|
 |
8e15ce |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
8e15ce |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e15ce |
Date: Thu, 23 Apr 2020 15:06:46 +0200
|
|
|
8e15ce |
Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF
|
|
|
8e15ce |
entry point
|
|
|
8e15ce |
|
|
|
8e15ce |
Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
|
|
|
8e15ce |
kernel. But our custom EFI loader that supports Secure Boot instead uses
|
|
|
8e15ce |
the EFI handover protocol (for x86) or jumping directly to the PE/COFF
|
|
|
8e15ce |
entry point (for aarch64).
|
|
|
8e15ce |
|
|
|
8e15ce |
This is done to allow the bootloader to verify the images using the shim
|
|
|
8e15ce |
lock protocol to avoid booting untrusted binaries.
|
|
|
8e15ce |
|
|
|
8e15ce |
Since the bootloader loads the kernel from the boot media instead of using
|
|
|
8e15ce |
LoadImage(), it is responsible to set the Loaded Image base address before
|
|
|
8e15ce |
booting the kernel.
|
|
|
8e15ce |
|
|
|
8e15ce |
Otherwise the kernel EFI stub will complain that it was not set correctly
|
|
|
8e15ce |
and print the following warning message:
|
|
|
8e15ce |
|
|
|
8e15ce |
EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
|
|
|
8e15ce |
|
|
|
8e15ce |
Resolves: rhbz#1814690
|
|
|
8e15ce |
|
|
|
8e15ce |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e15ce |
---
|
|
|
8e15ce |
grub-core/loader/efi/linux.c | 14 ++++++++++++++
|
|
|
8e15ce |
1 file changed, 14 insertions(+)
|
|
|
8e15ce |
|
|
|
8e15ce |
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
|
|
|
b35c50 |
index 0622dfa48d..e8b9ecb17f 100644
|
|
|
8e15ce |
--- a/grub-core/loader/efi/linux.c
|
|
|
8e15ce |
+++ b/grub-core/loader/efi/linux.c
|
|
|
8e15ce |
@@ -72,6 +72,7 @@ grub_err_t
|
|
|
8e15ce |
grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
|
|
|
8e15ce |
void *kernel_params)
|
|
|
8e15ce |
{
|
|
|
8e15ce |
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
|
|
8e15ce |
handover_func hf;
|
|
|
8e15ce |
int offset = 0;
|
|
|
8e15ce |
|
|
|
8e15ce |
@@ -79,6 +80,19 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
|
|
|
8e15ce |
offset = 512;
|
|
|
8e15ce |
#endif
|
|
|
8e15ce |
|
|
|
8e15ce |
+ /*
|
|
|
8e15ce |
+ * Since the EFI loader is not calling the LoadImage() and StartImage()
|
|
|
8e15ce |
+ * services for loading the kernel and booting respectively, it has to
|
|
|
8e15ce |
+ * set the Loaded Image base address.
|
|
|
8e15ce |
+ */
|
|
|
8e15ce |
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
|
|
8e15ce |
+ if (loaded_image)
|
|
|
8e15ce |
+ loaded_image->image_base = kernel_addr;
|
|
|
8e15ce |
+ else
|
|
|
8e15ce |
+ grub_dprintf ("linux", "Loaded Image base address could not be set\n");
|
|
|
8e15ce |
+
|
|
|
8e15ce |
+ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
|
|
|
8e15ce |
+ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
|
|
|
8e15ce |
hf = (handover_func)((char *)kernel_addr + handover_offset + offset);
|
|
|
8e15ce |
hf (grub_efi_image_handle, grub_efi_system_table, kernel_params);
|
|
|
8e15ce |
|