efi: add a bunch of reported EFI loader/stub feature flags

We gained a bunch of new features that deserve reporting to userspace,
hence add matching flags for each.

This allows userspace to determine if installing addons in the ESP even
makes sense.

This is inspired by a similar changes in #28057

diff --git a/src/boot/bootctl-status.c b/src/boot/bootctl-status.c
index dc841153cc159af30dd7696180db366a8b16b608..0bfbf86e10faa43e7ccc9c35fbd16c36aa509ce0 100644 (file)
--- a/src/boot/bootctl-status.c
+++ b/src/boot/bootctl-status.c
@@ -367,6 +367,8 @@ int verb_status(int argc, char *argv[], void *userdata) {
                         { EFI_LOADER_FEATURE_SORT_KEY,                "Support Type #1 sort-key field"        },
                         { EFI_LOADER_FEATURE_SAVED_ENTRY,             "Support @saved pseudo-entry"           },
                         { EFI_LOADER_FEATURE_DEVICETREE,              "Support Type #1 devicetree field"      },
+                        { EFI_LOADER_FEATURE_SECUREBOOT_ENROLL,       "Enroll SecureBoot keys"                },
+                        { EFI_LOADER_FEATURE_RETAIN_SHIM,             "Retain SHIM protocols"                 },
                 };
                 static const struct {
                         uint64_t flag;
@@ -377,6 +379,8 @@ int verb_status(int argc, char *argv[], void *userdata) {
                         { EFI_STUB_FEATURE_PICK_UP_SYSEXTS,           "Picks up system extension images from boot partition" },
                         { EFI_STUB_FEATURE_THREE_PCRS,                "Measures kernel+command line+sysexts"                 },
                         { EFI_STUB_FEATURE_RANDOM_SEED,               "Support for passing random seed to OS"                },
+                        { EFI_STUB_FEATURE_CMDLINE_ADDONS,            "Pick up .cmdline from addons"                         },
+                        { EFI_STUB_FEATURE_CMDLINE_SMBIOS,            "Pick up .cmdline from SMBIOS Type 11"                 },
                 };
                 _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL;
                 sd_id128_t loader_part_uuid = SD_ID128_NULL;

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index cda6f5642681a38e89070058120988c806c41bed..bde5d49c45e674e2f1f803c6980ae0c817d739dd 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2537,6 +2537,8 @@ static void export_variables(
                 EFI_LOADER_FEATURE_SORT_KEY |
                 EFI_LOADER_FEATURE_SAVED_ENTRY |
                 EFI_LOADER_FEATURE_DEVICETREE |
+                EFI_LOADER_FEATURE_SECUREBOOT_ENROLL |
+                EFI_LOADER_FEATURE_RETAIN_SHIM |
                 0;
 
         _cleanup_free_ char16_t *infostr = NULL, *typestr = NULL;

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index 93a364142433e6874febdf4f4c0d49f468509997..fd4f668eb61491d9b148188d220c83bede8018a3 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -88,6 +88,8 @@ static void export_variables(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) {
                 EFI_STUB_FEATURE_PICK_UP_SYSEXTS |          /* We pick up system extensions from the boot partition */
                 EFI_STUB_FEATURE_THREE_PCRS |               /* We can measure kernel image, parameters and sysext */
                 EFI_STUB_FEATURE_RANDOM_SEED |              /* We pass a random seed to the kernel */
+                EFI_STUB_FEATURE_CMDLINE_ADDONS |           /* We pick up .cmdline addons */
+                EFI_STUB_FEATURE_CMDLINE_SMBIOS |           /* We support extending kernel cmdline from SMBIOS Type #11 */
                 0;
 
         assert(loaded_image);

diff --git a/src/fundamental/efivars-fundamental.h b/src/fundamental/efivars-fundamental.h
index 3bad79b0363ff3ec3c80e626cd46401da4415f72..569f5eeceb1f9144de4179a2bf01086b2f991b10 100644 (file)
--- a/src/fundamental/efivars-fundamental.h
+++ b/src/fundamental/efivars-fundamental.h
@@ -20,6 +20,8 @@
 #define EFI_LOADER_FEATURE_SORT_KEY                (UINT64_C(1) << 8)
 #define EFI_LOADER_FEATURE_SAVED_ENTRY             (UINT64_C(1) << 9)
 #define EFI_LOADER_FEATURE_DEVICETREE              (UINT64_C(1) << 10)
+#define EFI_LOADER_FEATURE_SECUREBOOT_ENROLL       (UINT64_C(1) << 11)
+#define EFI_LOADER_FEATURE_RETAIN_SHIM             (UINT64_C(1) << 12)
 
 /* Features of the stub, i.e. systemd-stub */
 #define EFI_STUB_FEATURE_REPORT_BOOT_PARTITION     (UINT64_C(1) << 0)
@@ -27,6 +29,8 @@
 #define EFI_STUB_FEATURE_PICK_UP_SYSEXTS           (UINT64_C(1) << 2)
 #define EFI_STUB_FEATURE_THREE_PCRS                (UINT64_C(1) << 3)
 #define EFI_STUB_FEATURE_RANDOM_SEED               (UINT64_C(1) << 4)
+#define EFI_STUB_FEATURE_CMDLINE_ADDONS            (UINT64_C(1) << 5)
+#define EFI_STUB_FEATURE_CMDLINE_SMBIOS            (UINT64_C(1) << 6)
 
 typedef enum SecureBootMode {
         SECURE_BOOT_UNSUPPORTED,