* [GIT PULL] EFI updates for v6.1
@ 2022-10-03 11:59 Ard Biesheuvel
2022-10-09 21:17 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Ard Biesheuvel @ 2022-10-03 11:59 UTC (permalink / raw)
To: torvalds; +Cc: linux-efi, Ard Biesheuvel, Huacai Chen, Ilias Apalodimas
Hello Linus,
A bit more going on than usual in the EFI subsystem. The main driver for this
has been the introduction of the LoonArch architecture last cycle, which
inspired some cleanup and refactoring of the EFI code. Another driver for EFI
changes this cycle and in the future is confidential compute.
The LoongArch architecture does not use either struct bootparams or DT natively
[yet], and so passing information between the EFI stub and the core kernel
using either of those is undesirable. And in general, overloading DT has been a
source of issues on arm64, so using DT for this on new architectures is a to
avoid for the time being (even if we might converge on something DT based for
non-x86 architectures in the future). For this reason, in addition to the patch
that enables EFI boot for LoongArch, there are a number of refactoring patches
applied on top of which separate the DT bits from the generic EFI stub bits.
These changes are on a separate topich branch that has been shared with the
LoongArch maintainers, who will include it in their pull request as well. This
is not ideal, but the best way to manage the conflicts without stalling
LoongArch for another cycle.
Another development inspired by LoongArch is the newly added support for EFI
based decompressors. Instead of adding yet another arch-specific incarnation of
this pattern for LoongArch, we are introducing a EFI app based on the existing
EFI libstub infrastructure that encapulates the decompression code we use on
other architectures, but in a way that is fully generic. This has been
developed and tested in collaboration with distro and systemd folks, who are
eager to start using this for systemd-boot and also for arm64 secure boot on
Fedora. Note that the EFI zimage files this introduces can also be decompressed
by non-EFI bootloaders if needed, as the image header describes the location of
the payload inside the image, and the type of compression that was used. (Note
that Fedora's arm64 GRUB is buggy [0] so you'll need a recent version or switch
to systemd-boot in order to use this.)
Finally, we are adding TPM measurement of the kernel command line provided by
EFI. There is an oversight in the TCG spec which results in a blind spot for
command line arguments passed to loaded images, which means that either the
loader or the stub needs to take the measurement. Given the combinatorial
explosion I am anticipating when it comes to firmware/bootloader stacks and
firmware based attestation protocols (SEV-SNP, TDX, DICE, DRTM), it is good to
set a baseline now when it comes to EFI measured boot, which is that the kernel
measures the initrd and command line. Intermediate loaders can measure
additional assets if needed, but with the baseline in place, we can deploy
measured boot in a meaningful way even if you boot into Linux straight from the
EFI firmware.
Please pull the changes below.
--
Ard.
The following changes since commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868:
Linux 6.0-rc1 (2022-08-14 15:50:18 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-next-for-v6.1
for you to fetch changes up to d3549a938b73f203ef522562ae9f2d38aa43d234:
efi/arm64: libstub: avoid SetVirtualAddressMap() when possible (2022-09-27 13:26:16 +0200)
Cc: Huacai Chen <chenhuacai@loongson.cn>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
[0] https://github.com/rhboot/grub2/commit/7710c05ea38995f558a84a27ae0cb89968383420
----------------------------------------------------------------
EFI updates for v6.1
- implement EFI boot support for LoongArch
- implement generic EFI compressed boot support for arm64, RISC-V and
LoongArch, none of which implement a decompressor today
- measure the kernel command line into the TPM if measured boot is in
effect
- refactor the EFI stub code in order to isolate DT dependencies for
architectures other than x86
- avoid calling SetVirtualAddressMap() on arm64 if the configured size
of the VA space guarantees that doing so is unnecessary
- move some ARM specific code out of the generic EFI source files
- unmap kernel code from the x86 mixed mode 1:1 page tables
----------------------------------------------------------------
Ard Biesheuvel (23):
efi/x86-mixed: move unmitigated RET into .rodata
Merge tag 'efi-loongarch-for-v6.1' into efi/next
efi/libstub: add some missing EFI prototypes
efi/libstub: use EFI provided memcpy/memset routines
efi/libstub: move efi_system_table global var into separate object
efi/libstub: implement generic EFI zboot
riscv: efi: enable generic EFI compressed boot
loongarch: efi: enable generic EFI compressed boot
arm64: efi: enable generic EFI compressed boot
efi: libstub: fix type confusion for load_options_size
efi: libstub: drop pointless get_memory_map() call
efi: libstub: avoid efi_get_memory_map() for allocating the virt map
efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap
efi: libstub: remove pointless goto kludge
efi: libstub: unify initrd loading between architectures
efi: libstub: remove DT dependency from generic stub
efi: libstub: install boot-time memory map as config table
efi/loongarch: libstub: remove dependency on flattened DT
Merge tag 'efi-loongarch-for-v6.1-2' into HEAD
efi/arm: libstub: move ARM specific code out of generic routines
efi: libstub: fix up the last remaining open coded boot service call
efi: zboot: create MemoryMapped() device path for the parent if needed
efi/arm64: libstub: avoid SetVirtualAddressMap() when possible
Huacai Chen (1):
efi/loongarch: Add efistub booting support
Ilias Apalodimas (2):
efi/libstub: refactor the initrd measuring functions
efi/libstub: measure EFI LoadOptions
Documentation/arm/uefi.rst | 4 -
arch/arm/include/asm/efi.h | 3 +-
arch/arm/kernel/efi.c | 79 +++++++
arch/arm/kernel/setup.c | 2 +-
arch/arm64/Makefile | 9 +-
arch/arm64/boot/.gitignore | 1 +
arch/arm64/boot/Makefile | 6 +
arch/arm64/kernel/image-vars.h | 13 --
arch/loongarch/Kconfig | 12 +-
arch/loongarch/Makefile | 18 +-
arch/loongarch/boot/.gitignore | 1 +
arch/loongarch/boot/Makefile | 14 +-
arch/loongarch/include/asm/bootinfo.h | 2 +-
arch/loongarch/include/asm/efi.h | 11 +-
arch/loongarch/kernel/efi-header.S | 99 ++++++++
arch/loongarch/kernel/efi.c | 33 ++-
arch/loongarch/kernel/env.c | 13 +-
arch/loongarch/kernel/head.S | 22 ++
arch/loongarch/kernel/image-vars.h | 27 +++
arch/loongarch/kernel/setup.c | 15 +-
arch/loongarch/kernel/vmlinux.lds.S | 1 +
arch/riscv/Makefile | 6 +-
arch/riscv/boot/.gitignore | 1 +
arch/riscv/boot/Makefile | 6 +
arch/riscv/kernel/image-vars.h | 9 -
arch/x86/platform/efi/efi_64.c | 18 +-
arch/x86/platform/efi/efi_thunk_64.S | 13 +-
drivers/firmware/efi/Kconfig | 45 +++-
drivers/firmware/efi/efi-init.c | 61 +----
drivers/firmware/efi/efi.c | 15 ++
drivers/firmware/efi/libstub/Makefile | 32 ++-
drivers/firmware/efi/libstub/Makefile.zboot | 70 ++++++
drivers/firmware/efi/libstub/arm64-stub.c | 27 ++-
drivers/firmware/efi/libstub/efi-stub-helper.c | 290 ++++++++++++++----------
drivers/firmware/efi/libstub/efi-stub.c | 118 ++++------
drivers/firmware/efi/libstub/efistub.h | 69 +++---
drivers/firmware/efi/libstub/fdt.c | 175 +++++++-------
drivers/firmware/efi/libstub/file.c | 23 +-
drivers/firmware/efi/libstub/intrinsics.c | 30 +++
drivers/firmware/efi/libstub/loongarch-stub.c | 102 +++++++++
drivers/firmware/efi/libstub/mem.c | 93 ++++----
drivers/firmware/efi/libstub/randomalloc.c | 25 +-
drivers/firmware/efi/libstub/relocate.c | 21 +-
drivers/firmware/efi/libstub/systable.c | 8 +
drivers/firmware/efi/libstub/x86-stub.c | 33 +--
drivers/firmware/efi/libstub/zboot-header.S | 143 ++++++++++++
drivers/firmware/efi/libstub/zboot.c | 302 +++++++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 44 ++++
include/linux/efi.h | 35 +++
include/linux/pe.h | 2 +
50 files changed, 1638 insertions(+), 563 deletions(-)
create mode 100644 arch/loongarch/kernel/efi-header.S
create mode 100644 arch/loongarch/kernel/image-vars.h
create mode 100644 drivers/firmware/efi/libstub/Makefile.zboot
create mode 100644 drivers/firmware/efi/libstub/intrinsics.c
create mode 100644 drivers/firmware/efi/libstub/loongarch-stub.c
create mode 100644 drivers/firmware/efi/libstub/systable.c
create mode 100644 drivers/firmware/efi/libstub/zboot-header.S
create mode 100644 drivers/firmware/efi/libstub/zboot.c
create mode 100644 drivers/firmware/efi/libstub/zboot.lds
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] EFI updates for v6.1
2022-10-03 11:59 [GIT PULL] EFI updates for v6.1 Ard Biesheuvel
@ 2022-10-09 21:17 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2022-10-09 21:17 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: torvalds, linux-efi, Ard Biesheuvel, Huacai Chen, Ilias Apalodimas
The pull request you sent on Mon, 3 Oct 2022 13:59:10 +0200:
> git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-next-for-v6.1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/0e470763d84dcad27284067647dfb4b1a94dfce0
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-09 21:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-03 11:59 [GIT PULL] EFI updates for v6.1 Ard Biesheuvel
2022-10-09 21:17 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).