[build] Mark direct kernel loading as forbidden for UEFI Secure Boot

Our long-standing policy for EFI platforms is that we support invoking
binary executables only via the LoadImage() and StartImage() boot
services calls, so that all security policy decisions are delegated to
the platform firmware.

Most binary executable formats that we support are BIOS-only and
cannot in any case be linked in to an EFI executable.  The only
cross-platform format is the generic Linux kernel image format as used
for RISC-V (and potentially also for AArch64).

Mark all files associated with direct loading of a kernel binary as
explicitly forbidden for UEFI Secure Boot.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/arch/arm64/include/bits/lkrn.h b/src/arch/arm64/include/bits/lkrn.h
index 943464e9b876938256e71aad2ff732cd828e8d06..bcc6d1eed2ca4103af63bbedf2953347307b7227 100644 (file)
--- a/src/arch/arm64/include/bits/lkrn.h
+++ b/src/arch/arm64/include/bits/lkrn.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( FORBIDDEN );
 
 /** Header magic value */
 #define LKRN_MAGIC_ARCH LKRN_MAGIC_AARCH64

diff --git a/src/arch/riscv/include/bits/lkrn.h b/src/arch/riscv/include/bits/lkrn.h
index d2610864724c97d6d687734ea6211789b31b0bdf..18d3bf956f39cf9fced7e51bb8d4c425ec81878a 100644 (file)
--- a/src/arch/riscv/include/bits/lkrn.h
+++ b/src/arch/riscv/include/bits/lkrn.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( FORBIDDEN );
 
 #include <ipxe/hart.h>
 

diff --git a/src/image/lkrn.c b/src/image/lkrn.c
index a2044cb828bf2a0b3335ec2637a9f77bcf548544..206bb57e5d0adf3d905e876f6418b8870b625682 100644 (file)
--- a/src/image/lkrn.c
+++ b/src/image/lkrn.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( FORBIDDEN );
 
 #include <stdint.h>
 #include <string.h>

diff --git a/src/include/bits/lkrn.h b/src/include/bits/lkrn.h
index 58aee73a2e6cf52243d47f4c405164f2c7194e9d..609ee2c82e812edc973d0a873f7c3c4d82d4c677 100644 (file)
--- a/src/include/bits/lkrn.h
+++ b/src/include/bits/lkrn.h
@@ -11,6 +11,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( FORBIDDEN );
 
 #define LKRN_MAGIC_ARCH 0
 

diff --git a/src/include/ipxe/lkrn.h b/src/include/ipxe/lkrn.h
index 88b4d0485c1fb571cc4b9547b3517f37e476222a..3749a37d7432b8c920adcbd90c51e2d4797a1ae2 100644 (file)
--- a/src/include/ipxe/lkrn.h
+++ b/src/include/ipxe/lkrn.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( FORBIDDEN );
 
 #include <stdint.h>