mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-12 13:34:10 +08:00
0e470763d8
- implement EFI boot support for LoongArch - implement generic EFI compressed boot support for arm64, RISC-V and LoongArch, none of which implement a decompressor today - measure the kernel command line into the TPM if measured boot is in effect - refactor the EFI stub code in order to isolate DT dependencies for architectures other than x86 - avoid calling SetVirtualAddressMap() on arm64 if the configured size of the VA space guarantees that doing so is unnecessary - move some ARM specific code out of the generic EFI source files - unmap kernel code from the x86 mixed mode 1:1 page tables -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmM5mfEACgkQw08iOZLZ jySnJwv9G2nBheSlK9bbWKvCpnDvVIExtlL+mg1wB64oxPrGiWRgjxeyA9+92bT0 Y6jYfKbGOGKnxkEJQl19ik6C3JfEwtGm4SnOVp4+osFeDRB7lFemfcIYN5dqz111 wkZA/Y15rnz3tZeGaXnq2jMoFuccQDXPJtOlqbdVqFQ5Py6YT92uMyuI079pN0T+ GSu7VVOX+SBsv4nGaUKIpSVwAP0gXkS/7s7CTf47QiR2+j8WMTlQEYZVjOKZjMJZ /7hXY2/mduxnuVuT7cfx0mpZKEryUREJoBL5nDzjTnlhLb5X8cHKiaE1lx0aJ//G JYTR8lDklJZl/7RUw/IW/YodcKcofr3F36NMzWB5vzM+KHOOpv4qEZhoGnaXv94u auqhzYA83heaRjz7OISlk6kgFxdlIRE1VdrkEBXSlQeCQUv1woS+ZNVGYcKqgR0B 48b31Ogm2A0pAuba89+U9lz/n33lhIDtYvJqLO6AAPLGiVacD9ZdapN5kMftVg/1 SfhFqNzy =d8Ps -----END PGP SIGNATURE----- Merge tag 'efi-next-for-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi Pull EFI updates from Ard Biesheuvel: "A bit more going on than usual in the EFI subsystem. The main driver for this has been the introduction of the LoonArch architecture last cycle, which inspired some cleanup and refactoring of the EFI code. Another driver for EFI changes this cycle and in the future is confidential compute. The LoongArch architecture does not use either struct bootparams or DT natively [yet], and so passing information between the EFI stub and the core kernel using either of those is undesirable. And in general, overloading DT has been a source of issues on arm64, so using DT for this on new architectures is a to avoid for the time being (even if we might converge on something DT based for non-x86 architectures in the future). For this reason, in addition to the patch that enables EFI boot for LoongArch, there are a number of refactoring patches applied on top of which separate the DT bits from the generic EFI stub bits. These changes are on a separate topich branch that has been shared with the LoongArch maintainers, who will include it in their pull request as well. This is not ideal, but the best way to manage the conflicts without stalling LoongArch for another cycle. Another development inspired by LoongArch is the newly added support for EFI based decompressors. Instead of adding yet another arch-specific incarnation of this pattern for LoongArch, we are introducing an EFI app based on the existing EFI libstub infrastructure that encapulates the decompression code we use on other architectures, but in a way that is fully generic. This has been developed and tested in collaboration with distro and systemd folks, who are eager to start using this for systemd-boot and also for arm64 secure boot on Fedora. Note that the EFI zimage files this introduces can also be decompressed by non-EFI bootloaders if needed, as the image header describes the location of the payload inside the image, and the type of compression that was used. (Note that Fedora's arm64 GRUB is buggy [0] so you'll need a recent version or switch to systemd-boot in order to use this.) Finally, we are adding TPM measurement of the kernel command line provided by EFI. There is an oversight in the TCG spec which results in a blind spot for command line arguments passed to loaded images, which means that either the loader or the stub needs to take the measurement. Given the combinatorial explosion I am anticipating when it comes to firmware/bootloader stacks and firmware based attestation protocols (SEV-SNP, TDX, DICE, DRTM), it is good to set a baseline now when it comes to EFI measured boot, which is that the kernel measures the initrd and command line. Intermediate loaders can measure additional assets if needed, but with the baseline in place, we can deploy measured boot in a meaningful way even if you boot into Linux straight from the EFI firmware. Summary: - implement EFI boot support for LoongArch - implement generic EFI compressed boot support for arm64, RISC-V and LoongArch, none of which implement a decompressor today - measure the kernel command line into the TPM if measured boot is in effect - refactor the EFI stub code in order to isolate DT dependencies for architectures other than x86 - avoid calling SetVirtualAddressMap() on arm64 if the configured size of the VA space guarantees that doing so is unnecessary - move some ARM specific code out of the generic EFI source files - unmap kernel code from the x86 mixed mode 1:1 page tables" * tag 'efi-next-for-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: (24 commits) efi/arm64: libstub: avoid SetVirtualAddressMap() when possible efi: zboot: create MemoryMapped() device path for the parent if needed efi: libstub: fix up the last remaining open coded boot service call efi/arm: libstub: move ARM specific code out of generic routines efi/libstub: measure EFI LoadOptions efi/libstub: refactor the initrd measuring functions efi/loongarch: libstub: remove dependency on flattened DT efi: libstub: install boot-time memory map as config table efi: libstub: remove DT dependency from generic stub efi: libstub: unify initrd loading between architectures efi: libstub: remove pointless goto kludge efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap efi: libstub: avoid efi_get_memory_map() for allocating the virt map efi: libstub: drop pointless get_memory_map() call efi: libstub: fix type confusion for load_options_size arm64: efi: enable generic EFI compressed boot loongarch: efi: enable generic EFI compressed boot riscv: efi: enable generic EFI compressed boot efi/libstub: implement generic EFI zboot efi/libstub: move efi_system_table global var into separate object ...
136 lines
4.3 KiB
C
136 lines
4.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Linker script variables to be set after section resolution, as
|
|
* ld.lld does not like variables assigned before SECTIONS is processed.
|
|
*/
|
|
#ifndef __ARM64_KERNEL_IMAGE_VARS_H
|
|
#define __ARM64_KERNEL_IMAGE_VARS_H
|
|
|
|
#ifndef LINKER_SCRIPT
|
|
#error This file should only be included in vmlinux.lds.S
|
|
#endif
|
|
|
|
PROVIDE(__efistub_kernel_size = _edata - _text);
|
|
PROVIDE(__efistub_primary_entry_offset = primary_entry - _text);
|
|
|
|
/*
|
|
* The EFI stub has its own symbol namespace prefixed by __efistub_, to
|
|
* isolate it from the kernel proper. The following symbols are legally
|
|
* accessed by the stub, so provide some aliases to make them accessible.
|
|
* Only include data symbols here, or text symbols of functions that are
|
|
* guaranteed to be safe when executed at another offset than they were
|
|
* linked at. The routines below are all implemented in assembler in a
|
|
* position independent manner
|
|
*/
|
|
PROVIDE(__efistub_memcmp = __pi_memcmp);
|
|
PROVIDE(__efistub_memchr = __pi_memchr);
|
|
PROVIDE(__efistub_strlen = __pi_strlen);
|
|
PROVIDE(__efistub_strnlen = __pi_strnlen);
|
|
PROVIDE(__efistub_strcmp = __pi_strcmp);
|
|
PROVIDE(__efistub_strncmp = __pi_strncmp);
|
|
PROVIDE(__efistub_strrchr = __pi_strrchr);
|
|
PROVIDE(__efistub_dcache_clean_poc = __pi_dcache_clean_poc);
|
|
|
|
PROVIDE(__efistub__text = _text);
|
|
PROVIDE(__efistub__end = _end);
|
|
PROVIDE(__efistub__edata = _edata);
|
|
PROVIDE(__efistub_screen_info = screen_info);
|
|
PROVIDE(__efistub__ctype = _ctype);
|
|
|
|
PROVIDE(__pi___memcpy = __pi_memcpy);
|
|
PROVIDE(__pi___memmove = __pi_memmove);
|
|
PROVIDE(__pi___memset = __pi_memset);
|
|
|
|
#ifdef CONFIG_KVM
|
|
|
|
/*
|
|
* KVM nVHE code has its own symbol namespace prefixed with __kvm_nvhe_, to
|
|
* separate it from the kernel proper. The following symbols are legally
|
|
* accessed by it, therefore provide aliases to make them linkable.
|
|
* Do not include symbols which may not be safely accessed under hypervisor
|
|
* memory mappings.
|
|
*/
|
|
|
|
/* Alternative callbacks for init-time patching of nVHE hyp code. */
|
|
KVM_NVHE_ALIAS(kvm_patch_vector_branch);
|
|
KVM_NVHE_ALIAS(kvm_update_va_mask);
|
|
KVM_NVHE_ALIAS(kvm_get_kimage_voffset);
|
|
KVM_NVHE_ALIAS(kvm_compute_final_ctr_el0);
|
|
KVM_NVHE_ALIAS(spectre_bhb_patch_loop_iter);
|
|
KVM_NVHE_ALIAS(spectre_bhb_patch_loop_mitigation_enable);
|
|
KVM_NVHE_ALIAS(spectre_bhb_patch_wa3);
|
|
KVM_NVHE_ALIAS(spectre_bhb_patch_clearbhb);
|
|
KVM_NVHE_ALIAS(alt_cb_patch_nops);
|
|
|
|
/* Global kernel state accessed by nVHE hyp code. */
|
|
KVM_NVHE_ALIAS(kvm_vgic_global_state);
|
|
|
|
/* Kernel symbols used to call panic() from nVHE hyp code (via ERET). */
|
|
KVM_NVHE_ALIAS(nvhe_hyp_panic_handler);
|
|
|
|
/* Vectors installed by hyp-init on reset HVC. */
|
|
KVM_NVHE_ALIAS(__hyp_stub_vectors);
|
|
|
|
/* Kernel symbol used by icache_is_vpipt(). */
|
|
KVM_NVHE_ALIAS(__icache_flags);
|
|
|
|
/* VMID bits set by the KVM VMID allocator */
|
|
KVM_NVHE_ALIAS(kvm_arm_vmid_bits);
|
|
|
|
/* Static keys which are set if a vGIC trap should be handled in hyp. */
|
|
KVM_NVHE_ALIAS(vgic_v2_cpuif_trap);
|
|
KVM_NVHE_ALIAS(vgic_v3_cpuif_trap);
|
|
|
|
/* Static key checked in pmr_sync(). */
|
|
#ifdef CONFIG_ARM64_PSEUDO_NMI
|
|
KVM_NVHE_ALIAS(gic_pmr_sync);
|
|
/* Static key checked in GIC_PRIO_IRQOFF. */
|
|
KVM_NVHE_ALIAS(gic_nonsecure_priorities);
|
|
#endif
|
|
|
|
/* EL2 exception handling */
|
|
KVM_NVHE_ALIAS(__start___kvm_ex_table);
|
|
KVM_NVHE_ALIAS(__stop___kvm_ex_table);
|
|
|
|
/* Array containing bases of nVHE per-CPU memory regions. */
|
|
KVM_NVHE_ALIAS(kvm_arm_hyp_percpu_base);
|
|
|
|
/* PMU available static key */
|
|
#ifdef CONFIG_HW_PERF_EVENTS
|
|
KVM_NVHE_ALIAS(kvm_arm_pmu_available);
|
|
#endif
|
|
|
|
/* Position-independent library routines */
|
|
KVM_NVHE_ALIAS_HYP(clear_page, __pi_clear_page);
|
|
KVM_NVHE_ALIAS_HYP(copy_page, __pi_copy_page);
|
|
KVM_NVHE_ALIAS_HYP(memcpy, __pi_memcpy);
|
|
KVM_NVHE_ALIAS_HYP(memset, __pi_memset);
|
|
|
|
#ifdef CONFIG_KASAN
|
|
KVM_NVHE_ALIAS_HYP(__memcpy, __pi_memcpy);
|
|
KVM_NVHE_ALIAS_HYP(__memset, __pi_memset);
|
|
#endif
|
|
|
|
/* Kernel memory sections */
|
|
KVM_NVHE_ALIAS(__start_rodata);
|
|
KVM_NVHE_ALIAS(__end_rodata);
|
|
KVM_NVHE_ALIAS(__bss_start);
|
|
KVM_NVHE_ALIAS(__bss_stop);
|
|
|
|
/* Hyp memory sections */
|
|
KVM_NVHE_ALIAS(__hyp_idmap_text_start);
|
|
KVM_NVHE_ALIAS(__hyp_idmap_text_end);
|
|
KVM_NVHE_ALIAS(__hyp_text_start);
|
|
KVM_NVHE_ALIAS(__hyp_text_end);
|
|
KVM_NVHE_ALIAS(__hyp_bss_start);
|
|
KVM_NVHE_ALIAS(__hyp_bss_end);
|
|
KVM_NVHE_ALIAS(__hyp_rodata_start);
|
|
KVM_NVHE_ALIAS(__hyp_rodata_end);
|
|
|
|
/* pKVM static key */
|
|
KVM_NVHE_ALIAS(kvm_protected_mode_initialized);
|
|
|
|
#endif /* CONFIG_KVM */
|
|
|
|
#endif /* __ARM64_KERNEL_IMAGE_VARS_H */
|