From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.20160.1683263855749496387 for ; Thu, 04 May 2023 22:17:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ITTcWZ+V; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683263854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K4NCTQRXos73gVE5c4ZIPAWNaliPwRMjC63svMegqF4=; b=ITTcWZ+VWtxT9IqTLC+MSmWn0bghj7mJNUax/zm/9YWGqdyaMS8OWC+nIptiQgQnMXJxLP YNkOe8aF+pLJ6VTFgmv8+8uuteja9zdNt3vt/TTS3/cYL11vqxgcWw9MG92s1hRPr5E+rQ E8J93DkKx+dIQBT4940D3Xks7R1zXws= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-537-gCa6BSpDOVitAGD7k4zgiA-1; Fri, 05 May 2023 01:17:30 -0400 X-MC-Unique: gCa6BSpDOVitAGD7k4zgiA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C288385A5B1; Fri, 5 May 2023 05:17:29 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.60]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CB21111E3F2; Fri, 5 May 2023 05:17:29 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id E759E18003BA; Fri, 5 May 2023 07:17:27 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Jordan Justen , Stefan Berger , Gerd Hoffmann , Tom Lendacky , Jiewen Yao , Anthony Perard , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Ard Biesheuvel , Erdem Aktas , Oliver Steffen , Min Xu , James Bottomley , Julien Grall , Michael Roth , Pawel Polawski , Jiewen Yao , Ard Biesheuvel Subject: [PATCH v2 1/4] OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware Date: Fri, 5 May 2023 07:17:24 +0200 Message-Id: <20230505051727.56748-2-kraxel@redhat.com> In-Reply-To: <20230505051727.56748-1-kraxel@redhat.com> References: <20230505051727.56748-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Add new PCD PcdBootRestrictToFirmware. When set to TRUE restrict boot options to EFI applications embedded into the firmware image. Behavior should be identical to the PlatformBootManagerLibGrub library variant. Signed-off-by: Gerd Hoffmann Acked-by: Jiewen Yao Acked-by: Ard Biesheuvel --- OvmfPkg/OvmfPkg.dec | 3 + .../PlatformBootManagerLib.inf | 2 + .../PlatformBootManagerLib/BdsPlatform.c | 70 +++++++++++++++++-- 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 03ae29e7b034..cc5a4ceead25 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -422,6 +422,9 @@ [PcdsFixedAtBuild] # check to decide whether to abort dispatch of the driver it is linked into. gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|""|VOID*|0x68 + ## Restrict boot to EFI applications in firmware volumes. + gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e35..6b396eac7daf 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -61,6 +61,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES @@ -84,3 +85,4 @@ [Guids] gEfiGlobalVariableGuid gRootBridgesConnectedEventGroupGuid gUefiShellFileGuid + gGrubFileGuid diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 3b7dc53e9f86..8dc2bbf97371 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -290,6 +290,46 @@ RemoveStaleFvFileOptions ( EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); } +VOID +RestrictBootOptionsToFirmware ( + VOID + ) +{ + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + UINTN Index; + + BootOptions = EfiBootManagerGetLoadOptions ( + &BootOptionCount, + LoadOptionTypeBoot + ); + + for (Index = 0; Index < BootOptionCount; ++Index) { + EFI_DEVICE_PATH_PROTOCOL *Node1; + + // + // If the device path starts with Fv(...), + // then keep the boot option. + // + Node1 = BootOptions[Index].FilePath; + if (((DevicePathType (Node1) == MEDIA_DEVICE_PATH) && + (DevicePathSubType (Node1) == MEDIA_PIWG_FW_VOL_DP))) + { + continue; + } + + // + // Delete the boot option. + // + EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, + LoadOptionTypeBoot + ); + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + VOID PlatformRegisterOptionsAndKeys ( VOID @@ -485,7 +525,9 @@ PlatformBootManagerBeforeConsole ( Status )); - PlatformRegisterOptionsAndKeys (); + if (!FeaturePcdGet (PcdBootRestrictToFirmware)) { + PlatformRegisterOptionsAndKeys (); + } // // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL @@ -1754,9 +1796,12 @@ PlatformBootManagerAfterConsole ( // // Perform some platform specific connect sequence // - PlatformBdsConnectSequence (); - - EfiBootManagerRefreshAllBootOption (); + if (FeaturePcdGet (PcdBootRestrictToFirmware)) { + RestrictBootOptionsToFirmware (); + } else { + PlatformBdsConnectSequence (); + EfiBootManagerRefreshAllBootOption (); + } // // Register UEFI Shell @@ -1767,6 +1812,15 @@ PlatformBootManagerAfterConsole ( LOAD_OPTION_ACTIVE ); + // + // Register Grub + // + PlatformRegisterFvBootOption ( + &gGrubFileGuid, + L"Grub Bootloader", + LOAD_OPTION_ACTIVE + ); + RemoveStaleFvFileOptions (); SetBootOrderFromQemu (); @@ -1935,6 +1989,14 @@ PlatformBootManagerUnableToBoot ( EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu; UINTN Index; + if (FeaturePcdGet (PcdBootRestrictToFirmware)) { + AsciiPrint ( + "%a: No bootable option was found.\n", + gEfiCallerBaseName + ); + CpuDeadLoop (); + } + // // BootManagerMenu doesn't contain the correct information when return status // is EFI_NOT_FOUND. -- 2.40.1