OvmfPkg/X86QemuLoadImageLib: support booting via shim

Try load shim first. In case that succeeded update the command line to list 'kernel' first so shim will fetch the kernel from the kernel loader file system. This allows to use direct kernel boot with distro kernels and secure boot enabled. Usually distro kernels can only be verified by distro shim using the distro keys compiled into the shim binary. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2024-04-10 17:25:03 +02:00 · 2024-04-10 17:25:03 +02:00 · 3da39f2cb6
parent c45051450e
commit 3da39f2cb6
1 changed files with 54 additions and 2 deletions
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@ -57,6 +57,25 @@ STATIC CONST KERNEL_VENMEDIA_FILE_DEVPATH  mKernelDevicePath = {
  }
 };

+STATIC CONST KERNEL_VENMEDIA_FILE_DEVPATH  mShimDevicePath = {
+  {
+    {
+      MEDIA_DEVICE_PATH, MEDIA_VENDOR_DP,
+      { sizeof (VENDOR_DEVICE_PATH)       }
+    },
+    QEMU_KERNEL_LOADER_FS_MEDIA_GUID
+  },  {
+    {
+      MEDIA_DEVICE_PATH, MEDIA_FILEPATH_DP,
+      { sizeof (KERNEL_FILE_DEVPATH)      }
+    },
+    L"shim",
+  },  {
+    END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE,
+    { sizeof (EFI_DEVICE_PATH_PROTOCOL) }
+  }
+};
+
 STATIC
 VOID
 FreeLegacyImage (
@ -339,6 +358,7 @@ QemuLoadKernelImage (
  UINTN                      CommandLineSize;
  CHAR8                      *CommandLine;
  UINTN                      InitrdSize;
+  BOOLEAN                    Shim;

  //
  // Redundant assignment to work around GCC48/GCC49 limitations.
@ -348,6 +368,28 @@ QemuLoadKernelImage (
  //
  // Load the image. This should call back into the QEMU EFI loader file system.
  //
+  Status = gBS->LoadImage (
+                  FALSE,                    // BootPolicy: exact match required
+                  gImageHandle,             // ParentImageHandle
+                  (EFI_DEVICE_PATH_PROTOCOL *)&mShimDevicePath,
+                  NULL,                     // SourceBuffer
+                  0,                        // SourceSize
+                  &KernelImageHandle
+                  );
+  if (Status == EFI_SUCCESS) {
+    Shim = TRUE;
+    DEBUG ((DEBUG_INFO, "%a: booting via shim\n", __func__));
+  } else {
+    Shim = FALSE;
+    if (Status == EFI_SECURITY_VIOLATION) {
+      gBS->UnloadImage (KernelImageHandle);
+    }
+
+    if (Status != EFI_NOT_FOUND) {
+      DEBUG ((DEBUG_INFO, "%a: LoadImage(shim): %r\n", __func__, Status));
+      return Status;
+    }
+
    Status = gBS->LoadImage (
                    FALSE,                  // BootPolicy: exact match required
                    gImageHandle,           // ParentImageHandle
@ -356,6 +398,8 @@ QemuLoadKernelImage (
                    0,                      // SourceSize
                    &KernelImageHandle
                    );
+  }
+
  switch (Status) {
    case EFI_SUCCESS:
      break;
@ -465,6 +509,13 @@ QemuLoadKernelImage (
    KernelLoadedImage->LoadOptionsSize += sizeof (L" initrd=initrd") - 2;
  }

+  if (Shim) {
+    //
+    // Prefix 'kernel ' in UTF-16.
+    //
+    KernelLoadedImage->LoadOptionsSize += sizeof (L"kernel ") - 2;
+  }
+
  if (KernelLoadedImage->LoadOptionsSize == 0) {
    KernelLoadedImage->LoadOptions = NULL;
  } else {
@ -485,7 +536,8 @@ QemuLoadKernelImage (
    UnicodeSPrintAsciiFormat (
      KernelLoadedImage->LoadOptions,
      KernelLoadedImage->LoadOptionsSize,
-      "%a%a",
+      "%a%a%a",
+      (Shim == FALSE)        ?  "" : "kernel ",
      (CommandLineSize == 0) ?  "" : CommandLine,
      (InitrdSize == 0)      ?  "" : " initrd=initrd"
      );