root/arch/x86/xen/efi.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. xen_efi_probe
  2. xen_efi_get_secureboot
  3. xen_efi_init
   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * Copyright (c) 2014 Oracle Co., Daniel Kiper
   4  */
   5 
   6 #include <linux/bitops.h>
   7 #include <linux/efi.h>
   8 #include <linux/init.h>
   9 #include <linux/string.h>
  10 
  11 #include <xen/xen.h>
  12 #include <xen/xen-ops.h>
  13 #include <xen/interface/platform.h>
  14 
  15 #include <asm/page.h>
  16 #include <asm/setup.h>
  17 #include <asm/xen/hypercall.h>
  18 
  19 static efi_char16_t vendor[100] __initdata;
  20 
  21 static efi_system_table_t efi_systab_xen __initdata = {
  22         .hdr = {
  23                 .signature      = EFI_SYSTEM_TABLE_SIGNATURE,
  24                 .revision       = 0, /* Initialized later. */
  25                 .headersize     = 0, /* Ignored by Linux Kernel. */
  26                 .crc32          = 0, /* Ignored by Linux Kernel. */
  27                 .reserved       = 0
  28         },
  29         .fw_vendor      = EFI_INVALID_TABLE_ADDR, /* Initialized later. */
  30         .fw_revision    = 0,                      /* Initialized later. */
  31         .con_in_handle  = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  32         .con_in         = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  33         .con_out_handle = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  34         .con_out        = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  35         .stderr_handle  = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  36         .stderr         = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */
  37         .runtime        = (efi_runtime_services_t *)EFI_INVALID_TABLE_ADDR,
  38                                                   /* Not used under Xen. */
  39         .boottime       = (efi_boot_services_t *)EFI_INVALID_TABLE_ADDR,
  40                                                   /* Not used under Xen. */
  41         .nr_tables      = 0,                      /* Initialized later. */
  42         .tables         = EFI_INVALID_TABLE_ADDR  /* Initialized later. */
  43 };
  44 
  45 static efi_system_table_t __init *xen_efi_probe(void)
  46 {
  47         struct xen_platform_op op = {
  48                 .cmd = XENPF_firmware_info,
  49                 .u.firmware_info = {
  50                         .type = XEN_FW_EFI_INFO,
  51                         .index = XEN_FW_EFI_CONFIG_TABLE
  52                 }
  53         };
  54         union xenpf_efi_info *info = &op.u.firmware_info.u.efi_info;
  55 
  56         if (!xen_initial_domain() || HYPERVISOR_platform_op(&op) < 0)
  57                 return NULL;
  58 
  59         /* Here we know that Xen runs on EFI platform. */
  60         xen_efi_runtime_setup();
  61 
  62         efi_systab_xen.tables = info->cfg.addr;
  63         efi_systab_xen.nr_tables = info->cfg.nent;
  64 
  65         op.cmd = XENPF_firmware_info;
  66         op.u.firmware_info.type = XEN_FW_EFI_INFO;
  67         op.u.firmware_info.index = XEN_FW_EFI_VENDOR;
  68         info->vendor.bufsz = sizeof(vendor);
  69         set_xen_guest_handle(info->vendor.name, vendor);
  70 
  71         if (HYPERVISOR_platform_op(&op) == 0) {
  72                 efi_systab_xen.fw_vendor = __pa_symbol(vendor);
  73                 efi_systab_xen.fw_revision = info->vendor.revision;
  74         } else
  75                 efi_systab_xen.fw_vendor = __pa_symbol(L"UNKNOWN");
  76 
  77         op.cmd = XENPF_firmware_info;
  78         op.u.firmware_info.type = XEN_FW_EFI_INFO;
  79         op.u.firmware_info.index = XEN_FW_EFI_VERSION;
  80 
  81         if (HYPERVISOR_platform_op(&op) == 0)
  82                 efi_systab_xen.hdr.revision = info->version;
  83 
  84         op.cmd = XENPF_firmware_info;
  85         op.u.firmware_info.type = XEN_FW_EFI_INFO;
  86         op.u.firmware_info.index = XEN_FW_EFI_RT_VERSION;
  87 
  88         if (HYPERVISOR_platform_op(&op) == 0)
  89                 efi.runtime_version = info->version;
  90 
  91         return &efi_systab_xen;
  92 }
  93 
  94 /*
  95  * Determine whether we're in secure boot mode.
  96  *
  97  * Please keep the logic in sync with
  98  * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
  99  */
 100 static enum efi_secureboot_mode xen_efi_get_secureboot(void)
 101 {
 102         static efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
 103         static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
 104         efi_status_t status;
 105         u8 moksbstate, secboot, setupmode;
 106         unsigned long size;
 107 
 108         size = sizeof(secboot);
 109         status = efi.get_variable(L"SecureBoot", &efi_variable_guid,
 110                                   NULL, &size, &secboot);
 111 
 112         if (status == EFI_NOT_FOUND)
 113                 return efi_secureboot_mode_disabled;
 114 
 115         if (status != EFI_SUCCESS)
 116                 goto out_efi_err;
 117 
 118         size = sizeof(setupmode);
 119         status = efi.get_variable(L"SetupMode", &efi_variable_guid,
 120                                   NULL, &size, &setupmode);
 121 
 122         if (status != EFI_SUCCESS)
 123                 goto out_efi_err;
 124 
 125         if (secboot == 0 || setupmode == 1)
 126                 return efi_secureboot_mode_disabled;
 127 
 128         /* See if a user has put the shim into insecure mode. */
 129         size = sizeof(moksbstate);
 130         status = efi.get_variable(L"MokSBStateRT", &shim_guid,
 131                                   NULL, &size, &moksbstate);
 132 
 133         /* If it fails, we don't care why. Default to secure. */
 134         if (status != EFI_SUCCESS)
 135                 goto secure_boot_enabled;
 136 
 137         if (moksbstate == 1)
 138                 return efi_secureboot_mode_disabled;
 139 
 140  secure_boot_enabled:
 141         pr_info("UEFI Secure Boot is enabled.\n");
 142         return efi_secureboot_mode_enabled;
 143 
 144  out_efi_err:
 145         pr_err("Could not determine UEFI Secure Boot status.\n");
 146         return efi_secureboot_mode_unknown;
 147 }
 148 
 149 void __init xen_efi_init(struct boot_params *boot_params)
 150 {
 151         efi_system_table_t *efi_systab_xen;
 152 
 153         efi_systab_xen = xen_efi_probe();
 154 
 155         if (efi_systab_xen == NULL)
 156                 return;
 157 
 158         strncpy((char *)&boot_params->efi_info.efi_loader_signature, "Xen",
 159                         sizeof(boot_params->efi_info.efi_loader_signature));
 160         boot_params->efi_info.efi_systab = (__u32)__pa(efi_systab_xen);
 161         boot_params->efi_info.efi_systab_hi = (__u32)(__pa(efi_systab_xen) >> 32);
 162 
 163         boot_params->secure_boot = xen_efi_get_secureboot();
 164 
 165         set_bit(EFI_BOOT, &efi.flags);
 166         set_bit(EFI_PARAVIRT, &efi.flags);
 167         set_bit(EFI_64BIT, &efi.flags);
 168 }
/* [<][>][^][v][top][bottom][index][help] */