From: Jan Janssen Date: Thu, 4 Aug 2022 08:21:15 +0000 (+0200) Subject: boot: Skip safety countdown when running in a VM X-Git-Tag: v252-rc1~514^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F24189%2Fhead;p=thirdparty%2Fsystemd.git boot: Skip safety countdown when running in a VM --- diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index 854825abdbe..cf7a464d0a4 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -49,6 +49,11 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) { unsigned timeout_sec = 15; for(;;) { + /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing + * we can brick there. */ + if (in_hypervisor()) + break; + PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec); uint64_t key; diff --git a/src/boot/efi/ticks.c b/src/boot/efi/ticks.c index 16e488c9586..1b74ba15d07 100644 --- a/src/boot/efi/ticks.c +++ b/src/boot/efi/ticks.c @@ -2,35 +2,17 @@ #include #include -#if defined(__i386__) || defined(__x86_64__) -#include -#endif -#include #include "ticks.h" - -#if defined(__i386__) || defined(__x86_64__) -static bool in_hypervisor(void) { - uint32_t eax, ebx, ecx, edx; - - /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero - * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful - * for keeping time, hence don't attempt to use it. - * - * This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI - * environment. */ - - if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0) - return false; - - return !!(ecx & 0x80000000U); -} -#endif +#include "util.h" #ifdef __x86_64__ static uint64_t ticks_read(void) { uint64_t a, d; + /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero + * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful + * for keeping time, hence don't attempt to use it. */ if (in_hypervisor()) return 0; diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 6fcf9b31211..a41dbaa43e1 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -2,6 +2,9 @@ #include #include +#if defined(__i386__) || defined(__x86_64__) +# include +#endif #include "ticks.h" #include "util.h" @@ -768,3 +771,17 @@ EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DE SetDevicePathEndNode(dp); return EFI_SUCCESS; } + +#if defined(__i386__) || defined(__x86_64__) +bool in_hypervisor(void) { + uint32_t eax, ebx, ecx, edx; + + /* This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI + * environment. */ + + if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0) + return false; + + return !!(ecx & 0x80000000U); +} +#endif diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index bb4bb64e0e2..afbc217d535 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -179,3 +179,11 @@ static inline void beep(UINTN beep_count) {} EFI_STATUS open_volume(EFI_HANDLE device, EFI_FILE **ret_file); EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DEVICE_PATH **ret_dp); + +#if defined(__i386__) || defined(__x86_64__) +bool in_hypervisor(void); +#else +static inline bool in_hypervisor(void) { + return false; +} +#endif