From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web11.49653.1683207180567825927
 for <devel@edk2.groups.io>;
 Thu, 04 May 2023 06:33:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PFBmk17J;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1683207179;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=NCFLcRlF5rpAWSq/U3shL6jpm2yVCs7AohDzPQcQRGs=;
	b=PFBmk17JMY3kcNJAMxoc3BY+++F9rhWHXqIamtLsWlRpswIjcBx/uvQT57tKs/wFu0FiB3
	Mde2vdLJTAdEkAljwpCY/tIG9RNZl9bv2B3H1qKbjexlyQe1bGMcHpkiX25h7itAhbbNBw
	jIST51WiIP06symSLvxs1PxvBQMlz3Y=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-98-k666-E_3MIeZR9Sp4QWSmA-1; Thu, 04 May 2023 09:32:56 -0400
X-MC-Unique: k666-E_3MIeZR9Sp4QWSmA-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 55FBE28082A2;
	Thu,  4 May 2023 13:32:53 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.48])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 935232166B30;
	Thu,  4 May 2023 13:32:52 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 4F809180092D; Thu,  4 May 2023 15:32:51 +0200 (CEST)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Min Xu <min.m.xu@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Stefan Berger <stefanb@linux.ibm.com>,
	Julien Grall <julien@xen.org>,
	Anthony Perard <anthony.perard@citrix.com>,
	=?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Oliver Steffen <osteffen@redhat.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Pawel Polawski <ppolawsk@redhat.com>,
	Michael Roth <michael.roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 1/3] OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware
Date: Thu,  4 May 2023 15:32:49 +0200
Message-Id: <20230504133251.1031341-2-kraxel@redhat.com>
In-Reply-To: <20230504133251.1031341-1-kraxel@redhat.com>
References: <20230504133251.1031341-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true

Add new PCD PcdBootRestrictToFirmware.  When set to TRUE restrict
boot options to EFI applications embedded into the firmware image.

Behavior should be identical to the PlatformBootManagerLibGrub
library variant.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/OvmfPkg.dec                           |  3 +
 .../PlatformBootManagerLib.inf                |  2 +
 .../PlatformBootManagerLib/BdsPlatform.c      | 70 +++++++++++++++++--
 3 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 749fbd3b6bf4..9801e40ecf4e 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -422,6 +422,9 @@ [PcdsFixedAtBuild]
   #  check to decide whether to abort dispatch of the driver it is linked into.
   gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|""|VOID*|0x68
 
+  ## Restrict boot to EFI applications in firmware volumes.
+  gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c
+
 [PcdsDynamic, PcdsDynamicEx]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c249a3cf1e35..6b396eac7daf 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -61,6 +61,7 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
+  gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
   gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
   gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate         ## CONSUMES
@@ -84,3 +85,4 @@ [Guids]
   gEfiGlobalVariableGuid
   gRootBridgesConnectedEventGroupGuid
   gUefiShellFileGuid
+  gGrubFileGuid
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index a90076c9e672..903602d5312d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -290,6 +290,46 @@ RemoveStaleFvFileOptions (
   EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);
 }
 
+VOID
+RestrictBootOptionsToFirmware (
+  VOID
+  )
+{
+  EFI_BOOT_MANAGER_LOAD_OPTION  *BootOptions;
+  UINTN                         BootOptionCount;
+  UINTN                         Index;
+
+  BootOptions = EfiBootManagerGetLoadOptions (
+                  &BootOptionCount,
+                  LoadOptionTypeBoot
+                  );
+
+  for (Index = 0; Index < BootOptionCount; ++Index) {
+    EFI_DEVICE_PATH_PROTOCOL  *Node1;
+
+    //
+    // If the device path starts with Fv(...),
+    // then keep the boot option.
+    //
+    Node1 = BootOptions[Index].FilePath;
+    if (((DevicePathType (Node1) == MEDIA_DEVICE_PATH) &&
+         (DevicePathSubType (Node1) == MEDIA_PIWG_FW_VOL_DP)))
+    {
+      continue;
+    }
+
+    //
+    // Delete the boot option.
+    //
+    EfiBootManagerDeleteLoadOptionVariable (
+      BootOptions[Index].OptionNumber,
+      LoadOptionTypeBoot
+      );
+  }
+
+  EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);
+}
+
 VOID
 PlatformRegisterOptionsAndKeys (
   VOID
@@ -485,7 +525,9 @@ PlatformBootManagerBeforeConsole (
     Status
     ));
 
-  PlatformRegisterOptionsAndKeys ();
+  if (!FeaturePcdGet (PcdBootRestrictToFirmware)) {
+    PlatformRegisterOptionsAndKeys ();
+  }
 
   //
   // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL
@@ -1707,9 +1749,12 @@ PlatformBootManagerAfterConsole (
   //
   // Perform some platform specific connect sequence
   //
-  PlatformBdsConnectSequence ();
-
-  EfiBootManagerRefreshAllBootOption ();
+  if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+    RestrictBootOptionsToFirmware ();
+  } else {
+    PlatformBdsConnectSequence ();
+    EfiBootManagerRefreshAllBootOption ();
+  }
 
   //
   // Register UEFI Shell
@@ -1720,6 +1765,15 @@ PlatformBootManagerAfterConsole (
     LOAD_OPTION_ACTIVE
     );
 
+  //
+  // Register Grub
+  //
+  PlatformRegisterFvBootOption (
+    &gGrubFileGuid,
+    L"Grub Bootloader",
+    LOAD_OPTION_ACTIVE
+    );
+
   RemoveStaleFvFileOptions ();
   SetBootOrderFromQemu ();
 
@@ -1888,6 +1942,14 @@ PlatformBootManagerUnableToBoot (
   EFI_BOOT_MANAGER_LOAD_OPTION  BootManagerMenu;
   UINTN                         Index;
 
+  if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+    AsciiPrint (
+      "%a: No bootable option was found.\n",
+      gEfiCallerBaseName
+      );
+    CpuDeadLoop ();
+  }
+
   //
   // BootManagerMenu doesn't contain the correct information when return status
   // is EFI_NOT_FOUND.
-- 
2.40.1