All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC PATCH 0/3] efi/x86: add support for generic EFI mixed mode boot
@ 2020-02-13 14:59 ` Ard Biesheuvel
  0 siblings, 0 replies; 32+ messages in thread
From: Ard Biesheuvel @ 2020-02-13 14:59 UTC (permalink / raw)
  To: linux-efi
  Cc: linux-arm-kernel, Ard Biesheuvel, lersek, leif, pjones, mjg59,
	agraf, daniel.kiper, hdegoede, nivedita, mbrown, mingo

This series is another part of my effort to reduce the level of knowledge
on the part of the bootloader or firmware of internal per-architecture
details regarding where/how the kernel is loaded and where its initrd and
other context data are passed.

The x86 architecture has a so-called 'EFI handover protocol', which defines
how the bootparams struct should be populated, and how it should be
interpreted to figure out where to load the kernel, and at which offset in
the binary the entrypoint is located. This scheme allows the initrd to be
loaded beforehand, and allows 32-bit firmware to invoke a 64-bit kernel
via a special entrypoint that manages the state transitions between the
two execution modes.

Due to this, x86 loaders currently do not rely on LoadImage and StartImage,
and therefore, are forced to re-implement things like image authentication
for secure boot and taking the measurements for measured boot in their open
coded clones of these routines.

My previous series on this topic [0] implements a generic way to load the
initrd from any source supported by the loader without relying on something
like device trees or bootparams structures, and so native boot should not
need the EFI handover protocol anymore after those change are merged.

What remains is mixed mode boot, which also needs the EFI handover protocol
regardless of whether an initrd is loaded or not. So let's get rid of that
requirement, and take advantage of the fact that EDK2 based firmware does
support LoadImage() for X64 binaries on IA32 firmware, which means we can
rely on the secure boot and measured boot checks being performed by the
firmware. The only thing we need to put on top is a way to discover the
non-native entrypoint into the binary in a way that does not rely on x86
specific headers and data structures.

So let's introduce a new .compat header in the PE/COFF metadata of the
bzImage, and populate it with a <machine type, entrypoint> tuple, allowing
a generic EFI loader to decide whether the entrypoint supports its native
machine type, and invoke it as an ordinary EFI application entrypoint.
Since we will not be passing a bootparams structure, we need to discover
the base of the image (which contains the setup header) via the loaded
image protocol before we can enter the kernel in 32-bit mode at startup_32()

A loader implementation for OVMF can be found at [1]. Note that this loader
code is fully generic, and could be used without modifications if other
architectures ever emerge that support kernels that can be invoked from a
non-native (but cross-type supported) loader.

[0] https://lore.kernel.org/linux-arm-kernel/20200206140352.6300-1-ardb@kernel.org/
[1] https://github.com/ardbiesheuvel/edk2/commits/linux-efi-generic

Cc: lersek@redhat.com
Cc: leif@nuviainc.com
Cc: pjones@redhat.com
Cc: mjg59@google.com
Cc: agraf@csgraf.de
Cc: daniel.kiper@oracle.com
Cc: hdegoede@redhat.com
Cc: nivedita@alum.mit.edu
Cc: mbrown@fensystems.co.uk
Cc: mingo@kernel.org

Ard Biesheuvel (3):
  efi/x86: drop redundant .bss section
  efi/x86: add true mixed mode entry point into .compat section
  efi/x86: implement mixed mode boot without the handover protocol

 arch/x86/boot/Makefile             |  2 +-
 arch/x86/boot/compressed/head_64.S | 61 +++++++++++++++++-
 arch/x86/boot/header.S             | 23 ++++---
 arch/x86/boot/tools/build.c        | 67 +++++++++++++-------
 4 files changed, 115 insertions(+), 38 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, other threads:[~2020-02-14  0:38 UTC | newest]

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-13 14:59 [RFC PATCH 0/3] efi/x86: add support for generic EFI mixed mode boot Ard Biesheuvel
2020-02-13 14:59 ` Ard Biesheuvel
2020-02-13 14:59 ` [RFC PATCH 1/3] efi/x86: drop redundant .bss section Ard Biesheuvel
2020-02-13 14:59   ` Ard Biesheuvel
2020-02-13 14:59 ` [RFC PATCH 2/3] efi/x86: add true mixed mode entry point into .compat section Ard Biesheuvel
2020-02-13 14:59   ` Ard Biesheuvel
2020-02-13 16:59   ` Arvind Sankar
2020-02-13 16:59     ` Arvind Sankar
2020-02-13 17:13     ` Ard Biesheuvel
2020-02-13 17:13       ` Ard Biesheuvel
2020-02-13 14:59 ` [RFC PATCH 3/3] efi/x86: implement mixed mode boot without the handover protocol Ard Biesheuvel
2020-02-13 14:59   ` Ard Biesheuvel
2020-02-13 17:23   ` Arvind Sankar
2020-02-13 17:23     ` Arvind Sankar
2020-02-13 17:42     ` Ard Biesheuvel
2020-02-13 17:42       ` Ard Biesheuvel
2020-02-13 17:53 ` [RFC PATCH 0/3] efi/x86: add support for generic EFI mixed mode boot Arvind Sankar
2020-02-13 17:53   ` Arvind Sankar
2020-02-13 17:55   ` Ard Biesheuvel
2020-02-13 17:55     ` Ard Biesheuvel
2020-02-13 18:47     ` Arvind Sankar
2020-02-13 18:47       ` Arvind Sankar
2020-02-13 22:36       ` Ard Biesheuvel
2020-02-13 22:36         ` Ard Biesheuvel
2020-02-14  0:10         ` Arvind Sankar
2020-02-14  0:10           ` Arvind Sankar
2020-02-14  0:12           ` Arvind Sankar
2020-02-14  0:12             ` Arvind Sankar
2020-02-14  0:21             ` Ard Biesheuvel
2020-02-14  0:21               ` Ard Biesheuvel
2020-02-14  0:38               ` Arvind Sankar
2020-02-14  0:38                 ` Arvind Sankar

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.