Commit ec4cf5db authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'efi-fixes-for-v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi 

Pull EFI fixes from Ard Biesheuvel:

 - fixes for the EFI variable store refactor that landed in v6.0

 - fixes for issues that were introduced during the merge window

 - back out some changes related to EFI zboot signing - we'll add a
   better solution for this during the next cycle

* tag 'efi-fixes-for-v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0
  efi: libstub: Fix incorrect payload size in zboot header
  efi: libstub: Give efi_main() asmlinkage qualification
  efi: efivars: Fix variable writes without query_variable_store()
  efi: ssdt: Don't free memory if ACPI table was loaded successfully
  efi: libstub: Remove zboot signing from build options
parents e97eace6 37926f96

drivers/firmware/efi/Kconfig

+0 −22
Original line number Diff line number Diff line
@@ -124,28 +124,6 @@ config EFI_ZBOOT 
	  is supported by the encapsulated image. (The compression algorithm

	  used is described in the zboot image header)



config EFI_ZBOOT_SIGNED

	def_bool y

	depends on EFI_ZBOOT_SIGNING_CERT != ""

	depends on EFI_ZBOOT_SIGNING_KEY != ""



config EFI_ZBOOT_SIGNING

	bool "Sign the EFI decompressor for UEFI secure boot"

	depends on EFI_ZBOOT

	help

	  Use the 'sbsign' command line tool (which must exist on the host

	  path) to sign both the EFI decompressor PE/COFF image, as well as the

	  encapsulated PE/COFF image, which is subsequently compressed and

	  wrapped by the former image.



config EFI_ZBOOT_SIGNING_CERT

	string "Certificate to use for signing the compressed EFI boot image"

	depends on EFI_ZBOOT_SIGNING



config EFI_ZBOOT_SIGNING_KEY

	string "Private key to use for signing the compressed EFI boot image"

	depends on EFI_ZBOOT_SIGNING



config EFI_ARMSTUB_DTB_LOADER

	bool "Enable the DTB loader"

	depends on EFI_GENERIC_STUB && !RISCV && !LOONGARCH

drivers/firmware/efi/arm-runtime.c

+1 −1
Original line number Diff line number Diff line
@@ -63,7 +63,7 @@ static bool __init efi_virtmap_init(void) 


		if (!(md->attribute & EFI_MEMORY_RUNTIME))

			continue;

		if (md->virt_addr == 0)

		if (md->virt_addr == U64_MAX)

			return false;



		ret = efi_create_mapping(&efi_mm, md);

drivers/firmware/efi/efi.c

+2 −0
Original line number Diff line number Diff line
@@ -271,6 +271,8 @@ static __init int efivar_ssdt_load(void) 
			acpi_status ret = acpi_load_table(data, NULL);

			if (ret)

				pr_err("failed to load table: %u\n", ret);

			else

				continue;

		} else {

			pr_err("failed to get var data: 0x%lx\n", status);

		}

drivers/firmware/efi/libstub/Makefile.zboot

+4 −25
Original line number Diff line number Diff line
@@ -20,18 +20,7 @@ zboot-size-len-y := 4 
zboot-method-$(CONFIG_KERNEL_GZIP)	:= gzip

zboot-size-len-$(CONFIG_KERNEL_GZIP)	:= 0



quiet_cmd_sbsign = SBSIGN  $@

      cmd_sbsign = sbsign --out $@ $< \

		   --key $(CONFIG_EFI_ZBOOT_SIGNING_KEY) \

		   --cert $(CONFIG_EFI_ZBOOT_SIGNING_CERT)



$(obj)/$(EFI_ZBOOT_PAYLOAD).signed: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE

	$(call if_changed,sbsign)



ZBOOT_PAYLOAD-y				 := $(EFI_ZBOOT_PAYLOAD)

ZBOOT_PAYLOAD-$(CONFIG_EFI_ZBOOT_SIGNED) := $(EFI_ZBOOT_PAYLOAD).signed



$(obj)/vmlinuz: $(obj)/$(ZBOOT_PAYLOAD-y) FORCE

$(obj)/vmlinuz: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE

	$(call if_changed,$(zboot-method-y))



OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
@@ -53,18 +42,8 @@ LDFLAGS_vmlinuz.efi.elf := -T $(srctree)/drivers/firmware/efi/libstub/zboot.lds 
$(obj)/vmlinuz.efi.elf: $(obj)/vmlinuz.o $(ZBOOT_DEPS) FORCE

	$(call if_changed,ld)



ZBOOT_EFI-y				:= vmlinuz.efi

ZBOOT_EFI-$(CONFIG_EFI_ZBOOT_SIGNED)	:= vmlinuz.efi.unsigned



OBJCOPYFLAGS_$(ZBOOT_EFI-y) := -O binary

$(obj)/$(ZBOOT_EFI-y): $(obj)/vmlinuz.efi.elf FORCE

OBJCOPYFLAGS_vmlinuz.efi := -O binary

$(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.elf FORCE

	$(call if_changed,objcopy)



targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi
 


ifneq ($(CONFIG_EFI_ZBOOT_SIGNED),)

$(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.unsigned FORCE

	$(call if_changed,sbsign)

endif



targets += $(EFI_ZBOOT_PAYLOAD).signed vmlinuz.efi.unsigned

drivers/firmware/efi/libstub/fdt.c

+4 −4
Original line number Diff line number Diff line
@@ -313,16 +313,16 @@ efi_status_t allocate_new_fdt_and_exit_boot(void *handle, 


			/*

			 * Set the virtual address field of all

			 * EFI_MEMORY_RUNTIME entries to 0. This will signal

			 * the incoming kernel that no virtual translation has

			 * been installed.

			 * EFI_MEMORY_RUNTIME entries to U64_MAX. This will

			 * signal the incoming kernel that no virtual

			 * translation has been installed.

			 */

			for (l = 0; l < priv.boot_memmap->map_size;

			     l += priv.boot_memmap->desc_size) {

				p = (void *)priv.boot_memmap->map + l;



				if (p->attribute & EFI_MEMORY_RUNTIME)

					p->virt_addr = 0;

					p->virt_addr = U64_MAX;

			}

		}

		return EFI_SUCCESS;