Blame SOURCES/0276-efi-Set-image-base-address-before-jumping-to-the-PE-.patch

5caed3
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
5caed3
From: Javier Martinez Canillas <javierm@redhat.com>
5caed3
Date: Thu, 23 Apr 2020 15:06:46 +0200
5caed3
Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF
5caed3
 entry point
5caed3
5caed3
Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
5caed3
kernel. But our custom EFI loader that supports Secure Boot instead uses
5caed3
the EFI handover protocol (for x86) or jumping directly to the PE/COFF
5caed3
entry point (for aarch64).
5caed3
5caed3
This is done to allow the bootloader to verify the images using the shim
5caed3
lock protocol to avoid booting untrusted binaries.
5caed3
5caed3
Since the bootloader loads the kernel from the boot media instead of using
5caed3
LoadImage(), it is responsible to set the Loaded Image base address before
5caed3
booting the kernel.
5caed3
5caed3
Otherwise the kernel EFI stub will complain that it was not set correctly
5caed3
and print the following warning message:
5caed3
5caed3
EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
5caed3
5caed3
Resolves: rhbz#1819624
5caed3
5caed3
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
5caed3
---
5caed3
 grub-core/loader/efi/linux.c | 12 ++++++++++++
5caed3
 1 file changed, 12 insertions(+)
5caed3
5caed3
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
09e3cc
index b56ea0bc0..e09f82486 100644
5caed3
--- a/grub-core/loader/efi/linux.c
5caed3
+++ b/grub-core/loader/efi/linux.c
5caed3
@@ -72,6 +72,7 @@ grub_err_t
5caed3
 grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
5caed3
 		     void *kernel_params)
5caed3
 {
5caed3
+  grub_efi_loaded_image_t *loaded_image = NULL;
5caed3
   handover_func hf;
5caed3
   int offset = 0;
5caed3
 
5caed3
@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
5caed3
   offset = 512;
5caed3
 #endif
5caed3
 
5caed3
+  /*
5caed3
+   * Since the EFI loader is not calling the LoadImage() and StartImage()
5caed3
+   * services for loading the kernel and booting respectively, it has to
5caed3
+   * set the Loaded Image base address.
5caed3
+   */
5caed3
+  loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
5caed3
+  if (loaded_image)
5caed3
+    loaded_image->image_base = kernel_addr;
5caed3
+  else
5caed3
+    grub_dprintf ("linux", "Loaded Image base address could not be set\n");
5caed3
+
5caed3
   grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
5caed3
 		kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
5caed3
   hf = (handover_func)((char *)kernel_addr + handover_offset + offset);