boot: Skip safety countdown when running in a VM

diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 854825abdbedc1ac51faa369020ab83010c8de41..cf7a464d0a4826340cee7db409e4aa3909841a81 100644 (file)
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -49,6 +49,11 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) {
 
         unsigned timeout_sec = 15;
         for(;;) {
+                /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
+                 * we can brick there. */
+                if (in_hypervisor())
+                        break;
+
                 PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec);
 
                 uint64_t key;

diff --git a/src/boot/efi/ticks.c b/src/boot/efi/ticks.c
index 16e488c9586cb2af87b8b9a29cda357971646b32..1b74ba15d07915390ce38ee9ba7eb4c7b9fd4571 100644 (file)
--- a/src/boot/efi/ticks.c
+++ b/src/boot/efi/ticks.c
@@ -2,35 +2,17 @@
 
 #include <efi.h>
 #include <efilib.h>
-#if defined(__i386__) || defined(__x86_64__)
-#include <cpuid.h>
-#endif
-#include <stdbool.h>
 
 #include "ticks.h"
-
-#if defined(__i386__) || defined(__x86_64__)
-static bool in_hypervisor(void) {
-        uint32_t eax, ebx, ecx, edx;
-
-        /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero
-         * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful
-         * for keeping time, hence don't attempt to use it.
-         *
-         * This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI
-         * environment. */
-
-        if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0)
-                return false;
-
-        return !!(ecx & 0x80000000U);
-}
-#endif
+#include "util.h"
 
 #ifdef __x86_64__
 static uint64_t ticks_read(void) {
         uint64_t a, d;
 
+        /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero
+         * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful
+         * for keeping time, hence don't attempt to use it. */
         if (in_hypervisor())
                 return 0;
 

diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c
index 6fcf9b3121180d3fec138b33d996806fdc3b2d61..a41dbaa43e1f6278c3d082875f75cf85b7c33592 100644 (file)
--- a/src/boot/efi/util.c
+++ b/src/boot/efi/util.c
@@ -2,6 +2,9 @@
 
 #include <efi.h>
 #include <efilib.h>
+#if defined(__i386__) || defined(__x86_64__)
+#  include <cpuid.h>
+#endif
 
 #include "ticks.h"
 #include "util.h"
@@ -768,3 +771,17 @@ EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DE
         SetDevicePathEndNode(dp);
         return EFI_SUCCESS;
 }
+
+#if defined(__i386__) || defined(__x86_64__)
+bool in_hypervisor(void) {
+        uint32_t eax, ebx, ecx, edx;
+
+        /* This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI
+         * environment. */
+
+        if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0)
+                return false;
+
+        return !!(ecx & 0x80000000U);
+}
+#endif

diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h
index bb4bb64e0e20f3b918afd604b944e3fb9e103b04..afbc217d5357d3b9e64725fee1c7a7bdd2ee4de6 100644 (file)
--- a/src/boot/efi/util.h
+++ b/src/boot/efi/util.h
@@ -179,3 +179,11 @@ static inline void beep(UINTN beep_count) {}
 
 EFI_STATUS open_volume(EFI_HANDLE device, EFI_FILE **ret_file);
 EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DEVICE_PATH **ret_dp);
+
+#if defined(__i386__) || defined(__x86_64__)
+bool in_hypervisor(void);
+#else
+static inline bool in_hypervisor(void) {
+        return false;
+}
+#endif