stub: introduce StubFeatures, similar to LoaderFeatures

systemd-boot reports its features via the LoaderFeatures EFI variable.
Let's add something similar for stub features, given they have been
growing.

For starters only define four feature flags. One is a baseline feature
we pretty much always supported (see comment in code), two are features
added in one of the most recently released systemd version, and the
final one, is a feature we added a few commits ago.

This is useful for userspace to figure out what is supported and what
not.

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index c35ee38749bf7e271853628079ef02f9450f882e..0bd6043149593f56059bbd0bc45e775fe01335ae 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -103,6 +103,13 @@ static EFI_STATUS combine_initrd(
 }
 
 static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) {
+        static const uint64_t stub_features =
+                EFI_STUB_FEATURE_REPORT_BOOT_PARTITION |    /* We set LoaderDevicePartUUID */
+                EFI_STUB_FEATURE_PICK_UP_CREDENTIALS |      /* We pick up credentials from the boot partition */
+                EFI_STUB_FEATURE_PICK_UP_SYSEXTS |          /* We pick up system extensions from the boot partition */
+                EFI_STUB_FEATURE_THREE_PCRS |               /* We can measure kernel image, parameters and sysext */
+                0;
+
         char16_t uuid[37];
 
         assert(loaded_image);
@@ -143,9 +150,12 @@ static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) {
                 efivar_set(LOADER_GUID, L"LoaderFirmwareType", s, 0);
         }
 
+
         /* add StubInfo (this is one is owned by the stub, hence we unconditionally override this with our
          * own data) */
         (void) efivar_set(LOADER_GUID, L"StubInfo", L"systemd-stub " GIT_VERSION, 0);
+
+        (void) efivar_set_uint64_le(LOADER_GUID, L"StubFeatures", stub_features, 0);
 }
 
 EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {

diff --git a/src/fundamental/efivars-fundamental.h b/src/fundamental/efivars-fundamental.h
index d1b70eafdce3a814c449de44af2fc6a3e30c1e92..5d15e19a0e14db1365f1c24a38f7af88b615f85c 100644 (file)
--- a/src/fundamental/efivars-fundamental.h
+++ b/src/fundamental/efivars-fundamental.h
@@ -4,6 +4,7 @@
 #include <errno.h>
 #include "string-util-fundamental.h"
 
+/* Features of the loader, i.e. systemd-boot */
 #define EFI_LOADER_FEATURE_CONFIG_TIMEOUT          (UINT64_C(1) << 0)
 #define EFI_LOADER_FEATURE_CONFIG_TIMEOUT_ONE_SHOT (UINT64_C(1) << 1)
 #define EFI_LOADER_FEATURE_ENTRY_DEFAULT           (UINT64_C(1) << 2)
@@ -13,6 +14,12 @@
 #define EFI_LOADER_FEATURE_RANDOM_SEED             (UINT64_C(1) << 6)
 #define EFI_LOADER_FEATURE_LOAD_DRIVER             (UINT64_C(1) << 7)
 
+/* Features of the stub, i.e. systemd-stub */
+#define EFI_STUB_FEATURE_REPORT_BOOT_PARTITION     (UINT64_C(1) << 0)
+#define EFI_STUB_FEATURE_PICK_UP_CREDENTIALS       (UINT64_C(1) << 1)
+#define EFI_STUB_FEATURE_PICK_UP_SYSEXTS           (UINT64_C(1) << 2)
+#define EFI_STUB_FEATURE_THREE_PCRS                (UINT64_C(1) << 3)
+
 typedef enum SecureBootMode {
         SECURE_BOOT_UNSUPPORTED,
         SECURE_BOOT_DISABLED,