From: Lennart Poettering Date: Wed, 5 Jul 2023 13:38:38 +0000 (+0200) Subject: efi: add a bunch of reported EFI loader/stub feature flags X-Git-Tag: v254-rc1~26^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92bb46c464ffc6f04b633f7d82686a766663ad69;p=thirdparty%2Fsystemd.git efi: add a bunch of reported EFI loader/stub feature flags We gained a bunch of new features that deserve reporting to userspace, hence add matching flags for each. This allows userspace to determine if installing addons in the ESP even makes sense. This is inspired by a similar changes in #28057 --- diff --git a/src/boot/bootctl-status.c b/src/boot/bootctl-status.c index dc841153cc1..0bfbf86e10f 100644 --- a/src/boot/bootctl-status.c +++ b/src/boot/bootctl-status.c @@ -367,6 +367,8 @@ int verb_status(int argc, char *argv[], void *userdata) { { EFI_LOADER_FEATURE_SORT_KEY, "Support Type #1 sort-key field" }, { EFI_LOADER_FEATURE_SAVED_ENTRY, "Support @saved pseudo-entry" }, { EFI_LOADER_FEATURE_DEVICETREE, "Support Type #1 devicetree field" }, + { EFI_LOADER_FEATURE_SECUREBOOT_ENROLL, "Enroll SecureBoot keys" }, + { EFI_LOADER_FEATURE_RETAIN_SHIM, "Retain SHIM protocols" }, }; static const struct { uint64_t flag; @@ -377,6 +379,8 @@ int verb_status(int argc, char *argv[], void *userdata) { { EFI_STUB_FEATURE_PICK_UP_SYSEXTS, "Picks up system extension images from boot partition" }, { EFI_STUB_FEATURE_THREE_PCRS, "Measures kernel+command line+sysexts" }, { EFI_STUB_FEATURE_RANDOM_SEED, "Support for passing random seed to OS" }, + { EFI_STUB_FEATURE_CMDLINE_ADDONS, "Pick up .cmdline from addons" }, + { EFI_STUB_FEATURE_CMDLINE_SMBIOS, "Pick up .cmdline from SMBIOS Type 11" }, }; _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL; sd_id128_t loader_part_uuid = SD_ID128_NULL; diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index cda6f564268..bde5d49c45e 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -2537,6 +2537,8 @@ static void export_variables( EFI_LOADER_FEATURE_SORT_KEY | EFI_LOADER_FEATURE_SAVED_ENTRY | EFI_LOADER_FEATURE_DEVICETREE | + EFI_LOADER_FEATURE_SECUREBOOT_ENROLL | + EFI_LOADER_FEATURE_RETAIN_SHIM | 0; _cleanup_free_ char16_t *infostr = NULL, *typestr = NULL; diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index 93a36414243..fd4f668eb61 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -88,6 +88,8 @@ static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) { EFI_STUB_FEATURE_PICK_UP_SYSEXTS | /* We pick up system extensions from the boot partition */ EFI_STUB_FEATURE_THREE_PCRS | /* We can measure kernel image, parameters and sysext */ EFI_STUB_FEATURE_RANDOM_SEED | /* We pass a random seed to the kernel */ + EFI_STUB_FEATURE_CMDLINE_ADDONS | /* We pick up .cmdline addons */ + EFI_STUB_FEATURE_CMDLINE_SMBIOS | /* We support extending kernel cmdline from SMBIOS Type #11 */ 0; assert(loaded_image); diff --git a/src/fundamental/efivars-fundamental.h b/src/fundamental/efivars-fundamental.h index 3bad79b0363..569f5eeceb1 100644 --- a/src/fundamental/efivars-fundamental.h +++ b/src/fundamental/efivars-fundamental.h @@ -20,6 +20,8 @@ #define EFI_LOADER_FEATURE_SORT_KEY (UINT64_C(1) << 8) #define EFI_LOADER_FEATURE_SAVED_ENTRY (UINT64_C(1) << 9) #define EFI_LOADER_FEATURE_DEVICETREE (UINT64_C(1) << 10) +#define EFI_LOADER_FEATURE_SECUREBOOT_ENROLL (UINT64_C(1) << 11) +#define EFI_LOADER_FEATURE_RETAIN_SHIM (UINT64_C(1) << 12) /* Features of the stub, i.e. systemd-stub */ #define EFI_STUB_FEATURE_REPORT_BOOT_PARTITION (UINT64_C(1) << 0) @@ -27,6 +29,8 @@ #define EFI_STUB_FEATURE_PICK_UP_SYSEXTS (UINT64_C(1) << 2) #define EFI_STUB_FEATURE_THREE_PCRS (UINT64_C(1) << 3) #define EFI_STUB_FEATURE_RANDOM_SEED (UINT64_C(1) << 4) +#define EFI_STUB_FEATURE_CMDLINE_ADDONS (UINT64_C(1) << 5) +#define EFI_STUB_FEATURE_CMDLINE_SMBIOS (UINT64_C(1) << 6) typedef enum SecureBootMode { SECURE_BOOT_UNSUPPORTED,