Loader protocol (with Device Path resolution support) #656
Conversation
kukrimate
force-pushed
the
loader-protocol
branch
3 times, most recently
from
d57be0b to
b997ca7
Compare
kukrimate
force-pushed
the
loader-protocol
branch
from
d748616 to
b5556cd
Compare
kukrimate
force-pushed
the
loader-protocol
branch
from
b5556cd to
a791a4f
Compare
Define a new protocol for loading and starting images, encapsulating shim's PE loading facilities and verification/authentication against the same set of certificates that shim_lock::verify() authenticates against. This removes the need for loaders like GRUB to implement their own PE loader in order to be able to invoke loaded images as PE applications, rather than implementing a bespoke OS dependent handover protocol (e.g., invoke Linux via its EFI stub) Signed-off-by: Ard Biesheuvel <[email protected]>
Currently the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL and EFI_LOAD_FILE2_PROTOCOL are supported. Signed-off-by: Mate Kukri <[email protected]>
This will bring SBAT enforcement in-line with the shim_lock protocol. Signed-off-by: Mate Kukri <[email protected]>
…in_protocol This isn't desirable when GRUB has control of the screen, and would mess its content up. Signed-off-by: Mate Kukri <[email protected]>
…et's respect this Signed-off-by: Mate Kukri <[email protected]>
kukrimate
force-pushed
the
loader-protocol
branch
from
15f9540 to
4f99c12
Compare
kukrimate
changed the title
| /* get file size */ | ||
| bprop->size = 0; /* this shouldn't be read when Buffer=NULL but better be safe */ | ||
| status = lf2->LoadFile(lf2, bprop->dp, /*BootPolicy=*/false, &bprop->size, NULL); | ||
| /* NOTE: the spec is somewhat ambiguous what is the correct return status code |
|
This is actually looking pretty good. Thank you for getting it this far! Some of the comment style is unfamiliar to me and may be fine, but it might be worth using a single style for the multi-line ones. That's really a nit though. I have gotten this to work, but will do more testing with this on Monday. |
|
When trying to load a kernel with an untrusted signature, we end up with the following error message:
"bad shim signature" seems misleading. Otherwise this generally works for me. This also needs a signed-off-by, but you know that. :) |
|
Here's a quick cleanup pass, mostly this needs Signed-off-bys from @vathpela on those three patches: https://github.com/jsetje/shim/tree/loader-protocol-nit-cleanup |
This rebases the current loader protocol work on main and adds support for loading executables if only a device path is provided. Currently the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL and EFI_LOAD_FILE2_PROTOCOL are supported, which should be sufficient for most users.