Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Helper functions used by the EFI stub on multiple
4 * architectures. This should be #included by the EFI stub
5 * implementation files.
6 *
7 * Copyright 2011 Intel Corporation; author Matt Fleming
8 */
9
10#include <stdarg.h>
11
12#include <linux/ctype.h>
13#include <linux/efi.h>
14#include <linux/kernel.h>
15#include <linux/printk.h> /* For CONSOLE_LOGLEVEL_* */
16#include <asm/efi.h>
17#include <asm/setup.h>
18
19#include "efistub.h"
20
21bool efi_nochunk;
22bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE);
23bool efi_noinitrd;
24int efi_loglevel = CONSOLE_LOGLEVEL_DEFAULT;
25bool efi_novamap;
26
27static bool efi_nosoftreserve;
28static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA);
29
30bool __pure __efi_soft_reserve_enabled(void)
31{
32 return !efi_nosoftreserve;
33}
34
35/**
36 * efi_char16_puts() - Write a UCS-2 encoded string to the console
37 * @str: UCS-2 encoded string
38 */
39void efi_char16_puts(efi_char16_t *str)
40{
41 efi_call_proto(efi_table_attr(efi_system_table, con_out),
42 output_string, str);
43}
44
45static
46u32 utf8_to_utf32(const u8 **s8)
47{
48 u32 c32;
49 u8 c0, cx;
50 size_t clen, i;
51
52 c0 = cx = *(*s8)++;
53 /*
54 * The position of the most-significant 0 bit gives us the length of
55 * a multi-octet encoding.
56 */
57 for (clen = 0; cx & 0x80; ++clen)
58 cx <<= 1;
59 /*
60 * If the 0 bit is in position 8, this is a valid single-octet
61 * encoding. If the 0 bit is in position 7 or positions 1-3, the
62 * encoding is invalid.
63 * In either case, we just return the first octet.
64 */
65 if (clen < 2 || clen > 4)
66 return c0;
67 /* Get the bits from the first octet. */
68 c32 = cx >> clen--;
69 for (i = 0; i < clen; ++i) {
70 /* Trailing octets must have 10 in most significant bits. */
71 cx = (*s8)[i] ^ 0x80;
72 if (cx & 0xc0)
73 return c0;
74 c32 = (c32 << 6) | cx;
75 }
76 /*
77 * Check for validity:
78 * - The character must be in the Unicode range.
79 * - It must not be a surrogate.
80 * - It must be encoded using the correct number of octets.
81 */
82 if (c32 > 0x10ffff ||
83 (c32 & 0xf800) == 0xd800 ||
84 clen != (c32 >= 0x80) + (c32 >= 0x800) + (c32 >= 0x10000))
85 return c0;
86 *s8 += clen;
87 return c32;
88}
89
90/**
91 * efi_puts() - Write a UTF-8 encoded string to the console
92 * @str: UTF-8 encoded string
93 */
94void efi_puts(const char *str)
95{
96 efi_char16_t buf[128];
97 size_t pos = 0, lim = ARRAY_SIZE(buf);
98 const u8 *s8 = (const u8 *)str;
99 u32 c32;
100
101 while (*s8) {
102 if (*s8 == '\n')
103 buf[pos++] = L'\r';
104 c32 = utf8_to_utf32(&s8);
105 if (c32 < 0x10000) {
106 /* Characters in plane 0 use a single word. */
107 buf[pos++] = c32;
108 } else {
109 /*
110 * Characters in other planes encode into a surrogate
111 * pair.
112 */
113 buf[pos++] = (0xd800 - (0x10000 >> 10)) + (c32 >> 10);
114 buf[pos++] = 0xdc00 + (c32 & 0x3ff);
115 }
116 if (*s8 == '\0' || pos >= lim - 2) {
117 buf[pos] = L'\0';
118 efi_char16_puts(buf);
119 pos = 0;
120 }
121 }
122}
123
124/**
125 * efi_printk() - Print a kernel message
126 * @fmt: format string
127 *
128 * The first letter of the format string is used to determine the logging level
129 * of the message. If the level is less then the current EFI logging level, the
130 * message is suppressed. The message will be truncated to 255 bytes.
131 *
132 * Return: number of printed characters
133 */
134int efi_printk(const char *fmt, ...)
135{
136 char printf_buf[256];
137 va_list args;
138 int printed;
139 int loglevel = printk_get_level(fmt);
140
141 switch (loglevel) {
142 case '0' ... '9':
143 loglevel -= '0';
144 break;
145 default:
146 /*
147 * Use loglevel -1 for cases where we just want to print to
148 * the screen.
149 */
150 loglevel = -1;
151 break;
152 }
153
154 if (loglevel >= efi_loglevel)
155 return 0;
156
157 if (loglevel >= 0)
158 efi_puts("EFI stub: ");
159
160 fmt = printk_skip_level(fmt);
161
162 va_start(args, fmt);
163 printed = vsnprintf(printf_buf, sizeof(printf_buf), fmt, args);
164 va_end(args);
165
166 efi_puts(printf_buf);
167 if (printed >= sizeof(printf_buf)) {
168 efi_puts("[Message truncated]\n");
169 return -1;
170 }
171
172 return printed;
173}
174
175/**
176 * efi_parse_options() - Parse EFI command line options
177 * @cmdline: kernel command line
178 *
179 * Parse the ASCII string @cmdline for EFI options, denoted by the efi=
180 * option, e.g. efi=nochunk.
181 *
182 * It should be noted that efi= is parsed in two very different
183 * environments, first in the early boot environment of the EFI boot
184 * stub, and subsequently during the kernel boot.
185 *
186 * Return: status code
187 */
188efi_status_t efi_parse_options(char const *cmdline)
189{
190 size_t len;
191 efi_status_t status;
192 char *str, *buf;
193
194 if (!cmdline)
195 return EFI_SUCCESS;
196
197 len = strnlen(cmdline, COMMAND_LINE_SIZE - 1) + 1;
198 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, len, (void **)&buf);
199 if (status != EFI_SUCCESS)
200 return status;
201
202 memcpy(buf, cmdline, len - 1);
203 buf[len - 1] = '\0';
204 str = skip_spaces(buf);
205
206 while (*str) {
207 char *param, *val;
208
209 str = next_arg(str, ¶m, &val);
210 if (!val && !strcmp(param, "--"))
211 break;
212
213 if (!strcmp(param, "nokaslr")) {
214 efi_nokaslr = true;
215 } else if (!strcmp(param, "quiet")) {
216 efi_loglevel = CONSOLE_LOGLEVEL_QUIET;
217 } else if (!strcmp(param, "noinitrd")) {
218 efi_noinitrd = true;
219 } else if (!strcmp(param, "efi") && val) {
220 efi_nochunk = parse_option_str(val, "nochunk");
221 efi_novamap = parse_option_str(val, "novamap");
222
223 efi_nosoftreserve = IS_ENABLED(CONFIG_EFI_SOFT_RESERVE) &&
224 parse_option_str(val, "nosoftreserve");
225
226 if (parse_option_str(val, "disable_early_pci_dma"))
227 efi_disable_pci_dma = true;
228 if (parse_option_str(val, "no_disable_early_pci_dma"))
229 efi_disable_pci_dma = false;
230 if (parse_option_str(val, "debug"))
231 efi_loglevel = CONSOLE_LOGLEVEL_DEBUG;
232 } else if (!strcmp(param, "video") &&
233 val && strstarts(val, "efifb:")) {
234 efi_parse_option_graphics(val + strlen("efifb:"));
235 }
236 }
237 efi_bs_call(free_pool, buf);
238 return EFI_SUCCESS;
239}
240
241/*
242 * Convert the unicode UEFI command line to ASCII to pass to kernel.
243 * Size of memory allocated return in *cmd_line_len.
244 * Returns NULL on error.
245 */
246char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len)
247{
248 const u16 *s2;
249 unsigned long cmdline_addr = 0;
250 int options_chars = efi_table_attr(image, load_options_size) / 2;
251 const u16 *options = efi_table_attr(image, load_options);
252 int options_bytes = 0, safe_options_bytes = 0; /* UTF-8 bytes */
253 bool in_quote = false;
254 efi_status_t status;
255
256 if (options) {
257 s2 = options;
258 while (options_bytes < COMMAND_LINE_SIZE && options_chars--) {
259 u16 c = *s2++;
260
261 if (c < 0x80) {
262 if (c == L'\0' || c == L'\n')
263 break;
264 if (c == L'"')
265 in_quote = !in_quote;
266 else if (!in_quote && isspace((char)c))
267 safe_options_bytes = options_bytes;
268
269 options_bytes++;
270 continue;
271 }
272
273 /*
274 * Get the number of UTF-8 bytes corresponding to a
275 * UTF-16 character.
276 * The first part handles everything in the BMP.
277 */
278 options_bytes += 2 + (c >= 0x800);
279 /*
280 * Add one more byte for valid surrogate pairs. Invalid
281 * surrogates will be replaced with 0xfffd and take up
282 * only 3 bytes.
283 */
284 if ((c & 0xfc00) == 0xd800) {
285 /*
286 * If the very last word is a high surrogate,
287 * we must ignore it since we can't access the
288 * low surrogate.
289 */
290 if (!options_chars) {
291 options_bytes -= 3;
292 } else if ((*s2 & 0xfc00) == 0xdc00) {
293 options_bytes++;
294 options_chars--;
295 s2++;
296 }
297 }
298 }
299 if (options_bytes >= COMMAND_LINE_SIZE) {
300 options_bytes = safe_options_bytes;
301 efi_err("Command line is too long: truncated to %d bytes\n",
302 options_bytes);
303 }
304 }
305
306 options_bytes++; /* NUL termination */
307
308 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, options_bytes,
309 (void **)&cmdline_addr);
310 if (status != EFI_SUCCESS)
311 return NULL;
312
313 snprintf((char *)cmdline_addr, options_bytes, "%.*ls",
314 options_bytes - 1, options);
315
316 *cmd_line_len = options_bytes;
317 return (char *)cmdline_addr;
318}
319
320/**
321 * efi_exit_boot_services() - Exit boot services
322 * @handle: handle of the exiting image
323 * @map: pointer to receive the memory map
324 * @priv: argument to be passed to @priv_func
325 * @priv_func: function to process the memory map before exiting boot services
326 *
327 * Handle calling ExitBootServices according to the requirements set out by the
328 * spec. Obtains the current memory map, and returns that info after calling
329 * ExitBootServices. The client must specify a function to perform any
330 * processing of the memory map data prior to ExitBootServices. A client
331 * specific structure may be passed to the function via priv. The client
332 * function may be called multiple times.
333 *
334 * Return: status code
335 */
336efi_status_t efi_exit_boot_services(void *handle,
337 struct efi_boot_memmap *map,
338 void *priv,
339 efi_exit_boot_map_processing priv_func)
340{
341 efi_status_t status;
342
343 status = efi_get_memory_map(map);
344
345 if (status != EFI_SUCCESS)
346 goto fail;
347
348 status = priv_func(map, priv);
349 if (status != EFI_SUCCESS)
350 goto free_map;
351
352 if (efi_disable_pci_dma)
353 efi_pci_disable_bridge_busmaster();
354
355 status = efi_bs_call(exit_boot_services, handle, *map->key_ptr);
356
357 if (status == EFI_INVALID_PARAMETER) {
358 /*
359 * The memory map changed between efi_get_memory_map() and
360 * exit_boot_services(). Per the UEFI Spec v2.6, Section 6.4:
361 * EFI_BOOT_SERVICES.ExitBootServices we need to get the
362 * updated map, and try again. The spec implies one retry
363 * should be sufficent, which is confirmed against the EDK2
364 * implementation. Per the spec, we can only invoke
365 * get_memory_map() and exit_boot_services() - we cannot alloc
366 * so efi_get_memory_map() cannot be used, and we must reuse
367 * the buffer. For all practical purposes, the headroom in the
368 * buffer should account for any changes in the map so the call
369 * to get_memory_map() is expected to succeed here.
370 */
371 *map->map_size = *map->buff_size;
372 status = efi_bs_call(get_memory_map,
373 map->map_size,
374 *map->map,
375 map->key_ptr,
376 map->desc_size,
377 map->desc_ver);
378
379 /* exit_boot_services() was called, thus cannot free */
380 if (status != EFI_SUCCESS)
381 goto fail;
382
383 status = priv_func(map, priv);
384 /* exit_boot_services() was called, thus cannot free */
385 if (status != EFI_SUCCESS)
386 goto fail;
387
388 status = efi_bs_call(exit_boot_services, handle, *map->key_ptr);
389 }
390
391 /* exit_boot_services() was called, thus cannot free */
392 if (status != EFI_SUCCESS)
393 goto fail;
394
395 return EFI_SUCCESS;
396
397free_map:
398 efi_bs_call(free_pool, *map->map);
399fail:
400 return status;
401}
402
403/**
404 * get_efi_config_table() - retrieve UEFI configuration table
405 * @guid: GUID of the configuration table to be retrieved
406 * Return: pointer to the configuration table or NULL
407 */
408void *get_efi_config_table(efi_guid_t guid)
409{
410 unsigned long tables = efi_table_attr(efi_system_table, tables);
411 int nr_tables = efi_table_attr(efi_system_table, nr_tables);
412 int i;
413
414 for (i = 0; i < nr_tables; i++) {
415 efi_config_table_t *t = (void *)tables;
416
417 if (efi_guidcmp(t->guid, guid) == 0)
418 return efi_table_attr(t, table);
419
420 tables += efi_is_native() ? sizeof(efi_config_table_t)
421 : sizeof(efi_config_table_32_t);
422 }
423 return NULL;
424}
425
426/*
427 * The LINUX_EFI_INITRD_MEDIA_GUID vendor media device path below provides a way
428 * for the firmware or bootloader to expose the initrd data directly to the stub
429 * via the trivial LoadFile2 protocol, which is defined in the UEFI spec, and is
430 * very easy to implement. It is a simple Linux initrd specific conduit between
431 * kernel and firmware, allowing us to put the EFI stub (being part of the
432 * kernel) in charge of where and when to load the initrd, while leaving it up
433 * to the firmware to decide whether it needs to expose its filesystem hierarchy
434 * via EFI protocols.
435 */
436static const struct {
437 struct efi_vendor_dev_path vendor;
438 struct efi_generic_dev_path end;
439} __packed initrd_dev_path = {
440 {
441 {
442 EFI_DEV_MEDIA,
443 EFI_DEV_MEDIA_VENDOR,
444 sizeof(struct efi_vendor_dev_path),
445 },
446 LINUX_EFI_INITRD_MEDIA_GUID
447 }, {
448 EFI_DEV_END_PATH,
449 EFI_DEV_END_ENTIRE,
450 sizeof(struct efi_generic_dev_path)
451 }
452};
453
454/**
455 * efi_load_initrd_dev_path() - load the initrd from the Linux initrd device path
456 * @load_addr: pointer to store the address where the initrd was loaded
457 * @load_size: pointer to store the size of the loaded initrd
458 * @max: upper limit for the initrd memory allocation
459 *
460 * Return:
461 * * %EFI_SUCCESS if the initrd was loaded successfully, in which
462 * case @load_addr and @load_size are assigned accordingly
463 * * %EFI_NOT_FOUND if no LoadFile2 protocol exists on the initrd device path
464 * * %EFI_INVALID_PARAMETER if load_addr == NULL or load_size == NULL
465 * * %EFI_OUT_OF_RESOURCES if memory allocation failed
466 * * %EFI_LOAD_ERROR in all other cases
467 */
468static
469efi_status_t efi_load_initrd_dev_path(unsigned long *load_addr,
470 unsigned long *load_size,
471 unsigned long max)
472{
473 efi_guid_t lf2_proto_guid = EFI_LOAD_FILE2_PROTOCOL_GUID;
474 efi_device_path_protocol_t *dp;
475 efi_load_file2_protocol_t *lf2;
476 unsigned long initrd_addr;
477 unsigned long initrd_size;
478 efi_handle_t handle;
479 efi_status_t status;
480
481 dp = (efi_device_path_protocol_t *)&initrd_dev_path;
482 status = efi_bs_call(locate_device_path, &lf2_proto_guid, &dp, &handle);
483 if (status != EFI_SUCCESS)
484 return status;
485
486 status = efi_bs_call(handle_protocol, handle, &lf2_proto_guid,
487 (void **)&lf2);
488 if (status != EFI_SUCCESS)
489 return status;
490
491 status = efi_call_proto(lf2, load_file, dp, false, &initrd_size, NULL);
492 if (status != EFI_BUFFER_TOO_SMALL)
493 return EFI_LOAD_ERROR;
494
495 status = efi_allocate_pages(initrd_size, &initrd_addr, max);
496 if (status != EFI_SUCCESS)
497 return status;
498
499 status = efi_call_proto(lf2, load_file, dp, false, &initrd_size,
500 (void *)initrd_addr);
501 if (status != EFI_SUCCESS) {
502 efi_free(initrd_size, initrd_addr);
503 return EFI_LOAD_ERROR;
504 }
505
506 *load_addr = initrd_addr;
507 *load_size = initrd_size;
508 return EFI_SUCCESS;
509}
510
511static
512efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image,
513 unsigned long *load_addr,
514 unsigned long *load_size,
515 unsigned long soft_limit,
516 unsigned long hard_limit)
517{
518 if (!IS_ENABLED(CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER) ||
519 (IS_ENABLED(CONFIG_X86) && (!efi_is_native() || image == NULL))) {
520 *load_addr = *load_size = 0;
521 return EFI_SUCCESS;
522 }
523
524 return handle_cmdline_files(image, L"initrd=", sizeof(L"initrd=") - 2,
525 soft_limit, hard_limit,
526 load_addr, load_size);
527}
528
529/**
530 * efi_load_initrd() - Load initial RAM disk
531 * @image: EFI loaded image protocol
532 * @load_addr: pointer to loaded initrd
533 * @load_size: size of loaded initrd
534 * @soft_limit: preferred size of allocated memory for loading the initrd
535 * @hard_limit: minimum size of allocated memory
536 *
537 * Return: status code
538 */
539efi_status_t efi_load_initrd(efi_loaded_image_t *image,
540 unsigned long *load_addr,
541 unsigned long *load_size,
542 unsigned long soft_limit,
543 unsigned long hard_limit)
544{
545 efi_status_t status;
546
547 if (!load_addr || !load_size)
548 return EFI_INVALID_PARAMETER;
549
550 status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit);
551 if (status == EFI_SUCCESS) {
552 efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n");
553 } else if (status == EFI_NOT_FOUND) {
554 status = efi_load_initrd_cmdline(image, load_addr, load_size,
555 soft_limit, hard_limit);
556 if (status == EFI_SUCCESS && *load_size > 0)
557 efi_info("Loaded initrd from command line option\n");
558 }
559
560 return status;
561}
562
563/**
564 * efi_wait_for_key() - Wait for key stroke
565 * @usec: number of microseconds to wait for key stroke
566 * @key: key entered
567 *
568 * Wait for up to @usec microseconds for a key stroke.
569 *
570 * Return: status code, EFI_SUCCESS if key received
571 */
572efi_status_t efi_wait_for_key(unsigned long usec, efi_input_key_t *key)
573{
574 efi_event_t events[2], timer;
575 unsigned long index;
576 efi_simple_text_input_protocol_t *con_in;
577 efi_status_t status;
578
579 con_in = efi_table_attr(efi_system_table, con_in);
580 if (!con_in)
581 return EFI_UNSUPPORTED;
582 efi_set_event_at(events, 0, efi_table_attr(con_in, wait_for_key));
583
584 status = efi_bs_call(create_event, EFI_EVT_TIMER, 0, NULL, NULL, &timer);
585 if (status != EFI_SUCCESS)
586 return status;
587
588 status = efi_bs_call(set_timer, timer, EfiTimerRelative,
589 EFI_100NSEC_PER_USEC * usec);
590 if (status != EFI_SUCCESS)
591 return status;
592 efi_set_event_at(events, 1, timer);
593
594 status = efi_bs_call(wait_for_event, 2, events, &index);
595 if (status == EFI_SUCCESS) {
596 if (index == 0)
597 status = efi_call_proto(con_in, read_keystroke, key);
598 else
599 status = EFI_TIMEOUT;
600 }
601
602 efi_bs_call(close_event, timer);
603
604 return status;
605}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Helper functions used by the EFI stub on multiple
4 * architectures. This should be #included by the EFI stub
5 * implementation files.
6 *
7 * Copyright 2011 Intel Corporation; author Matt Fleming
8 */
9
10#include <linux/stdarg.h>
11
12#include <linux/efi.h>
13#include <linux/kernel.h>
14#include <linux/overflow.h>
15#include <asm/efi.h>
16#include <asm/setup.h>
17
18#include "efistub.h"
19
20bool efi_nochunk;
21bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE);
22bool efi_novamap;
23
24static bool efi_noinitrd;
25static bool efi_nosoftreserve;
26static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA);
27
28int efi_mem_encrypt;
29
30bool __pure __efi_soft_reserve_enabled(void)
31{
32 return !efi_nosoftreserve;
33}
34
35/**
36 * efi_parse_options() - Parse EFI command line options
37 * @cmdline: kernel command line
38 *
39 * Parse the ASCII string @cmdline for EFI options, denoted by the efi=
40 * option, e.g. efi=nochunk.
41 *
42 * It should be noted that efi= is parsed in two very different
43 * environments, first in the early boot environment of the EFI boot
44 * stub, and subsequently during the kernel boot.
45 *
46 * Return: status code
47 */
48efi_status_t efi_parse_options(char const *cmdline)
49{
50 size_t len;
51 efi_status_t status;
52 char *str, *buf;
53
54 if (!cmdline)
55 return EFI_SUCCESS;
56
57 len = strnlen(cmdline, COMMAND_LINE_SIZE - 1) + 1;
58 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, len, (void **)&buf);
59 if (status != EFI_SUCCESS)
60 return status;
61
62 memcpy(buf, cmdline, len - 1);
63 buf[len - 1] = '\0';
64 str = skip_spaces(buf);
65
66 while (*str) {
67 char *param, *val;
68
69 str = next_arg(str, ¶m, &val);
70 if (!val && !strcmp(param, "--"))
71 break;
72
73 if (!strcmp(param, "nokaslr")) {
74 efi_nokaslr = true;
75 } else if (!strcmp(param, "quiet")) {
76 efi_loglevel = CONSOLE_LOGLEVEL_QUIET;
77 } else if (!strcmp(param, "noinitrd")) {
78 efi_noinitrd = true;
79 } else if (IS_ENABLED(CONFIG_X86_64) && !strcmp(param, "no5lvl")) {
80 efi_no5lvl = true;
81 } else if (IS_ENABLED(CONFIG_ARCH_HAS_MEM_ENCRYPT) &&
82 !strcmp(param, "mem_encrypt") && val) {
83 if (parse_option_str(val, "on"))
84 efi_mem_encrypt = 1;
85 else if (parse_option_str(val, "off"))
86 efi_mem_encrypt = -1;
87 } else if (!strcmp(param, "efi") && val) {
88 efi_nochunk = parse_option_str(val, "nochunk");
89 efi_novamap |= parse_option_str(val, "novamap");
90
91 efi_nosoftreserve = IS_ENABLED(CONFIG_EFI_SOFT_RESERVE) &&
92 parse_option_str(val, "nosoftreserve");
93
94 if (parse_option_str(val, "disable_early_pci_dma"))
95 efi_disable_pci_dma = true;
96 if (parse_option_str(val, "no_disable_early_pci_dma"))
97 efi_disable_pci_dma = false;
98 if (parse_option_str(val, "debug"))
99 efi_loglevel = CONSOLE_LOGLEVEL_DEBUG;
100 } else if (!strcmp(param, "video") &&
101 val && strstarts(val, "efifb:")) {
102 efi_parse_option_graphics(val + strlen("efifb:"));
103 }
104 }
105 efi_bs_call(free_pool, buf);
106 return EFI_SUCCESS;
107}
108
109/*
110 * The EFI_LOAD_OPTION descriptor has the following layout:
111 * u32 Attributes;
112 * u16 FilePathListLength;
113 * u16 Description[];
114 * efi_device_path_protocol_t FilePathList[];
115 * u8 OptionalData[];
116 *
117 * This function validates and unpacks the variable-size data fields.
118 */
119static
120bool efi_load_option_unpack(efi_load_option_unpacked_t *dest,
121 const efi_load_option_t *src, size_t size)
122{
123 const void *pos;
124 u16 c;
125 efi_device_path_protocol_t header;
126 const efi_char16_t *description;
127 const efi_device_path_protocol_t *file_path_list;
128
129 if (size < offsetof(efi_load_option_t, variable_data))
130 return false;
131 pos = src->variable_data;
132 size -= offsetof(efi_load_option_t, variable_data);
133
134 if ((src->attributes & ~EFI_LOAD_OPTION_MASK) != 0)
135 return false;
136
137 /* Scan description. */
138 description = pos;
139 do {
140 if (size < sizeof(c))
141 return false;
142 c = *(const u16 *)pos;
143 pos += sizeof(c);
144 size -= sizeof(c);
145 } while (c != L'\0');
146
147 /* Scan file_path_list. */
148 file_path_list = pos;
149 do {
150 if (size < sizeof(header))
151 return false;
152 header = *(const efi_device_path_protocol_t *)pos;
153 if (header.length < sizeof(header))
154 return false;
155 if (size < header.length)
156 return false;
157 pos += header.length;
158 size -= header.length;
159 } while ((header.type != EFI_DEV_END_PATH && header.type != EFI_DEV_END_PATH2) ||
160 (header.sub_type != EFI_DEV_END_ENTIRE));
161 if (pos != (const void *)file_path_list + src->file_path_list_length)
162 return false;
163
164 dest->attributes = src->attributes;
165 dest->file_path_list_length = src->file_path_list_length;
166 dest->description = description;
167 dest->file_path_list = file_path_list;
168 dest->optional_data_size = size;
169 dest->optional_data = size ? pos : NULL;
170
171 return true;
172}
173
174/*
175 * At least some versions of Dell firmware pass the entire contents of the
176 * Boot#### variable, i.e. the EFI_LOAD_OPTION descriptor, rather than just the
177 * OptionalData field.
178 *
179 * Detect this case and extract OptionalData.
180 */
181void efi_apply_loadoptions_quirk(const void **load_options, u32 *load_options_size)
182{
183 const efi_load_option_t *load_option = *load_options;
184 efi_load_option_unpacked_t load_option_unpacked;
185
186 if (!IS_ENABLED(CONFIG_X86))
187 return;
188 if (!load_option)
189 return;
190 if (*load_options_size < sizeof(*load_option))
191 return;
192 if ((load_option->attributes & ~EFI_LOAD_OPTION_BOOT_MASK) != 0)
193 return;
194
195 if (!efi_load_option_unpack(&load_option_unpacked, load_option, *load_options_size))
196 return;
197
198 efi_warn_once(FW_BUG "LoadOptions is an EFI_LOAD_OPTION descriptor\n");
199 efi_warn_once(FW_BUG "Using OptionalData as a workaround\n");
200
201 *load_options = load_option_unpacked.optional_data;
202 *load_options_size = load_option_unpacked.optional_data_size;
203}
204
205enum efistub_event_type {
206 EFISTUB_EVT_INITRD,
207 EFISTUB_EVT_LOAD_OPTIONS,
208 EFISTUB_EVT_COUNT,
209};
210
211#define STR_WITH_SIZE(s) sizeof(s), s
212
213static const struct {
214 u32 pcr_index;
215 u32 event_id;
216 u32 event_data_len;
217 u8 event_data[52];
218} events[] = {
219 [EFISTUB_EVT_INITRD] = {
220 9,
221 INITRD_EVENT_TAG_ID,
222 STR_WITH_SIZE("Linux initrd")
223 },
224 [EFISTUB_EVT_LOAD_OPTIONS] = {
225 9,
226 LOAD_OPTIONS_EVENT_TAG_ID,
227 STR_WITH_SIZE("LOADED_IMAGE::LoadOptions")
228 },
229};
230
231static_assert(sizeof(efi_tcg2_event_t) == sizeof(efi_cc_event_t));
232
233union efistub_event {
234 efi_tcg2_event_t tcg2_data;
235 efi_cc_event_t cc_data;
236};
237
238struct efistub_measured_event {
239 union efistub_event event_data;
240 TCG_PCClientTaggedEvent tagged_event __packed;
241};
242
243static efi_status_t efi_measure_tagged_event(unsigned long load_addr,
244 unsigned long load_size,
245 enum efistub_event_type event)
246{
247 union {
248 efi_status_t
249 (__efiapi *hash_log_extend_event)(void *, u64, efi_physical_addr_t,
250 u64, const union efistub_event *);
251 struct { u32 hash_log_extend_event; } mixed_mode;
252 } method;
253 struct efistub_measured_event *evt;
254 int size = struct_size(evt, tagged_event.tagged_event_data,
255 events[event].event_data_len);
256 efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
257 efi_tcg2_protocol_t *tcg2 = NULL;
258 union efistub_event ev;
259 efi_status_t status;
260 void *protocol;
261
262 efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
263 if (tcg2) {
264 ev.tcg2_data = (struct efi_tcg2_event){
265 .event_size = size,
266 .event_header.header_size = sizeof(ev.tcg2_data.event_header),
267 .event_header.header_version = EFI_TCG2_EVENT_HEADER_VERSION,
268 .event_header.pcr_index = events[event].pcr_index,
269 .event_header.event_type = EV_EVENT_TAG,
270 };
271 protocol = tcg2;
272 method.hash_log_extend_event =
273 (void *)efi_table_attr(tcg2, hash_log_extend_event);
274 } else {
275 efi_guid_t cc_guid = EFI_CC_MEASUREMENT_PROTOCOL_GUID;
276 efi_cc_protocol_t *cc = NULL;
277
278 efi_bs_call(locate_protocol, &cc_guid, NULL, (void **)&cc);
279 if (!cc)
280 return EFI_UNSUPPORTED;
281
282 ev.cc_data = (struct efi_cc_event){
283 .event_size = size,
284 .event_header.header_size = sizeof(ev.cc_data.event_header),
285 .event_header.header_version = EFI_CC_EVENT_HEADER_VERSION,
286 .event_header.event_type = EV_EVENT_TAG,
287 };
288
289 status = efi_call_proto(cc, map_pcr_to_mr_index,
290 events[event].pcr_index,
291 &ev.cc_data.event_header.mr_index);
292 if (status != EFI_SUCCESS)
293 goto fail;
294
295 protocol = cc;
296 method.hash_log_extend_event =
297 (void *)efi_table_attr(cc, hash_log_extend_event);
298 }
299
300 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, size, (void **)&evt);
301 if (status != EFI_SUCCESS)
302 goto fail;
303
304 *evt = (struct efistub_measured_event) {
305 .event_data = ev,
306 .tagged_event.tagged_event_id = events[event].event_id,
307 .tagged_event.tagged_event_data_size = events[event].event_data_len,
308 };
309
310 memcpy(evt->tagged_event.tagged_event_data, events[event].event_data,
311 events[event].event_data_len);
312
313 status = efi_fn_call(&method, hash_log_extend_event, protocol, 0,
314 load_addr, load_size, &evt->event_data);
315 efi_bs_call(free_pool, evt);
316
317 if (status == EFI_SUCCESS)
318 return EFI_SUCCESS;
319
320fail:
321 efi_warn("Failed to measure data for event %d: 0x%lx\n", event, status);
322 return status;
323}
324
325/*
326 * Convert the unicode UEFI command line to ASCII to pass to kernel.
327 * Size of memory allocated return in *cmd_line_len.
328 * Returns NULL on error.
329 */
330char *efi_convert_cmdline(efi_loaded_image_t *image)
331{
332 const efi_char16_t *options = efi_table_attr(image, load_options);
333 u32 options_size = efi_table_attr(image, load_options_size);
334 int options_bytes = 0, safe_options_bytes = 0; /* UTF-8 bytes */
335 unsigned long cmdline_addr = 0;
336 const efi_char16_t *s2;
337 bool in_quote = false;
338 efi_status_t status;
339 u32 options_chars;
340
341 if (options_size > 0)
342 efi_measure_tagged_event((unsigned long)options, options_size,
343 EFISTUB_EVT_LOAD_OPTIONS);
344
345 efi_apply_loadoptions_quirk((const void **)&options, &options_size);
346 options_chars = options_size / sizeof(efi_char16_t);
347
348 if (options) {
349 s2 = options;
350 while (options_bytes < COMMAND_LINE_SIZE && options_chars--) {
351 efi_char16_t c = *s2++;
352
353 if (c < 0x80) {
354 if (c == L'\0' || c == L'\n')
355 break;
356 if (c == L'"')
357 in_quote = !in_quote;
358 else if (!in_quote && isspace((char)c))
359 safe_options_bytes = options_bytes;
360
361 options_bytes++;
362 continue;
363 }
364
365 /*
366 * Get the number of UTF-8 bytes corresponding to a
367 * UTF-16 character.
368 * The first part handles everything in the BMP.
369 */
370 options_bytes += 2 + (c >= 0x800);
371 /*
372 * Add one more byte for valid surrogate pairs. Invalid
373 * surrogates will be replaced with 0xfffd and take up
374 * only 3 bytes.
375 */
376 if ((c & 0xfc00) == 0xd800) {
377 /*
378 * If the very last word is a high surrogate,
379 * we must ignore it since we can't access the
380 * low surrogate.
381 */
382 if (!options_chars) {
383 options_bytes -= 3;
384 } else if ((*s2 & 0xfc00) == 0xdc00) {
385 options_bytes++;
386 options_chars--;
387 s2++;
388 }
389 }
390 }
391 if (options_bytes >= COMMAND_LINE_SIZE) {
392 options_bytes = safe_options_bytes;
393 efi_err("Command line is too long: truncated to %d bytes\n",
394 options_bytes);
395 }
396 }
397
398 options_bytes++; /* NUL termination */
399
400 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, options_bytes,
401 (void **)&cmdline_addr);
402 if (status != EFI_SUCCESS)
403 return NULL;
404
405 snprintf((char *)cmdline_addr, options_bytes, "%.*ls",
406 options_bytes - 1, options);
407
408 return (char *)cmdline_addr;
409}
410
411/**
412 * efi_exit_boot_services() - Exit boot services
413 * @handle: handle of the exiting image
414 * @priv: argument to be passed to @priv_func
415 * @priv_func: function to process the memory map before exiting boot services
416 *
417 * Handle calling ExitBootServices according to the requirements set out by the
418 * spec. Obtains the current memory map, and returns that info after calling
419 * ExitBootServices. The client must specify a function to perform any
420 * processing of the memory map data prior to ExitBootServices. A client
421 * specific structure may be passed to the function via priv. The client
422 * function may be called multiple times.
423 *
424 * Return: status code
425 */
426efi_status_t efi_exit_boot_services(void *handle, void *priv,
427 efi_exit_boot_map_processing priv_func)
428{
429 struct efi_boot_memmap *map;
430 efi_status_t status;
431
432 if (efi_disable_pci_dma)
433 efi_pci_disable_bridge_busmaster();
434
435 status = efi_get_memory_map(&map, true);
436 if (status != EFI_SUCCESS)
437 return status;
438
439 status = priv_func(map, priv);
440 if (status != EFI_SUCCESS) {
441 efi_bs_call(free_pool, map);
442 return status;
443 }
444
445 status = efi_bs_call(exit_boot_services, handle, map->map_key);
446
447 if (status == EFI_INVALID_PARAMETER) {
448 /*
449 * The memory map changed between efi_get_memory_map() and
450 * exit_boot_services(). Per the UEFI Spec v2.6, Section 6.4:
451 * EFI_BOOT_SERVICES.ExitBootServices we need to get the
452 * updated map, and try again. The spec implies one retry
453 * should be sufficent, which is confirmed against the EDK2
454 * implementation. Per the spec, we can only invoke
455 * get_memory_map() and exit_boot_services() - we cannot alloc
456 * so efi_get_memory_map() cannot be used, and we must reuse
457 * the buffer. For all practical purposes, the headroom in the
458 * buffer should account for any changes in the map so the call
459 * to get_memory_map() is expected to succeed here.
460 */
461 map->map_size = map->buff_size;
462 status = efi_bs_call(get_memory_map,
463 &map->map_size,
464 &map->map,
465 &map->map_key,
466 &map->desc_size,
467 &map->desc_ver);
468
469 /* exit_boot_services() was called, thus cannot free */
470 if (status != EFI_SUCCESS)
471 return status;
472
473 status = priv_func(map, priv);
474 /* exit_boot_services() was called, thus cannot free */
475 if (status != EFI_SUCCESS)
476 return status;
477
478 status = efi_bs_call(exit_boot_services, handle, map->map_key);
479 }
480
481 return status;
482}
483
484/**
485 * get_efi_config_table() - retrieve UEFI configuration table
486 * @guid: GUID of the configuration table to be retrieved
487 * Return: pointer to the configuration table or NULL
488 */
489void *get_efi_config_table(efi_guid_t guid)
490{
491 unsigned long tables = efi_table_attr(efi_system_table, tables);
492 int nr_tables = efi_table_attr(efi_system_table, nr_tables);
493 int i;
494
495 for (i = 0; i < nr_tables; i++) {
496 efi_config_table_t *t = (void *)tables;
497
498 if (efi_guidcmp(t->guid, guid) == 0)
499 return efi_table_attr(t, table);
500
501 tables += efi_is_native() ? sizeof(efi_config_table_t)
502 : sizeof(efi_config_table_32_t);
503 }
504 return NULL;
505}
506
507/*
508 * The LINUX_EFI_INITRD_MEDIA_GUID vendor media device path below provides a way
509 * for the firmware or bootloader to expose the initrd data directly to the stub
510 * via the trivial LoadFile2 protocol, which is defined in the UEFI spec, and is
511 * very easy to implement. It is a simple Linux initrd specific conduit between
512 * kernel and firmware, allowing us to put the EFI stub (being part of the
513 * kernel) in charge of where and when to load the initrd, while leaving it up
514 * to the firmware to decide whether it needs to expose its filesystem hierarchy
515 * via EFI protocols.
516 */
517static const struct {
518 struct efi_vendor_dev_path vendor;
519 struct efi_generic_dev_path end;
520} __packed initrd_dev_path = {
521 {
522 {
523 EFI_DEV_MEDIA,
524 EFI_DEV_MEDIA_VENDOR,
525 sizeof(struct efi_vendor_dev_path),
526 },
527 LINUX_EFI_INITRD_MEDIA_GUID
528 }, {
529 EFI_DEV_END_PATH,
530 EFI_DEV_END_ENTIRE,
531 sizeof(struct efi_generic_dev_path)
532 }
533};
534
535/**
536 * efi_load_initrd_dev_path() - load the initrd from the Linux initrd device path
537 * @initrd: pointer of struct to store the address where the initrd was loaded
538 * and the size of the loaded initrd
539 * @max: upper limit for the initrd memory allocation
540 *
541 * Return:
542 * * %EFI_SUCCESS if the initrd was loaded successfully, in which
543 * case @load_addr and @load_size are assigned accordingly
544 * * %EFI_NOT_FOUND if no LoadFile2 protocol exists on the initrd device path
545 * * %EFI_OUT_OF_RESOURCES if memory allocation failed
546 * * %EFI_LOAD_ERROR in all other cases
547 */
548static
549efi_status_t efi_load_initrd_dev_path(struct linux_efi_initrd *initrd,
550 unsigned long max)
551{
552 efi_guid_t lf2_proto_guid = EFI_LOAD_FILE2_PROTOCOL_GUID;
553 efi_device_path_protocol_t *dp;
554 efi_load_file2_protocol_t *lf2;
555 efi_handle_t handle;
556 efi_status_t status;
557
558 dp = (efi_device_path_protocol_t *)&initrd_dev_path;
559 status = efi_bs_call(locate_device_path, &lf2_proto_guid, &dp, &handle);
560 if (status != EFI_SUCCESS)
561 return status;
562
563 status = efi_bs_call(handle_protocol, handle, &lf2_proto_guid,
564 (void **)&lf2);
565 if (status != EFI_SUCCESS)
566 return status;
567
568 initrd->size = 0;
569 status = efi_call_proto(lf2, load_file, dp, false, &initrd->size, NULL);
570 if (status != EFI_BUFFER_TOO_SMALL)
571 return EFI_LOAD_ERROR;
572
573 status = efi_allocate_pages(initrd->size, &initrd->base, max);
574 if (status != EFI_SUCCESS)
575 return status;
576
577 status = efi_call_proto(lf2, load_file, dp, false, &initrd->size,
578 (void *)initrd->base);
579 if (status != EFI_SUCCESS) {
580 efi_free(initrd->size, initrd->base);
581 return EFI_LOAD_ERROR;
582 }
583 return EFI_SUCCESS;
584}
585
586static
587efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image,
588 struct linux_efi_initrd *initrd,
589 unsigned long soft_limit,
590 unsigned long hard_limit)
591{
592 if (image == NULL)
593 return EFI_UNSUPPORTED;
594
595 return handle_cmdline_files(image, L"initrd=", sizeof(L"initrd=") - 2,
596 soft_limit, hard_limit,
597 &initrd->base, &initrd->size);
598}
599
600/**
601 * efi_load_initrd() - Load initial RAM disk
602 * @image: EFI loaded image protocol
603 * @soft_limit: preferred address for loading the initrd
604 * @hard_limit: upper limit address for loading the initrd
605 *
606 * Return: status code
607 */
608efi_status_t efi_load_initrd(efi_loaded_image_t *image,
609 unsigned long soft_limit,
610 unsigned long hard_limit,
611 const struct linux_efi_initrd **out)
612{
613 efi_guid_t tbl_guid = LINUX_EFI_INITRD_MEDIA_GUID;
614 efi_status_t status = EFI_SUCCESS;
615 struct linux_efi_initrd initrd, *tbl;
616
617 if (!IS_ENABLED(CONFIG_BLK_DEV_INITRD) || efi_noinitrd)
618 return EFI_SUCCESS;
619
620 status = efi_load_initrd_dev_path(&initrd, hard_limit);
621 if (status == EFI_SUCCESS) {
622 efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n");
623 } else if (status == EFI_NOT_FOUND) {
624 status = efi_load_initrd_cmdline(image, &initrd, soft_limit,
625 hard_limit);
626 /* command line loader disabled or no initrd= passed? */
627 if (status == EFI_UNSUPPORTED || status == EFI_NOT_READY)
628 return EFI_SUCCESS;
629 if (status == EFI_SUCCESS)
630 efi_info("Loaded initrd from command line option\n");
631 }
632 if (status != EFI_SUCCESS)
633 goto failed;
634
635 if (initrd.size > 0 &&
636 efi_measure_tagged_event(initrd.base, initrd.size,
637 EFISTUB_EVT_INITRD) == EFI_SUCCESS)
638 efi_info("Measured initrd data into PCR 9\n");
639
640 status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, sizeof(initrd),
641 (void **)&tbl);
642 if (status != EFI_SUCCESS)
643 goto free_initrd;
644
645 *tbl = initrd;
646 status = efi_bs_call(install_configuration_table, &tbl_guid, tbl);
647 if (status != EFI_SUCCESS)
648 goto free_tbl;
649
650 if (out)
651 *out = tbl;
652 return EFI_SUCCESS;
653
654free_tbl:
655 efi_bs_call(free_pool, tbl);
656free_initrd:
657 efi_free(initrd.size, initrd.base);
658failed:
659 efi_err("Failed to load initrd: 0x%lx\n", status);
660 return status;
661}
662
663/**
664 * efi_wait_for_key() - Wait for key stroke
665 * @usec: number of microseconds to wait for key stroke
666 * @key: key entered
667 *
668 * Wait for up to @usec microseconds for a key stroke.
669 *
670 * Return: status code, EFI_SUCCESS if key received
671 */
672efi_status_t efi_wait_for_key(unsigned long usec, efi_input_key_t *key)
673{
674 efi_event_t events[2], timer;
675 unsigned long index;
676 efi_simple_text_input_protocol_t *con_in;
677 efi_status_t status;
678
679 con_in = efi_table_attr(efi_system_table, con_in);
680 if (!con_in)
681 return EFI_UNSUPPORTED;
682 efi_set_event_at(events, 0, efi_table_attr(con_in, wait_for_key));
683
684 status = efi_bs_call(create_event, EFI_EVT_TIMER, 0, NULL, NULL, &timer);
685 if (status != EFI_SUCCESS)
686 return status;
687
688 status = efi_bs_call(set_timer, timer, EfiTimerRelative,
689 EFI_100NSEC_PER_USEC * usec);
690 if (status != EFI_SUCCESS)
691 return status;
692 efi_set_event_at(events, 1, timer);
693
694 status = efi_bs_call(wait_for_event, 2, events, &index);
695 if (status == EFI_SUCCESS) {
696 if (index == 0)
697 status = efi_call_proto(con_in, read_keystroke, key);
698 else
699 status = EFI_TIMEOUT;
700 }
701
702 efi_bs_call(close_event, timer);
703
704 return status;
705}
706
707/**
708 * efi_remap_image - Remap a loaded image with the appropriate permissions
709 * for code and data
710 *
711 * @image_base: the base of the image in memory
712 * @alloc_size: the size of the area in memory occupied by the image
713 * @code_size: the size of the leading part of the image containing code
714 * and read-only data
715 *
716 * efi_remap_image() uses the EFI memory attribute protocol to remap the code
717 * region of the loaded image read-only/executable, and the remainder
718 * read-write/non-executable. The code region is assumed to start at the base
719 * of the image, and will therefore cover the PE/COFF header as well.
720 */
721void efi_remap_image(unsigned long image_base, unsigned alloc_size,
722 unsigned long code_size)
723{
724 efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
725 efi_memory_attribute_protocol_t *memattr;
726 efi_status_t status;
727 u64 attr;
728
729 /*
730 * If the firmware implements the EFI_MEMORY_ATTRIBUTE_PROTOCOL, let's
731 * invoke it to remap the text/rodata region of the decompressed image
732 * as read-only and the data/bss region as non-executable.
733 */
734 status = efi_bs_call(locate_protocol, &guid, NULL, (void **)&memattr);
735 if (status != EFI_SUCCESS)
736 return;
737
738 // Get the current attributes for the entire region
739 status = memattr->get_memory_attributes(memattr, image_base,
740 alloc_size, &attr);
741 if (status != EFI_SUCCESS) {
742 efi_warn("Failed to retrieve memory attributes for image region: 0x%lx\n",
743 status);
744 return;
745 }
746
747 // Mark the code region as read-only
748 status = memattr->set_memory_attributes(memattr, image_base, code_size,
749 EFI_MEMORY_RO);
750 if (status != EFI_SUCCESS) {
751 efi_warn("Failed to remap code region read-only\n");
752 return;
753 }
754
755 // If the entire region was already mapped as non-exec, clear the
756 // attribute from the code region. Otherwise, set it on the data
757 // region.
758 if (attr & EFI_MEMORY_XP) {
759 status = memattr->clear_memory_attributes(memattr, image_base,
760 code_size,
761 EFI_MEMORY_XP);
762 if (status != EFI_SUCCESS)
763 efi_warn("Failed to remap code region executable\n");
764 } else {
765 status = memattr->set_memory_attributes(memattr,
766 image_base + code_size,
767 alloc_size - code_size,
768 EFI_MEMORY_XP);
769 if (status != EFI_SUCCESS)
770 efi_warn("Failed to remap data region non-executable\n");
771 }
772}