to 0 since it must necessarily be below 4 GiB and the loader will relocate it anyway. * The PE entry point is set to the multiboot2 entry point rather than the normal EFI entry point. This is only relevant for BIOS boot since for EFI boot the entry point is specified via a multiboot2 tag. Signed-off-by: Ross Lagerwall --- .gitignore | 2 + xen/Makefile | 1 + xen/arch/x86/Makefile | 16 ++++++- xen/arch/x86/efi/modify-mbi-exe.c | 77 +++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 xen/arch/x86/efi/modify-mbi-exe.c diff --git a/.gitignore b/.gitignore index d8b57e32f888..e61acd574b44 100644 --- a/.gitignore +++ b/.gitignore @@ -256,6 +256,7 @@ xen/arch/x86/boot/*.lnk xen/arch/x86/efi.lds xen/arch/x86/efi/check.efi xen/arch/x86/efi/mkreloc +xen/arch/x86/efi/modify-mbi-exe xen/arch/x86/include/asm/asm-macros.h xen/arch/*/xen.lds xen/arch/*/efi/boot.c @@ -304,6 +305,7 @@ xen/suppression-list.txt xen/xen-syms xen/xen-syms.map xen/xen.* +xen/xen-mbi.* LibVNCServer* =20 tools/qemu-xen-dir-remote diff --git a/xen/Makefile b/xen/Makefile index 21832d640225..1955e1d687df 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -581,6 +581,7 @@ _clean: -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET)-syms $(TARGET)-syms.map rm -f $(TARGET).efi $(TARGET).efi.map $(TARGET).efi.elf $(TARGET).efi.str= ipped + rm -f $(TARGET)-mbi.exe rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h rm -rf $(objtree)/arch/*/include/generated diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 26d87405297b..5b6b8911f1f8 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -86,6 +86,7 @@ extra-y +=3D xen.lds =20 hostprogs-y +=3D boot/mkelf32 hostprogs-y +=3D efi/mkreloc +hostprogs-y +=3D efi/modify-mbi-exe =20 # Allows usercopy.c to include itself $(obj)/usercopy.o: CFLAGS-y +=3D -iquote . @@ -96,7 +97,7 @@ endif =20 efi-y :=3D $(shell if [ ! -r $(objtree)/include/xen/compile.h -o \ -O $(objtree)/include/xen/compile.h ]; then \ - echo '$(TARGET).efi'; fi) \ + echo '$(TARGET).efi $(TARGET)-mbi.exe'; fi) \ $(space) efi-$(CONFIG_PV_SHIM_EXCLUSIVE) :=3D =20 @@ -123,6 +124,19 @@ syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) :=3D --= error-dup =20 orphan-handling-$(call ld-option,--orphan-handling=3Dwarn) +=3D --orphan-h= andling=3Dwarn =20 +ifeq ($(XEN_BUILD_PE),y) +$(TARGET)-mbi.exe: $(TARGET).efi $(obj)/efi/modify-mbi-exe + $(OBJCOPY) --remove-section=3D.reloc $< $@.tmp + $(obj)/efi/modify-mbi-exe $@.tmp + $(OBJCOPY) --set-start=3D0x$$($(NM) -pa $@.tmp | awk '/T start$$/{print $= $1}') $@.tmp $@.tmp2 + mv $@.tmp2 $@ + rm -f $@.tmp +else +$(TARGET)-mb.exe: FORCE + rm -f $@ + echo 'PE build not supported' +endif + $(TARGET): TMP =3D $(dot-target).elf32 $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET= ) \ diff --git a/xen/arch/x86/efi/modify-mbi-exe.c b/xen/arch/x86/efi/modify-mb= i-exe.c new file mode 100644 index 000000000000..57af382cab4d --- /dev/null +++ b/xen/arch/x86/efi/modify-mbi-exe.c @@ -0,0 +1,77 @@ +#include +#include +#include +#include + +struct mz_hdr { + uint16_t signature; +#define MZ_SIGNATURE 0x5a4d + uint16_t last_page_size; + uint16_t page_count; + uint16_t relocation_count; + uint16_t header_paras; + uint16_t min_paras; + uint16_t max_paras; + uint16_t entry_ss; + uint16_t entry_sp; + uint16_t checksum; + uint16_t entry_ip; + uint16_t entry_cs; + uint16_t relocations; + uint16_t overlay; + uint8_t reserved[32]; + uint32_t extended_header_base; +}; + +struct coff_hdr { + uint32_t signature; + uint16_t cpu; + uint16_t section_count; + int32_t timestamp; + uint32_t symbols_file_offset; + uint32_t symbol_count; + uint16_t opt_hdr_size; + uint16_t flags; +}; + +#define IMAGE_BASE_OFFSET 48 +#define NEW_IMAGE_BASE 0x0 + +int main(int argc, char **argv) +{ + int fd; + struct mz_hdr mz_hdr; + const uint64_t base_addr =3D NEW_IMAGE_BASE; + + if ( argc !=3D 2 ) + { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + fd =3D open(argv[1], O_RDWR); + if ( fd < 0 || + read(fd, &mz_hdr, sizeof(mz_hdr)) !=3D sizeof(mz_hdr) ) + { + perror(argv[1]); + return 2; + } + + if ( mz_hdr.signature !=3D MZ_SIGNATURE || + !mz_hdr.extended_header_base ) + { + fprintf(stderr, "%s: Wrong DOS file format\n", argv[1]); + return 2; + } + + if ( lseek(fd, mz_hdr.extended_header_base + IMAGE_BASE_OFFSET, SEEK_S= ET) < 0 || + write(fd, &base_addr, sizeof(base_addr)) !=3D sizeof(base_addr) ) + { + perror(argv[1]); + return 3; + } + + close(fd); + + return 0; +} --=20 2.43.0 From nobody Tue May 21 07:33:42 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1711638570; cv=none; d=zohomail.com; s=zohoarc; b=B98/dvVBudauM91CIbS3xVNCSA8ThL6qOHaPfv4SmirXhCxCBFVE6eogsItE+18MzMYeRgv5eFgbFgp9XsTmxMrRZ2TCxr838tTZhDXcDUn/f2tU2Xq6E6N6Lc4GEO/vhBvHI4gmY44+xQwYgzXOZfvPPzb8tUYwnpgFbdt9HQ8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1711638570; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ebxGpBAV+p8Oi5D0bNnjpfaR9Xudz8+PMZfjdeRGehs=; b=BtjmFM4uzaJKYyVh0JEexcjW8+q3Y+I7RAscvS3k3VIpjHuosHuT53TSJeRBkjhYxyfrEJFpXD8u2c+q0u9LPKGVSDQZnYZNECqkHuvIjMNig7dXArHtMlbt9deMUKvrvwNflGHaJM3mEbhF7MzDx2O3U9MptUflnaOoIgiWe4g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1711638569804761.0743852944304; Thu, 28 Mar 2024 08:09:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.698949.1091237 (Exim 4.92) (envelope-from ) id 1rprNS-00082Z-1E; Thu, 28 Mar 2024 15:09:14 +0000 Received: by outflank-mailman (output) from mailman id 698949.1091237; Thu, 28 Mar 2024 15:09:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprNR-00082Q-Ud; Thu, 28 Mar 2024 15:09:13 +0000 Received: by outflank-mailman (input) for mailman id 698949; Thu, 28 Mar 2024 15:09:12 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rprNQ-0007WX-Tg for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 15:09:12 +0000 Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [2607:f8b0:4864:20::f2c]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 21682a13-ed15-11ee-a1ef-f123f15fe8a2; Thu, 28 Mar 2024 16:09:11 +0100 (CET) Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-69682bdf1d5so6040366d6.2 for ; Thu, 28 Mar 2024 08:09:11 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id 4-20020a0562140d0400b00690bfb6aac7sm722826qvh.51.2024.03.28.08.09.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 08:09:08 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 21682a13-ed15-11ee-a1ef-f123f15fe8a2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1711638549; x=1712243349; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ebxGpBAV+p8Oi5D0bNnjpfaR9Xudz8+PMZfjdeRGehs=; b=myWkc8sjKfN09qClXOYi0sqxXBvAUamVYYy04j1b/fXUUI7Xn/FOj40aZ5msGM9FuV 6WpeeHf211a3qIj82gTgpTLH6dQMb7m9ReRB0p04Qt1c2efPRynGjbVkfIuhelvQDR9D 1IczmUuYRDAEvcSyXP6S2xEVY4pEGrJ9ilz2s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711638549; x=1712243349; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ebxGpBAV+p8Oi5D0bNnjpfaR9Xudz8+PMZfjdeRGehs=; b=C0Gb1PK+bNpGglGgcBAwaYp1HrZNLCf5G8vmVpFfku1AA3xwHVbimqZdb+hIDYr8jk CBFzuwT8pI/alqwAmdhjwdT1knGRWp1RbC40Ouz4ItNwfRyQAj1dUL4U1lR4XxkxYt/w BhJ3SwOd/xpWSC6Q8eo/XAInAW0xYbTVyGCfS5VjLfHenzOjVaWbZtHtES2NSgeoSyXi aExnR9pXOeua9yKdO2qI8+onl53qqZCk4kpkvBiX/yxsqS/s/COng7jMlxnEr5UZsOXh WLaOrDprRyZP1QNfaLmCDSm8d9u3D49nIXRxRS8zCugBDQIP/eJvC8OXNh4CTp6hcRf9 5jfQ== X-Gm-Message-State: AOJu0YyMMuBd7qMOH3082Ml626NaLNGvt2ptvlX0jIUJtGlkEP8ON62X AkzFPUT9hh+0++Y1vUe7FaZgQ/OEfwi374q79K3vyQrFN7fw/sqk1EdBzm/27wXHWy8LShsecYu vjQ== X-Google-Smtp-Source: AGHT+IFsKsWKm6RgDqOLDAdGtIAVfjpTZVutmQZOD+xZmcxgA51W/+HOXphe1ATF9EC5abAC08kong== X-Received: by 2002:a05:6214:9c2:b0:696:b089:9d6c with SMTP id dp2-20020a05621409c200b00696b0899d6cmr2780590qvb.52.1711638549450; Thu, 28 Mar 2024 08:09:09 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 2/2] x86: Call Shim Verify in the multiboot2 path Date: Thu, 28 Mar 2024 15:11:06 +0000 Message-ID: <20240328151106.1451104-3-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240328151106.1451104-1-ross.lagerwall@citrix.com> References: <20240328151106.1451104-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1711638570709100001 Content-Type: text/plain; charset="utf-8" Now that the multiboot2 binary can be verified by Shim, ensure that the dom0 kernel is verified when using the multiboot2 path. If the Shim protocol is not available and the SecureBoot variable is not set to 0 (or the state cannot be determined), abort the boot. Signed-off-by: Ross Lagerwall --- xen/arch/x86/boot/head.S | 4 ++- xen/arch/x86/efi/efi-boot.h | 65 ++++++++++++++++++++++++++++++++++++- 2 files changed, 67 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index d8ac0f0494db..e03ae19bdafb 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -349,10 +349,12 @@ __efi64_mb2_start: /* Keep the stack aligned. Do not pop a single item off it. */ mov (%rsp),%rdi =20 + mov %rbx, %rcx + /* * efi_multiboot2() is called according to System V AMD64 ABI: * - IN: %rdi - EFI ImageHandle, %rsi - EFI SystemTable, - * %rdx - MB2 cmdline + * %rdx - MB2 cmdline, %rcx - Multiboot information. */ call efi_multiboot2 =20 diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 8ea64e31cdc2..a9569e150e08 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -3,6 +3,7 @@ * is intended to be included by common/efi/boot.c _only_, and * therefore can define arch specific global variables. */ +#include #include #include #include @@ -808,9 +809,69 @@ static const char *__init get_option(const char *cmd, = const char *opt) return o; } =20 +#define ALIGN_UP(arg, align) \ + (((arg) + (align) - 1) & ~((typeof(arg))(align) - 1)) + +static void __init efi_verify_dom0(uint64_t mbi_in) +{ + uint64_t ptr; + const multiboot2_tag_t *tag; + EFI_SHIM_LOCK_PROTOCOL *shim_lock; + EFI_STATUS status; + const multiboot2_tag_module_t *kernel =3D NULL; + const multiboot2_fixed_t *mbi_fix =3D _p(mbi_in); + static EFI_GUID __initdata shim_lock_guid =3D SHIM_LOCK_PROTOCOL_GUID; + static EFI_GUID __initdata global_variable_guid =3D EFI_GLOBAL_VARIABL= E; + + ptr =3D ALIGN_UP(mbi_in + sizeof(*mbi_fix), MULTIBOOT2_TAG_ALIGN); + + for ( tag =3D _p(ptr); (uint64_t)tag - mbi_in < mbi_fix->total_size; + tag =3D _p(ALIGN_UP((uint64_t)tag + tag->size, MULTIBOOT2_TAG_AL= IGN)) ) + { + if ( tag->type =3D=3D MULTIBOOT2_TAG_TYPE_MODULE ) + { + kernel =3D (const multiboot2_tag_module_t *)tag; + break; + } + else if ( tag->type =3D=3D MULTIBOOT2_TAG_TYPE_END ) + break; + } + + if ( !kernel ) + return; + + if ( (status =3D efi_bs->LocateProtocol(&shim_lock_guid, NULL, + (void **)&shim_lock)) !=3D EFI_S= UCCESS ) + { + UINT32 attr; + UINT8 data; + UINTN size =3D sizeof(data); + + status =3D efi_rs->GetVariable((CHAR16 *)L"SecureBoot", &global_va= riable_guid, + &attr, &size, &data); + if ( status =3D=3D EFI_NOT_FOUND ) + return; + + if ( EFI_ERROR(status) ) + PrintErrMesg(L"Could not get SecureBoot variable", status); + + if ( attr !=3D (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUN= TIME_ACCESS) ) + PrintErrMesg(L"Unexpected SecureBoot attributes", attr); + + if ( size =3D=3D 1 && data =3D=3D 0 ) + return; + + blexit(L"Could not locate shim but Secure Boot is enabled"); + } + + if ( (status =3D shim_lock->Verify(_p(kernel->mod_start), + kernel->mod_end - kernel->mod_start))= !=3D EFI_SUCCESS ) + PrintErrMesg(L"Dom0 kernel image could not be verified", status); +} + void asmlinkage __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable, - const char *cmdline) + const char *cmdline, uint64_t mbi_in) { EFI_GRAPHICS_OUTPUT_PROTOCOL *gop; EFI_HANDLE gop_handle; @@ -902,6 +963,8 @@ void asmlinkage __init efi_multiboot2(EFI_HANDLE ImageH= andle, =20 efi_relocate_esrt(SystemTable); =20 + efi_verify_dom0(mbi_in); + efi_exit_boot(ImageHandle, SystemTable); } =20 --=20 2.43.0