We inquire the EFI var for this at two places, let's add a helper that
queries it and gracefully handles it if we can't get it, by returning a
zero mask, i.e. no features supported.
Let's make some stuff const. Most importanly call AllocatePages() with
a pointer to an EFI_PHYSICAL_ADDRESS instead of a pointer to a
pointer. On 64bit this makes no difference, but on i386 this is simply
not correct, since EFI_PHYSICAL_ADDRESS is 64bit there, even though
pointers are 32bit.
let's move showing of the splash screen to the earliest place we know
the splash bmp address. After all a splash screen is all about showing
as early as we can. This matters as doing TPM stuff or packing up a
large cpio might take time.
While we are at it, move the conditionalization of the splash screen
into the function instead of doing it ahead of calling it. This should
encapsulate things more nicely.
This adds support for the EFI stub to look for credential files and
sysext files next to the EFI kernel image being loaded, and pack them up
in an initrd cpio image, and pass them to the kernel.
Specifically, for a kernel image foo.efi it looks for
foo.efi.extra.d/*.cred and packs these files up in an initrd, placing it
inside a directory /.extra/credentials/. It then looks for
foo.efi.extra.d/*.raw and pack these files up in an initrd, placing them
inside a directory /.extra/sysexts/. It then concatenates any other
initrd with these two initrds, so they are combined.
Or in other words auxiliary files placed next to the kernel image are
picked up automatically by the EFI stub and be made available in the
initrd in the /.extra/ directory.
What's the usecase for this? This is supposed to be useful in context of
implementing fully trusted initrds, i.e. initrds that are not built
locally on the system and unsigned/unmeasured – as we do things
currently —, but instead are built by the vendor, and measured to TPM.
The idea is that a basic initrd is always linked into the kernel EFI
image anyway. This will already be sufficient for many cases. However,
in some cases it is necessary to parameterize initrds, or to extend the
basic initrds with additional subsystems (e.g. think complex storage, or
passing server info/certificates/… to initrds). The idea is that the
parameterization is done using the "credentials" logic we already have
in systemd, with these credential files (which can optionally be
encrypted+authenticated by TPM2) being placed in the ESP next to the
kernel image. And the initrd extension via the "sysext" logic we already
have in systemd too.
Note that the files read by this code are not verified immediately, they
are copied *as-is* and placed into /.extra/ in the initrd. In a trusted
environment they need to be validated later, but before first use. For
the credentials logic this should be done via the TPM2
encryption/authentication logic. For the sysext stuff the idea is that
this is done via signed images, as implemented by #20691.
"bootctl update" tries to add sd-boot to the EFI boot loader list if it
is not already there. To do so, it uses find_slot() which finds the
proper BootXXXX slot ID to use and also returns 1 if an existing sd-boot
entry was found at this ID or 0 if it is a new unused ID. In "update"
case install_variables() only writes the entry in case 0 (no existing
entry).
However, find_slot() erroneously returns 1 if it finds a gap in the Boot
IDs (i.e. when not resorting to max(ids) + 1). This causes
"bootctl update" to not add a missing systemd-boot boot entry if the
existing BootXXXX entry IDs are not consecutive.
Fix that by returning 0 in find_slot() when an empty gap ID is selected
to make it match the behavior when selecting an empty non-gap ID.
In a follow-up patch we are going to modify the initrd, hence prepare
the pointers/"physical addresses" to it, first, so that we can do so
easily.
Also, do some other tweaks and cleanups to physical address/pointer
conversion.
Just like userspace realloc() the EFIlib ReallocatePool() function is
happy to use a NULL pointer as input, in which case it is equivalent to
AllocatePool(). See:
269ef9dbc7/lib/misc.c (L57)
The Bootloader Specification says "devicetree refers to the binary
device tree to use when executing the kernel..", but systemd-boot
didn't actually do anything when encountering this stanza until now.
Add support for loading, applying fixups if relevant, and installing the
new device tree before executing the kernel.
When pulling in the SHA256 implementation from glibc, only some of the
coding style was adjusted to ours, other was not. Let's make things a
bit more consistent.
The GUIDs we usually deal with should be considered constant. Hence make
them so. Unfortunately the prototypes for various functions doesn't mark
them as const (but still decorates them with "IN", clarifying they are
input-only), hence we need to cast things at various places. We already
cast in similar fashion in many other cases, hence unify things here in
one style.
Making the EFI_GUID constant (and in particular so when specified in C99
compound literal style) allows compilers to merge multiple instances of
them.
Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to
it. linux_efi_handover(), which is called by linux_exec(), also expects an
EFI_HANDLE.
Firmware likes to draw the EFI provided cursor in a weird way that
makes it invisible sometimes. This is even more likely to happen
if unusual colors are picked. It also fails to draw attention to the
user by being very small and not blinking.
Additionally, to make it more clear that we are in edit mode, we
now default to inverting the general default color and use that for
our line edit.
Fixes: #19301
Making keys case insensitive should help if caps lock is on.
We are not advertising them at runtime or in the manual to
reduce the noise.
This also hides the quit and version commands from the help
string. They are mostly for devs and otherwise have little
to no use to normal users. The latter overlaps with print
status which is still advertised.
