|
 |
964c53 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
964c53 |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
964c53 |
Date: Thu, 23 Apr 2020 15:06:46 +0200
|
|
|
964c53 |
Subject: [PATCH] efi: Set image base address before jumping to the PE/COFF
|
|
|
964c53 |
entry point
|
|
|
964c53 |
|
|
|
964c53 |
Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux
|
|
|
964c53 |
kernel. But our custom EFI loader that supports Secure Boot instead uses
|
|
|
964c53 |
the EFI handover protocol (for x86) or jumping directly to the PE/COFF
|
|
|
964c53 |
entry point (for aarch64).
|
|
|
964c53 |
|
|
|
964c53 |
This is done to allow the bootloader to verify the images using the shim
|
|
|
964c53 |
lock protocol to avoid booting untrusted binaries.
|
|
|
964c53 |
|
|
|
964c53 |
Since the bootloader loads the kernel from the boot media instead of using
|
|
|
964c53 |
LoadImage(), it is responsible to set the Loaded Image base address before
|
|
|
964c53 |
booting the kernel.
|
|
|
964c53 |
|
|
|
964c53 |
Otherwise the kernel EFI stub will complain that it was not set correctly
|
|
|
964c53 |
and print the following warning message:
|
|
|
964c53 |
|
|
|
964c53 |
EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value
|
|
|
964c53 |
|
|
|
964c53 |
Resolves: rhbz#1819624
|
|
|
964c53 |
|
|
|
964c53 |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
964c53 |
---
|
|
|
964c53 |
grub-core/loader/efi/linux.c | 12 ++++++++++++
|
|
|
964c53 |
1 file changed, 12 insertions(+)
|
|
|
964c53 |
|
|
|
964c53 |
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
|
|
|
964c53 |
index b56ea0bc041..e09f824862b 100644
|
|
|
964c53 |
--- a/grub-core/loader/efi/linux.c
|
|
|
964c53 |
+++ b/grub-core/loader/efi/linux.c
|
|
|
964c53 |
@@ -72,6 +72,7 @@ grub_err_t
|
|
|
964c53 |
grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
|
|
|
964c53 |
void *kernel_params)
|
|
|
964c53 |
{
|
|
|
964c53 |
+ grub_efi_loaded_image_t *loaded_image = NULL;
|
|
|
964c53 |
handover_func hf;
|
|
|
964c53 |
int offset = 0;
|
|
|
964c53 |
|
|
|
964c53 |
@@ -79,6 +80,17 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset,
|
|
|
964c53 |
offset = 512;
|
|
|
964c53 |
#endif
|
|
|
964c53 |
|
|
|
964c53 |
+ /*
|
|
|
964c53 |
+ * Since the EFI loader is not calling the LoadImage() and StartImage()
|
|
|
964c53 |
+ * services for loading the kernel and booting respectively, it has to
|
|
|
964c53 |
+ * set the Loaded Image base address.
|
|
|
964c53 |
+ */
|
|
|
964c53 |
+ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle);
|
|
|
964c53 |
+ if (loaded_image)
|
|
|
964c53 |
+ loaded_image->image_base = kernel_addr;
|
|
|
964c53 |
+ else
|
|
|
964c53 |
+ grub_dprintf ("linux", "Loaded Image base address could not be set\n");
|
|
|
964c53 |
+
|
|
|
964c53 |
grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n",
|
|
|
964c53 |
kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params);
|
|
|
964c53 |
hf = (handover_func)((char *)kernel_addr + handover_offset + offset);
|