[image] Allow for images to be hidden from lists of all images

When invoking a kernel via the UEFI shim, the kernel (and potentially
also a helper binary such as GRUB) must be accessible via the virtual
filesystem exposed via EFI_SIMPLE_FILE_SYSTEM_PROTOCOL but must not be
present in the magic initrd constructed from all registered images.

Allow for images to be flagged as hidden, which will cause them to be
excluded from API-level lists of all images such as the virtual
filesystem directory contents, the magic initrd, or the Multiboot
module list.  Hidden images remain visible to iPXE commands including
"imgstat", which will show a "[HIDDEN]" flag for such images.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/arch/x86/image/bzimage.c b/src/arch/x86/image/bzimage.c
index b15bd55637cceac7a7459779969b9edfe09cb15b..2c776147d96fade0560d7c4df85d58a5c14834d7 100644 (file)
--- a/src/arch/x86/image/bzimage.c
+++ b/src/arch/x86/image/bzimage.c
@@ -355,6 +355,10 @@ static size_t bzimage_load_initrd ( struct image *image,
        size_t offset;
        size_t pad_len;
 
+       /* Skip hidden images */
+       if ( initrd->flags & IMAGE_HIDDEN )
+               return 0;
+
        /* Create cpio header for non-prebuilt images */
        offset = cpio_header ( initrd, &cpio );
 

diff --git a/src/arch/x86/image/multiboot.c b/src/arch/x86/image/multiboot.c
index c1c63bc975ee9ee151b29ad37df0441c594784e4..cada021abce0b26917600024f74d255db17e3a16 100644 (file)
--- a/src/arch/x86/image/multiboot.c
+++ b/src/arch/x86/image/multiboot.c
@@ -204,6 +204,10 @@ static int multiboot_add_modules ( struct image *image, physaddr_t start,
                        break;
                }
 
+               /* Skip hidden images */
+               if ( module_image->flags & IMAGE_HIDDEN )
+                       continue;
+
                /* Page-align the module */
                start = ( ( start + 0xfff ) & ~0xfff );
 

diff --git a/src/include/ipxe/image.h b/src/include/ipxe/image.h
index 9e0c0f22a5b7b8286a8166805d118ee239fa6d71..e00af82ef2d9233c8a6c0a251502d18b574a2fb2 100644 (file)
--- a/src/include/ipxe/image.h
+++ b/src/include/ipxe/image.h
@@ -72,6 +72,9 @@ struct image {
 /** Image will be automatically unregistered after execution */
 #define IMAGE_AUTO_UNREGISTER 0x0008
 
+/** Image will be hidden from enumeration */
+#define IMAGE_HIDDEN 0x0010
+
 /** An executable image type */
 struct image_type {
        /** Name of this image type */
@@ -161,15 +164,6 @@ extern struct image *current_image;
 #define for_each_image_safe( image, tmp ) \
        list_for_each_entry_safe ( (image), (tmp), &images, list )
 
-/**
- * Test for existence of images
- *
- * @ret existence      Some images exist
- */
-static inline int have_images ( void ) {
-       return ( ! list_empty ( &images ) );
-}
-
 /**
  * Retrieve first image
  *

diff --git a/src/interface/efi/efi_file.c b/src/interface/efi/efi_file.c
index fd0bcc6ce672f954a63d888338989193c59949ff..673f902d58414ab30e87e3a45ad73368a0536164 100644 (file)
--- a/src/interface/efi/efi_file.c
+++ b/src/interface/efi/efi_file.c
@@ -250,6 +250,10 @@ static size_t efi_file_read_initrd ( struct efi_file_reader *reader ) {
        len = 0;
        for_each_image ( image ) {
 
+               /* Skip hidden images */
+               if ( image->flags & IMAGE_HIDDEN )
+                       continue;
+
                /* Pad to alignment boundary */
                pad_len = ( ( -reader->pos ) & ( INITRD_ALIGN - 1 ) );
                if ( pad_len ) {
@@ -524,13 +528,21 @@ static EFI_STATUS efi_file_read_dir ( struct efi_file *file, UINTN *len,
        /* Construct directory entries for image-backed files */
        index = file->pos;
        for_each_image ( image ) {
-               if ( index-- == 0 ) {
-                       efi_file_image ( &entry, image );
-                       efirc = efi_file_info ( &entry, len, data );
-                       if ( efirc == 0 )
-                               file->pos++;
-                       return efirc;
-               }
+
+               /* Skip hidden images */
+               if ( image->flags & IMAGE_HIDDEN )
+                       continue;
+
+               /* Skip preceding images */
+               if ( index-- )
+                       continue;
+
+               /* Construct directory entry */
+               efi_file_image ( &entry, image );
+               efirc = efi_file_info ( &entry, len, data );
+               if ( efirc == 0 )
+                       file->pos++;
+               return efirc;
        }
 
        /* No more entries */
@@ -1093,6 +1105,7 @@ int efi_file_install ( EFI_HANDLE handle ) {
                EFI_DISK_IO_PROTOCOL *diskio;
                void *interface;
        } diskio;
+       struct image *image;
        EFI_STATUS efirc;
        int rc;
 
@@ -1156,9 +1169,12 @@ int efi_file_install ( EFI_HANDLE handle ) {
                goto err_initrd_claim;
 
        /* Install Linux initrd fixed device path file if non-empty */
-       if ( have_images() &&
-            ( ( rc = efi_file_path_install ( &efi_file_initrd ) ) != 0 ) ) {
-               goto err_initrd_install;
+       for_each_image ( image ) {
+               if ( image->flags & IMAGE_HIDDEN )
+                       continue;
+               if ( ( rc = efi_file_path_install ( &efi_file_initrd ) ) != 0 )
+                       goto err_initrd_install;
+               break;
        }
 
        return 0;

diff --git a/src/usr/imgmgmt.c b/src/usr/imgmgmt.c
index b7fc8293d41466419cf95700faee099a6e00e0fb..94f3d2ce05ead8fa9119fb3ccd45188feb53b1bd 100644 (file)
--- a/src/usr/imgmgmt.c
+++ b/src/usr/imgmgmt.c
@@ -165,6 +165,8 @@ void imgstat ( struct image *image ) {
                printf ( " [SELECTED]" );
        if ( image->flags & IMAGE_AUTO_UNREGISTER )
                printf ( " [AUTOFREE]" );
+       if ( image->flags & IMAGE_HIDDEN )
+               printf ( " [HIDDEN]" );
        if ( image->cmdline )
                printf ( " \"%s\"", image->cmdline );
        printf ( "\n" );