Merge tag 'efi-next-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

+11 -3

arch/x86/boot/compressed/efi_thunk_64.S

··· 26 26 push %rbp 27 27 push %rbx 28 28 29 - leaq 1f(%rip), %rbp 30 - 31 29 movl %ds, %eax 32 30 push %rax 33 31 movl %es, %eax 34 32 push %rax 35 33 movl %ss, %eax 36 34 push %rax 35 + 36 + /* Copy args passed on stack */ 37 + movq 0x30(%rsp), %rbp 38 + movq 0x38(%rsp), %rbx 39 + movq 0x40(%rsp), %rax 37 40 38 41 /* 39 42 * Convert x86-64 ABI params to i386 ABI ··· 47 44 movl %ecx, 0x8(%rsp) 48 45 movl %r8d, 0xc(%rsp) 49 46 movl %r9d, 0x10(%rsp) 47 + movl %ebp, 0x14(%rsp) 48 + movl %ebx, 0x18(%rsp) 49 + movl %eax, 0x1c(%rsp) 50 50 51 - leaq 0x14(%rsp), %rbx 51 + leaq 0x20(%rsp), %rbx 52 52 sgdt (%rbx) 53 53 54 54 addq $16, %rbx 55 55 sidt (%rbx) 56 + 57 + leaq 1f(%rip), %rbp 56 58 57 59 /* 58 60 * Switch to IDT and GDT with 32-bit segments. This is the firmware GDT

+10 -4

arch/x86/include/asm/efi.h

··· 46 46 47 47 #define __efi_nargs(...) __efi_nargs_(__VA_ARGS__) 48 48 #define __efi_nargs_(...) __efi_nargs__(0, ##__VA_ARGS__, \ 49 + __efi_arg_sentinel(9), __efi_arg_sentinel(8), \ 49 50 __efi_arg_sentinel(7), __efi_arg_sentinel(6), \ 50 51 __efi_arg_sentinel(5), __efi_arg_sentinel(4), \ 51 52 __efi_arg_sentinel(3), __efi_arg_sentinel(2), \ 52 53 __efi_arg_sentinel(1), __efi_arg_sentinel(0)) 53 - #define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, n, ...) \ 54 + #define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, ...) \ 54 55 __take_second_arg(n, \ 55 - ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 8; })) 56 + ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 10; })) 56 57 #define __efi_arg_sentinel(n) , n 57 58 58 59 /* ··· 177 176 extern efi_status_t __efi64_thunk(u32, ...); 178 177 179 178 #define efi64_thunk(...) ({ \ 180 - __efi_nargs_check(efi64_thunk, 6, __VA_ARGS__); \ 181 - __efi64_thunk(__VA_ARGS__); \ 179 + u64 __pad[3]; /* must have space for 3 args on the stack */ \ 180 + __efi_nargs_check(efi64_thunk, 9, __VA_ARGS__); \ 181 + __efi64_thunk(__VA_ARGS__, __pad); \ 182 182 }) 183 183 184 184 static inline bool efi_is_mixed(void) ··· 307 305 /* Graphics Output Protocol */ 308 306 #define __efi64_argmap_query_mode(gop, mode, size, info) \ 309 307 ((gop), (mode), efi64_zero_upper(size), efi64_zero_upper(info)) 308 + 309 + /* TCG2 protocol */ 310 + #define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ 311 + ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) 310 312 311 313 /* 312 314 * The macros below handle the plumbing for the argument mapping. To add a

+12 -2

arch/x86/platform/efi/efi_thunk_64.S

··· 37 37 push %rax 38 38 39 39 /* 40 + * Copy args passed via the stack 41 + */ 42 + subq $0x24, %rsp 43 + movq 0x18(%rax), %rbp 44 + movq 0x20(%rax), %rbx 45 + movq 0x28(%rax), %rax 46 + movl %ebp, 0x18(%rsp) 47 + movl %ebx, 0x1c(%rsp) 48 + movl %eax, 0x20(%rsp) 49 + 50 + /* 40 51 * Calculate the physical address of the kernel text. 41 52 */ 42 53 movq $__START_KERNEL_map, %rax ··· 58 47 subq %rax, %rbp 59 48 subq %rax, %rbx 60 49 61 - subq $28, %rsp 62 50 movl %ebx, 0x0(%rsp) /* return address */ 63 51 movl %esi, 0x4(%rsp) 64 52 movl %edx, 0x8(%rsp) ··· 70 60 pushq %rdi /* EFI runtime service address */ 71 61 lretq 72 62 73 - 1: movq 24(%rsp), %rsp 63 + 1: movq 0x20(%rsp), %rsp 74 64 pop %rbx 75 65 pop %rbp 76 66 retq

+2 -1

drivers/firmware/efi/efivars.c

··· 352 352 &efivar_attr_raw_var.attr, 353 353 NULL, 354 354 }; 355 + ATTRIBUTE_GROUPS(def); 355 356 356 357 static struct kobj_type efivar_ktype = { 357 358 .release = efivar_release, 358 359 .sysfs_ops = &efivar_attr_ops, 359 - .default_attrs = def_attrs, 360 + .default_groups = def_groups, 360 361 }; 361 362 362 363 static ssize_t efivar_create(struct file *filp, struct kobject *kobj,

+3 -1

drivers/firmware/efi/esrt.c

··· 146 146 &esre_last_attempt_status.attr, 147 147 NULL 148 148 }; 149 + ATTRIBUTE_GROUPS(esre1); 150 + 149 151 static void esre_release(struct kobject *kobj) 150 152 { 151 153 struct esre_entry *entry = to_entry(kobj); ··· 159 157 static struct kobj_type esre1_ktype = { 160 158 .release = esre_release, 161 159 .sysfs_ops = &esre_attr_ops, 162 - .default_attrs = esre1_attrs, 160 + .default_groups = esre1_groups, 163 161 }; 164 162 165 163

+61 -12

drivers/firmware/efi/libstub/efi-stub-helper.c

··· 20 20 21 21 bool efi_nochunk; 22 22 bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE); 23 - bool efi_noinitrd; 24 23 int efi_loglevel = CONSOLE_LOGLEVEL_DEFAULT; 25 24 bool efi_novamap; 26 25 26 + static bool efi_noinitrd; 27 27 static bool efi_nosoftreserve; 28 28 static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA); 29 29 ··· 625 625 load_addr, load_size); 626 626 } 627 627 628 + static const struct { 629 + efi_tcg2_event_t event_data; 630 + efi_tcg2_tagged_event_t tagged_event; 631 + u8 tagged_event_data[]; 632 + } initrd_tcg2_event = { 633 + { 634 + sizeof(initrd_tcg2_event) + sizeof("Linux initrd"), 635 + { 636 + sizeof(initrd_tcg2_event.event_data.event_header), 637 + EFI_TCG2_EVENT_HEADER_VERSION, 638 + 9, 639 + EV_EVENT_TAG, 640 + }, 641 + }, 642 + { 643 + INITRD_EVENT_TAG_ID, 644 + sizeof("Linux initrd"), 645 + }, 646 + { "Linux initrd" }, 647 + }; 648 + 649 + static void efi_measure_initrd(unsigned long load_addr, unsigned long load_size) 650 + { 651 + efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID; 652 + efi_tcg2_protocol_t *tcg2 = NULL; 653 + efi_status_t status; 654 + 655 + efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2); 656 + if (tcg2) { 657 + status = efi_call_proto(tcg2, hash_log_extend_event, 658 + 0, load_addr, load_size, 659 + &initrd_tcg2_event.event_data); 660 + if (status != EFI_SUCCESS) 661 + efi_warn("Failed to measure initrd data: 0x%lx\n", 662 + status); 663 + else 664 + efi_info("Measured initrd data into PCR %d\n", 665 + initrd_tcg2_event.event_data.event_header.pcr_index); 666 + } 667 + } 668 + 628 669 /** 629 670 * efi_load_initrd() - Load initial RAM disk 630 671 * @image: EFI loaded image protocol ··· 684 643 { 685 644 efi_status_t status; 686 645 687 - if (!load_addr || !load_size) 688 - return EFI_INVALID_PARAMETER; 689 - 690 - status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); 691 - if (status == EFI_SUCCESS) { 692 - efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); 693 - } else if (status == EFI_NOT_FOUND) { 694 - status = efi_load_initrd_cmdline(image, load_addr, load_size, 695 - soft_limit, hard_limit); 696 - if (status == EFI_SUCCESS && *load_size > 0) 697 - efi_info("Loaded initrd from command line option\n"); 646 + if (efi_noinitrd) { 647 + *load_addr = *load_size = 0; 648 + status = EFI_SUCCESS; 649 + } else { 650 + status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); 651 + if (status == EFI_SUCCESS) { 652 + efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); 653 + if (*load_size > 0) 654 + efi_measure_initrd(*load_addr, *load_size); 655 + } else if (status == EFI_NOT_FOUND) { 656 + status = efi_load_initrd_cmdline(image, load_addr, load_size, 657 + soft_limit, hard_limit); 658 + if (status == EFI_SUCCESS && *load_size > 0) 659 + efi_info("Loaded initrd from command line option\n"); 660 + } 661 + if (status != EFI_SUCCESS) { 662 + efi_err("Failed to load initrd: 0x%lx\n", status); 663 + *load_addr = *load_size = 0; 664 + } 698 665 } 699 666 700 667 return status;

+2 -8

drivers/firmware/efi/libstub/efi-stub.c

··· 134 134 enum efi_secureboot_mode secure_boot; 135 135 struct screen_info *si; 136 136 efi_properties_table_t *prop_tbl; 137 - unsigned long max_addr; 138 137 139 138 efi_system_table = sys_table_arg; 140 139 ··· 239 240 if (!fdt_addr) 240 241 efi_info("Generating empty DTB\n"); 241 242 242 - if (!efi_noinitrd) { 243 - max_addr = efi_get_max_initrd_addr(image_addr); 244 - status = efi_load_initrd(image, &initrd_addr, &initrd_size, 245 - ULONG_MAX, max_addr); 246 - if (status != EFI_SUCCESS) 247 - efi_err("Failed to load initrd!\n"); 248 - } 243 + efi_load_initrd(image, &initrd_addr, &initrd_size, ULONG_MAX, 244 + efi_get_max_initrd_addr(image_addr)); 249 245 250 246 efi_random_get_seed(); 251 247

+28 -2

drivers/firmware/efi/libstub/efistub.h

··· 31 31 32 32 extern bool efi_nochunk; 33 33 extern bool efi_nokaslr; 34 - extern bool efi_noinitrd; 35 34 extern int efi_loglevel; 36 35 extern bool efi_novamap; 37 36 ··· 666 667 667 668 typedef u32 efi_tcg2_event_log_format; 668 669 670 + #define INITRD_EVENT_TAG_ID 0x8F3B22ECU 671 + #define EV_EVENT_TAG 0x00000006U 672 + #define EFI_TCG2_EVENT_HEADER_VERSION 0x1 673 + 674 + struct efi_tcg2_event { 675 + u32 event_size; 676 + struct { 677 + u32 header_size; 678 + u16 header_version; 679 + u32 pcr_index; 680 + u32 event_type; 681 + } __packed event_header; 682 + /* u8[] event follows here */ 683 + } __packed; 684 + 685 + struct efi_tcg2_tagged_event { 686 + u32 tagged_event_id; 687 + u32 tagged_event_data_size; 688 + /* u8 tagged event data follows here */ 689 + } __packed; 690 + 691 + typedef struct efi_tcg2_event efi_tcg2_event_t; 692 + typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t; 669 693 typedef union efi_tcg2_protocol efi_tcg2_protocol_t; 670 694 671 695 union efi_tcg2_protocol { ··· 699 677 efi_physical_addr_t *, 700 678 efi_physical_addr_t *, 701 679 efi_bool_t *); 702 - void *hash_log_extend_event; 680 + efi_status_t (__efiapi *hash_log_extend_event)(efi_tcg2_protocol_t *, 681 + u64, 682 + efi_physical_addr_t, 683 + u64, 684 + const efi_tcg2_event_t *); 703 685 void *submit_command; 704 686 void *get_active_pcr_banks; 705 687 void *set_active_pcr_banks;

+10 -16

drivers/firmware/efi/libstub/x86-stub.c

··· 673 673 unsigned long bzimage_addr = (unsigned long)startup_32; 674 674 unsigned long buffer_start, buffer_end; 675 675 struct setup_header *hdr = &boot_params->hdr; 676 + unsigned long addr, size; 676 677 efi_status_t status; 677 678 678 679 efi_system_table = sys_table_arg; ··· 762 761 * arguments will be processed only if image is not NULL, which will be 763 762 * the case only if we were loaded via the PE entry point. 764 763 */ 765 - if (!efi_noinitrd) { 766 - unsigned long addr, size; 767 - 768 - status = efi_load_initrd(image, &addr, &size, 769 - hdr->initrd_addr_max, ULONG_MAX); 770 - 771 - if (status != EFI_SUCCESS) { 772 - efi_err("Failed to load initrd!\n"); 773 - goto fail; 774 - } 775 - if (size > 0) { 776 - efi_set_u64_split(addr, &hdr->ramdisk_image, 777 - &boot_params->ext_ramdisk_image); 778 - efi_set_u64_split(size, &hdr->ramdisk_size, 779 - &boot_params->ext_ramdisk_size); 780 - } 764 + status = efi_load_initrd(image, &addr, &size, hdr->initrd_addr_max, 765 + ULONG_MAX); 766 + if (status != EFI_SUCCESS) 767 + goto fail; 768 + if (size > 0) { 769 + efi_set_u64_split(addr, &hdr->ramdisk_image, 770 + &boot_params->ext_ramdisk_image); 771 + efi_set_u64_split(size, &hdr->ramdisk_size, 772 + &boot_params->ext_ramdisk_size); 781 773 } 782 774 783 775 /*

+2 -1

drivers/firmware/efi/runtime-map.c

··· 79 79 &map_attribute_attr.attr, 80 80 NULL 81 81 }; 82 + ATTRIBUTE_GROUPS(def); 82 83 83 84 static const struct sysfs_ops map_attr_ops = { 84 85 .show = map_attr_show, ··· 95 94 96 95 static struct kobj_type __refdata map_ktype = { 97 96 .sysfs_ops = &map_attr_ops, 98 - .default_attrs = def_attrs, 97 + .default_groups = def_groups, 99 98 .release = map_release, 100 99 }; 101 100

+3 -3

include/linux/efi.h

··· 570 570 unsigned long flags; 571 571 } efi; 572 572 573 - #define EFI_RT_SUPPORTED_GET_TIME 0x0001 574 - #define EFI_RT_SUPPORTED_SET_TIME 0x0002 573 + #define EFI_RT_SUPPORTED_GET_TIME 0x0001 574 + #define EFI_RT_SUPPORTED_SET_TIME 0x0002 575 575 #define EFI_RT_SUPPORTED_GET_WAKEUP_TIME 0x0004 576 576 #define EFI_RT_SUPPORTED_SET_WAKEUP_TIME 0x0008 577 577 #define EFI_RT_SUPPORTED_GET_VARIABLE 0x0010 ··· 838 838 #define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x0000000000000020 839 839 #define EFI_VARIABLE_APPEND_WRITE 0x0000000000000040 840 840 841 - #define EFI_VARIABLE_MASK (EFI_VARIABLE_NON_VOLATILE | \ 841 + #define EFI_VARIABLE_MASK (EFI_VARIABLE_NON_VOLATILE | \ 842 842 EFI_VARIABLE_BOOTSERVICE_ACCESS | \ 843 843 EFI_VARIABLE_RUNTIME_ACCESS | \ 844 844 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \

Configure Feed

Configure Feed