From patchwork Wed Mar 13 15:04:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13591483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E9C89C54791 for ; Wed, 13 Mar 2024 15:03:43 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.692492.1079679 (Exim 4.92) (envelope-from ) id 1rkQ8m-00047o-8d; Wed, 13 Mar 2024 15:03:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 692492.1079679; Wed, 13 Mar 2024 15:03:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8m-00047h-5X; Wed, 13 Mar 2024 15:03:36 +0000 Received: by outflank-mailman (input) for mailman id 692492; Wed, 13 Mar 2024 15:03:34 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8k-0003t5-G2 for xen-devel@lists.xenproject.org; Wed, 13 Mar 2024 15:03:34 +0000 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [2607:f8b0:4864:20::833]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dc24ee1f-e14a-11ee-afdd-a90da7624cb6; Wed, 13 Mar 2024 16:03:33 +0100 (CET) Received: by mail-qt1-x833.google.com with SMTP id d75a77b69052e-42ee2012bf0so7411361cf.0 for ; Wed, 13 Mar 2024 08:03:33 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id s9-20020ac85ec9000000b0042ef4b5f4fbsm4930034qtx.38.2024.03.13.08.03.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 08:03:31 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dc24ee1f-e14a-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710342212; x=1710947012; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KJKga3Jbhc7qlCdB+WV/kg/qjOpqTD+5g9NcykZuAm8=; b=FVVDsBzVFxMhkmBUDu2MqXEqQhJo1KdtIJQzhh7ZlzG5B/Rk1zIXD6wPB2J4S3UheI vW61+Xo4vO9v8NhFxa22hqxhq/AXalQtklF8UaAAorsIqqORtg4T1gUvS/5X+6bvgD97 kKUprfpor0tegUcCdaBGjAK0ZSeDz4LIdYgO4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710342212; x=1710947012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KJKga3Jbhc7qlCdB+WV/kg/qjOpqTD+5g9NcykZuAm8=; b=t8xOoMMEnsueTjHqFs1Jmi6dry5ivoX3EvLxNOdxN0PlQCfeNTPWi+p2z0ED1+EMSr 8KE628NCF1gqhpNvY/yN/mzlaqK4/9dQU5ZvtdqDk6G14pSFcJl2FDP0EPH28+zWONfp z6iqInpLNo7eSofWgZ7/7OkfD8QcnOTWlGELuqPZKQVohMpx+zt7Dnp5qpnLyZiHkmEm 3wklIHwnDNocvnLmqlSrQHOUaWWtqgdiBIp184enV5CDihTXtRxa2jqrO3MIUam0I+Kb oXvN8O8PDMVHR9hqOV3gmiiXJZf8lWjMpqxyMQv1fnfwdAYzKnMBlMRbtpxKhnl18LZ3 bh5g== X-Gm-Message-State: AOJu0YygZAf5R5OTwl37mr3ivQfhsnsRgQOBvjWPiBYfdZZGy1iAinLm 7c8CTom17tUV9ftcN3Z2Tomo0zW7LvxcIhrFZaySv5Qs2pXyPqF30u4QFrmZccDQ5wLfRyb8N13 VQzod X-Google-Smtp-Source: AGHT+IGo8AkCBVzP0kyZcIGdUmtVpb90lnSabmGU5U+tadHMUWKiWyOYVllW9juZC1PIxcMNKHVXfQ== X-Received: by 2002:a05:622a:245:b0:42e:dea0:f4b6 with SMTP id c5-20020a05622a024500b0042edea0f4b6mr3224282qtx.2.1710342212202; Wed, 13 Mar 2024 08:03:32 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Jan Beulich , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , George Dunlap , Julien Grall , Stefano Stabellini Subject: [PATCH 1/4] multiboot2: Advertise the load type Date: Wed, 13 Mar 2024 15:04:36 +0000 Message-ID: <20240313150439.791213-2-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240313150439.791213-1-ross.lagerwall@citrix.com> References: <20240313150439.791213-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Advertise the type of the multiboot2 binary we're building. For now, it's always ELF. Signed-off-by: Ross Lagerwall --- xen/arch/x86/boot/head.S | 3 +++ xen/include/xen/multiboot2.h | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index d8ac0f0494db..015023915a72 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -90,6 +90,9 @@ multiboot2_header: 0x200000, /* Load address alignment (2 MiB). */ \ MULTIBOOT2_LOAD_PREFERENCE_HIGH + mb2ht_init MB2_HT(LOAD_TYPE), MB2_HT(OPTIONAL), \ + MULTIBOOT2_LOAD_TYPE_ELF + /* Console flags tag. */ mb2ht_init MB2_HT(CONSOLE_FLAGS), MB2_HT(OPTIONAL), \ MULTIBOOT2_CONSOLE_FLAGS_EGA_TEXT_SUPPORTED diff --git a/xen/include/xen/multiboot2.h b/xen/include/xen/multiboot2.h index f79204020535..c3a46ad66184 100644 --- a/xen/include/xen/multiboot2.h +++ b/xen/include/xen/multiboot2.h @@ -60,6 +60,7 @@ #define MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS_EFI32 8 #define MULTIBOOT2_HEADER_TAG_ENTRY_ADDRESS_EFI64 9 #define MULTIBOOT2_HEADER_TAG_RELOCATABLE 10 +#define MULTIBOOT2_HEADER_TAG_LOAD_TYPE 11 /* Header tag flags. */ #define MULTIBOOT2_HEADER_TAG_REQUIRED 0 @@ -113,6 +114,11 @@ #define MULTIBOOT2_FRAMEBUFFER_TYPE_RGB 1 #define MULTIBOOT2_FRAMEBUFFER_TYPE_EGA_TEXT 2 +/* Load types. */ +#define MULTIBOOT2_LOAD_TYPE_ADDRESS 0 +#define MULTIBOOT2_LOAD_TYPE_ELF 1 +#define MULTIBOOT2_LOAD_TYPE_PE 2 + #ifndef __ASSEMBLY__ typedef struct { u32 total_size; From patchwork Wed Mar 13 15:04:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13591485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 014F3C54E67 for ; Wed, 13 Mar 2024 15:03:45 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.692493.1079689 (Exim 4.92) (envelope-from ) id 1rkQ8n-0004NX-KI; Wed, 13 Mar 2024 15:03:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 692493.1079689; Wed, 13 Mar 2024 15:03:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8n-0004NQ-HH; Wed, 13 Mar 2024 15:03:37 +0000 Received: by outflank-mailman (input) for mailman id 692493; Wed, 13 Mar 2024 15:03:36 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8m-0003t5-Km for xen-devel@lists.xenproject.org; Wed, 13 Mar 2024 15:03:36 +0000 Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [2607:f8b0:4864:20::834]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dd576bb4-e14a-11ee-afdd-a90da7624cb6; Wed, 13 Mar 2024 16:03:35 +0100 (CET) Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-42f0df98361so31246061cf.0 for ; Wed, 13 Mar 2024 08:03:36 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id s9-20020ac85ec9000000b0042ef4b5f4fbsm4930034qtx.38.2024.03.13.08.03.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 08:03:33 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dd576bb4-e14a-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710342214; x=1710947014; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ms+OeqOZX4404kFqNdRZ2zfEW4WAGHmhK2r80eh4xas=; b=UHYa7BABn5ne2EdclbcNl7t1JLBOk66YsiJeVxsRa4PmKy3hU2/jJ3iRpfAIRGbvET t2kfxaBm92gQSJSqwpm/v/i2IMOrA/IH7i0zptMrGLAU8S9IYhCypSWJUD0xy4LrXfJq dRkpD/UdihRfml3uEyjsGsMcsPeacomP3+lMg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710342214; x=1710947014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ms+OeqOZX4404kFqNdRZ2zfEW4WAGHmhK2r80eh4xas=; b=kfDcW6F4xCtAV+fkZonEYO/1rQZPfMPY4a9HcReSDIQwjpHoUEKbRDIEQXph0CU52F hlJkoyXanKKPTbXTcP6kCsgpyfxs7CrMaj9UHStCSBJgpuERglrJ9fAmQU7QGezSpzY4 Pc2QhZNGNu51PCk57YhBtonu0fl2kyzkVHYAw04riYgRgs//gffP3Z0+kG8qV9hv5Qwl zxE4il/w2PpCsrZ9ZFf21wywTq8YViKeI0lZpPOsjrTu32ym/ew9cpXPaZ++Yi5mqR03 loJlcN3iL3vrfgoOAiHI6Ft1ye+faKlByISlo6Eo1UbD4sXUZVd5j6xAq4rAynuKBUYk Ws9A== X-Gm-Message-State: AOJu0YxltmYtELxr24DRls3QoO4N5+iYN5YenbrRXrcO72uhuQf0w3ez GGP1iS+XpYMMBoM99R5sMNmNFhYbCAIQyfbYyA3NrHkb3QxBsgNFUcxqOcJYFrFhRIKntrK1kxC 98LX6 X-Google-Smtp-Source: AGHT+IGD5WDqlGcDnqTFuq88+hJrcAzyIpQImYLYjVAc/i0xiKxZ/uOtj6CH1d9E36pCo1ma3X619A== X-Received: by 2002:ac8:5f84:0:b0:42e:eb34:5ba5 with SMTP id j4-20020ac85f84000000b0042eeb345ba5mr3769978qta.28.1710342214086; Wed, 13 Mar 2024 08:03:34 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Subject: [PATCH 2/4] x86: Add support for building a multiboot2 PE binary Date: Wed, 13 Mar 2024 15:04:37 +0000 Message-ID: <20240313150439.791213-3-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240313150439.791213-1-ross.lagerwall@citrix.com> References: <20240313150439.791213-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Add a new config option, CONFIG_MULTIBOOT_PE, that when set changes xen.gz to be a compressed PE binary instead of a compressed ELF binary. This requires use with a multiboot2 loader that supports the PE load type. Using this option allows the binary to be signed and verified by Shim. This means the same xen.gz can then be used for BIOS boot, UEFI Boot and UEFI boot with Secure Boot verification (all with the convenience of GRUB2 as a bootloader). Signed-off-by: Ross Lagerwall --- xen/Makefile | 1 + xen/arch/x86/Kconfig | 6 +++++ xen/arch/x86/Makefile | 48 ++++++++++++++++++++++++++++++++++++++++ xen/arch/x86/boot/head.S | 33 +++++++++++++++++++++++++++ 4 files changed, 88 insertions(+) diff --git a/xen/Makefile b/xen/Makefile index 21832d640225..c9461c9778cc 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -581,6 +581,7 @@ _clean: -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET)-syms $(TARGET)-syms.map rm -f $(TARGET).efi $(TARGET).efi.map $(TARGET).efi.elf $(TARGET).efi.stripped + rm -f $(TARGET).elf $(TARGET).map rm -f asm-offsets.s arch/*/include/asm/asm-offsets.h rm -f .banner .allconfig.tmp include/xen/compile.h rm -rf $(objtree)/arch/*/include/generated diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 1acdffc51c22..2d8f6e687e58 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -348,6 +348,12 @@ config REQUIRE_NX was unavailable. However, if enabled, Xen will no longer boot on any CPU which is lacking NX support. +config MULTIBOOT_PE + bool "Build the multiboot binary as PE" + help + Build the multiboot xen.gz binary as a PE binary rather than ELF. + This allows it to be signed and verified when using Secure Boot + with Shim and a bootloader. endmenu source "common/Kconfig" diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 26d87405297b..e26b1cb35036 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -123,6 +123,53 @@ syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) := --error-dup orphan-handling-$(call ld-option,--orphan-handling=warn) += --orphan-handling=warn +ifeq ($(CONFIG_MULTIBOOT_PE),y) +ifneq ($(XEN_BUILD_PE),y) +$(TARGET): FORCE + rm -f $@ + echo 'PE build not supported' +else +$(TARGET): VIRT_BASE = 0x$(shell $(NM) $(obj)/efi/relocs-dummy.o | sed -n 's, A VIRT_START$$,,p') +$(TARGET): $(objtree)/prelink.o $(note_file) $(obj)/efi.lds \ + $(obj)/efi/relocs-dummy.o $(obj)/efi/set-coff-flags $(TARGET)-syms $(efi-y) +ifeq ($(CONFIG_DEBUG_INFO),y) + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug info from $(@F)" +endif + $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) --disable-reloc-section \ + -T $(obj)/efi.lds -N $< $(relocs-dummy) \ + $(objtree)/common/symbols-dummy.o $(note_file_option) \ + -o $(dot-target).$(VIRT_BASE).0 + $(NM) -pa --format=sysv $(dot-target).$(VIRT_BASE).0 \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort \ + > $(dot-target).0s.S + $(MAKE) $(build)=$(@D) .$(@F).0s.o + $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) --disable-reloc-section \ + -T $(obj)/efi.lds -N $< $(dot-target).0s.o $(note_file_option) \ + -o $(dot-target).$(VIRT_BASE).1 + $(NM) -pa --format=sysv $(dot-target).$(VIRT_BASE).1 \ + | $(objtree)/tools/symbols $(all_symbols) --sysv --sort \ + > $(dot-target).1s.S + $(MAKE) $(build)=$(@D) .$(@F).1s.o + $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) --disable-reloc-section \ + -T $(obj)/efi.lds -N $< $(dot-target).1s.o $(orphan-handling-y) \ + $(note_file_option) -o $@.tmp + od -t x4 -N 8192 $@.tmp | grep 1badb002 > /dev/null || \ + { echo "No Multiboot1 header found" >&2; false; } + od -t x4 -N 32768 $@.tmp | grep e85250d6 > /dev/null || \ + { echo "No Multiboot2 header found" >&2; false; } + mv $@.tmp $(TARGET) + $(NM) -pa --format=sysv $@ \ + | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ + > $@.map +ifeq ($(CONFIG_DEBUG_INFO),y) + $(if $(filter --strip-debug,$(EFI_LDFLAGS)),:$(space))$(OBJCOPY) -O elf64-x86-64 $@ $@.elf +endif + rm -f $(dot-target).[0-9]* $(@D)/..$(@F).[0-9]* +ifeq ($(CONFIG_XEN_IBT),y) + $(SHELL) $(srctree)/tools/check-endbr.sh $@ +endif +endif +else $(TARGET): TMP = $(dot-target).elf32 $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ @@ -132,6 +179,7 @@ $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 od -t x4 -N 32768 $(TMP) | grep e85250d6 > /dev/null || \ { echo "No Multiboot2 header found" >&2; false; } mv $(TMP) $(TARGET) +endif CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 015023915a72..84dc8b76b61d 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -44,6 +44,25 @@ .Lmb2ht_init_end\@: .endm + .macro mb2ht_qargs arg:req, args:vararg + .quad \arg + .ifnb \args + mb2ht_args \args + .endif + .endm + + .macro mb2ht_qinit type:req, req:req, args:vararg + .balign MULTIBOOT2_TAG_ALIGN, 0xc2 /* Avoid padding with long nops. */ +.Lmb2ht_init_start\@: + .short \type + .short \req + .long .Lmb2ht_init_end\@ - .Lmb2ht_init_start\@ + .ifnb \args + mb2ht_qargs \args + .endif +.Lmb2ht_init_end\@: + .endm + ENTRY(start) jmp __start @@ -90,8 +109,14 @@ multiboot2_header: 0x200000, /* Load address alignment (2 MiB). */ \ MULTIBOOT2_LOAD_PREFERENCE_HIGH + /* Load type */ +#ifdef CONFIG_MULTIBOOT_PE + mb2ht_init MB2_HT(LOAD_TYPE), MB2_HT(OPTIONAL), \ + MULTIBOOT2_LOAD_TYPE_PE +#else mb2ht_init MB2_HT(LOAD_TYPE), MB2_HT(OPTIONAL), \ MULTIBOOT2_LOAD_TYPE_ELF +#endif /* Console flags tag. */ mb2ht_init MB2_HT(CONSOLE_FLAGS), MB2_HT(OPTIONAL), \ @@ -107,8 +132,16 @@ multiboot2_header: mb2ht_init MB2_HT(EFI_BS), MB2_HT(OPTIONAL) /* EFI64 Multiboot2 entry point. */ +#ifdef CONFIG_MULTIBOOT_PE + mb2ht_qinit MB2_HT(ENTRY_ADDRESS_EFI64), MB2_HT(OPTIONAL), \ + __efi64_mb2_start + + mb2ht_qinit MB2_HT(ENTRY_ADDRESS), MB2_HT(OPTIONAL), \ + start +#else mb2ht_init MB2_HT(ENTRY_ADDRESS_EFI64), MB2_HT(OPTIONAL), \ sym_offs(__efi64_mb2_start) +#endif /* Multiboot2 header end tag. */ mb2ht_init MB2_HT(END), MB2_HT(REQUIRED) From patchwork Wed Mar 13 15:04:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13591486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 96FB0C54E66 for ; Wed, 13 Mar 2024 15:03:50 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.692494.1079699 (Exim 4.92) (envelope-from ) id 1rkQ8p-0004eh-Sn; Wed, 13 Mar 2024 15:03:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 692494.1079699; Wed, 13 Mar 2024 15:03:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8p-0004eY-PI; Wed, 13 Mar 2024 15:03:39 +0000 Received: by outflank-mailman (input) for mailman id 692494; Wed, 13 Mar 2024 15:03:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8p-0003t5-2J for xen-devel@lists.xenproject.org; Wed, 13 Mar 2024 15:03:39 +0000 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [2607:f8b0:4864:20::734]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id ded11ed3-e14a-11ee-afdd-a90da7624cb6; Wed, 13 Mar 2024 16:03:38 +0100 (CET) Received: by mail-qk1-x734.google.com with SMTP id af79cd13be357-7882e94d408so541337985a.0 for ; Wed, 13 Mar 2024 08:03:38 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id s9-20020ac85ec9000000b0042ef4b5f4fbsm4930034qtx.38.2024.03.13.08.03.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 08:03:35 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ded11ed3-e14a-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710342216; x=1710947016; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U4TeTAtNjsqWwlrctsZmN5LB4TEkMI5eFT9ZNBGXubI=; b=QXv1Ogx7cB5RsixhnMvChPv95kZ4LAXWT7izmloYZE4YqONv2wv2tDL+ftCgdwnd6a v9ddVubasZrGmm6qWWuf9qcOXPLhjYGreFyqjHrrnLPdhwGlXtTwVlhyrxGUnHEkExoJ zk1MgaZsZQ2cu9z2ep0OTxddCHTKvJFzQewi4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710342216; x=1710947016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U4TeTAtNjsqWwlrctsZmN5LB4TEkMI5eFT9ZNBGXubI=; b=erm0ZfNIvFgYlJX2N5NPzEd78ZjlQfnSKthAVTCwdVvn73aSosd5ONj0NTil0P72IA aJYq9FTpDNH0VTd9t/mut3KM5KrpY/oMpuW4C7PTGqJxhrX+e2idLEX82Opbls/przDj WDcmWjzu/ubKFn1CzNQxm/bFehMpWlA3+IJxYCLzJAKuwH5cZMHMubySOG8r4B5IfwFO t1L0PgIv/BTVPJlAllqcBk3hA0xfi2vbx8Fzgj8HcNXlOKVodtqU46MGqAv/yVVzQUaL OLr58ohtswVj/w2YaNJJ/jFg432BCsaduZkOq5JSX2+FS8475/vSfogdN+wV25t3/wyR Mlug== X-Gm-Message-State: AOJu0Yyuwq0Y4YgNh15ZWmtCItwWioqFN4V1Ko6oBTor4x3DpXR/ayXe q5LOr1vOgoz5F4rDGz1Ec2Ou73NobPU5KeQibl8rBq/5XcoXnkhQWk7NkXQQyLp7Jr/z+dFA/4B lSy2h X-Google-Smtp-Source: AGHT+IE7eJh239NUg3LLwlY/kx4HoJml6ruPsHnqzezPRVHpl1dImCS7EL5JGXJT9DvImYTHuGiuAQ== X-Received: by 2002:a05:622a:251:b0:42e:f101:952 with SMTP id c17-20020a05622a025100b0042ef1010952mr17139115qtx.11.1710342216119; Wed, 13 Mar 2024 08:03:36 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Subject: [PATCH 3/4] x86: Hand-edit coff flags to remove RELOCS_STRIPPED flag Date: Wed, 13 Mar 2024 15:04:38 +0000 Message-ID: <20240313150439.791213-4-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240313150439.791213-1-ross.lagerwall@citrix.com> References: <20240313150439.791213-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 The generated PE binary is generated without relocations since it does not need them. However, the linker sets the IMAGE_FILE_RELOCS_STRIPPED flag which implies the binary is not relocatable and this causes some tools to refuse to handle the binary (e.g. Shim). As there is no option to remove this flag using the linker, post-process the binary to do it. Signed-off-by: Ross Lagerwall --- .gitignore | 1 + xen/arch/x86/Makefile | 2 + xen/arch/x86/efi/set-coff-flags.c | 83 +++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 xen/arch/x86/efi/set-coff-flags.c diff --git a/.gitignore b/.gitignore index d8b57e32f888..ab0b18352a0f 100644 --- a/.gitignore +++ b/.gitignore @@ -256,6 +256,7 @@ xen/arch/x86/boot/*.lnk xen/arch/x86/efi.lds xen/arch/x86/efi/check.efi xen/arch/x86/efi/mkreloc +xen/arch/x86/efi/set-coff-flags xen/arch/x86/include/asm/asm-macros.h xen/arch/*/xen.lds xen/arch/*/efi/boot.c diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index e26b1cb35036..73b16ddeb976 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -86,6 +86,7 @@ extra-y += xen.lds hostprogs-y += boot/mkelf32 hostprogs-y += efi/mkreloc +hostprogs-y += efi/set-coff-flags # Allows usercopy.c to include itself $(obj)/usercopy.o: CFLAGS-y += -iquote . @@ -157,6 +158,7 @@ endif { echo "No Multiboot1 header found" >&2; false; } od -t x4 -N 32768 $@.tmp | grep e85250d6 > /dev/null || \ { echo "No Multiboot2 header found" >&2; false; } + $(obj)/efi/set-coff-flags $@.tmp mv $@.tmp $(TARGET) $(NM) -pa --format=sysv $@ \ | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ diff --git a/xen/arch/x86/efi/set-coff-flags.c b/xen/arch/x86/efi/set-coff-flags.c new file mode 100644 index 000000000000..a99415e6bcbf --- /dev/null +++ b/xen/arch/x86/efi/set-coff-flags.c @@ -0,0 +1,83 @@ +#include +#include +#include +#include + +struct mz_hdr { + uint16_t signature; +#define MZ_SIGNATURE 0x5a4d + uint16_t last_page_size; + uint16_t page_count; + uint16_t relocation_count; + uint16_t header_paras; + uint16_t min_paras; + uint16_t max_paras; + uint16_t entry_ss; + uint16_t entry_sp; + uint16_t checksum; + uint16_t entry_ip; + uint16_t entry_cs; + uint16_t relocations; + uint16_t overlay; + uint8_t reserved[32]; + uint32_t extended_header_base; +}; + +struct coff_hdr { + uint32_t signature; + uint16_t cpu; + uint16_t section_count; + int32_t timestamp; + uint32_t symbols_file_offset; + uint32_t symbol_count; + uint16_t opt_hdr_size; + uint16_t flags; +}; + +int main(int argc, char **argv) +{ + int fd; + struct mz_hdr mz_hdr; + struct coff_hdr coff_hdr; + + if ( argc != 2 ) + { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + fd = open(argv[1], O_RDWR); + if ( fd < 0 || + read(fd, &mz_hdr, sizeof(mz_hdr)) != sizeof(mz_hdr) ) + { + perror(argv[1]); + return 2; + } + + if ( mz_hdr.signature != MZ_SIGNATURE || + !mz_hdr.extended_header_base ) + { + fprintf(stderr, "%s: Wrong DOS file format\n", argv[1]); + return 2; + } + + if ( lseek(fd, mz_hdr.extended_header_base, SEEK_SET) < 0 || + read(fd, &coff_hdr, sizeof(coff_hdr)) != sizeof(coff_hdr) ) + { + perror(argv[1]); + return 2; + } + + coff_hdr.flags &= ~0x1; + + if ( lseek(fd, mz_hdr.extended_header_base, SEEK_SET) < 0 || + write(fd, &coff_hdr, sizeof(coff_hdr)) != sizeof(coff_hdr) ) + { + perror(argv[1]); + return 3; + } + + close(fd); + + return 0; +} From patchwork Wed Mar 13 15:04:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Lagerwall X-Patchwork-Id: 13591487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9AEE1C54E67 for ; Wed, 13 Mar 2024 15:03:50 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.692495.1079709 (Exim 4.92) (envelope-from ) id 1rkQ8s-0004wN-3g; Wed, 13 Mar 2024 15:03:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 692495.1079709; Wed, 13 Mar 2024 15:03:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8s-0004wA-10; Wed, 13 Mar 2024 15:03:42 +0000 Received: by outflank-mailman (input) for mailman id 692495; Wed, 13 Mar 2024 15:03:40 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rkQ8q-0003t5-HB for xen-devel@lists.xenproject.org; Wed, 13 Mar 2024 15:03:40 +0000 Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [2607:f8b0:4864:20::832]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dfbba345-e14a-11ee-afdd-a90da7624cb6; Wed, 13 Mar 2024 16:03:39 +0100 (CET) Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-42f468b62f1so18609091cf.1 for ; Wed, 13 Mar 2024 08:03:39 -0700 (PDT) Received: from rossla-lxenia.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id s9-20020ac85ec9000000b0042ef4b5f4fbsm4930034qtx.38.2024.03.13.08.03.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 08:03:37 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dfbba345-e14a-11ee-afdd-a90da7624cb6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1710342218; x=1710947018; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QiEx2+FLzW3zGCVQrA43mi0ECENchTli/sSUjekg7XE=; b=qZwyMYL1mLpk7EdfkdjdqZKanWej+vjsND+QOl/Rao1w9ewDq+Qn9aBraHZpn9EOpK tf6nbrUsMk6SVhbmyVu9e6yhf5u2tYQeooMZT15XeHKQxZKeGTIfaIoGiFKe+CNxtbkA AOiSjWaVKUe7i+2gFK4zAX59HhFWuvZlx6N0k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710342218; x=1710947018; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QiEx2+FLzW3zGCVQrA43mi0ECENchTli/sSUjekg7XE=; b=c0EiK4mA/pA3NxeKq5YPN37COjddCA2eDgfemKd8B2aIoqgIBTgI237oslq+whDec8 oBtv2AWtDg3RzUveUuksAKhLeLTgZc75blavj6s6HIPakrXlxm5TMR2vySQe3BAbi5Tb QMiRl9KWg7FQPSi3juLjwk+5x0wORjcR4qCC8eOYPO5o0zwEb+S7eVOpEhgq377ci20R +8CTORlRFhTd3Qt7LFtYtY/k+K/unNAkcuYGYOVkEt5JW5fwXFeQWVCKJevnh0j/IG+G HlCFH5nJ3XBAgVc1cx+5OjU7zxja196iMwDFhhspVTpp3JJ9fxqpmOtIvueZ9mq6qmu6 98ZQ== X-Gm-Message-State: AOJu0YzN/s8fbMgfxn/zNQzNBV4+3GDx+1Gs7Qzbl9FOY0fSBo/7fYrG hJNpoIKDKAL06Io8t3oEqMpV4N5h/95MjCTTyuomYXlh/lVkYwNmOG6fGb0Ud7IA+jEdt0bJbrf ltQ== X-Google-Smtp-Source: AGHT+IEY4iMUpxcQkqaJtj9BZiqXpcRfn1PNNn7j6IsH2RqYkSF7CFfot+XPRvFlXjpahBC8IR10pQ== X-Received: by 2002:a05:622a:653:b0:42e:eb7d:1ab3 with SMTP id a19-20020a05622a065300b0042eeb7d1ab3mr5774242qtb.65.1710342218284; Wed, 13 Mar 2024 08:03:38 -0700 (PDT) From: Ross Lagerwall To: xen-devel@lists.xenproject.org Cc: Ross Lagerwall , Jan Beulich , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH 4/4] x86: Call Shim Verify in the multiboot2 path Date: Wed, 13 Mar 2024 15:04:39 +0000 Message-ID: <20240313150439.791213-5-ross.lagerwall@citrix.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240313150439.791213-1-ross.lagerwall@citrix.com> References: <20240313150439.791213-1-ross.lagerwall@citrix.com> MIME-Version: 1.0 Now that the multiboot2 binary can be verified by Shim, ensure that the dom0 kernel is verified when using the multiboot2 path. If the Shim protocol is not available and the SecureBoot variable is not set to 0 (or the state cannot be determined), abort the boot. Signed-off-by: Ross Lagerwall --- xen/arch/x86/boot/head.S | 4 ++- xen/arch/x86/efi/efi-boot.h | 65 ++++++++++++++++++++++++++++++++++++- 2 files changed, 67 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 84dc8b76b61d..7b6e5d3882ad 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -385,10 +385,12 @@ __efi64_mb2_start: /* Keep the stack aligned. Do not pop a single item off it. */ mov (%rsp),%rdi + mov %rbx, %rcx + /* * efi_multiboot2() is called according to System V AMD64 ABI: * - IN: %rdi - EFI ImageHandle, %rsi - EFI SystemTable, - * %rdx - MB2 cmdline + * %rdx - MB2 cmdline, %rcx - Multiboot information. */ call efi_multiboot2 diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 8ea64e31cdc2..a9569e150e08 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -3,6 +3,7 @@ * is intended to be included by common/efi/boot.c _only_, and * therefore can define arch specific global variables. */ +#include #include #include #include @@ -808,9 +809,69 @@ static const char *__init get_option(const char *cmd, const char *opt) return o; } +#define ALIGN_UP(arg, align) \ + (((arg) + (align) - 1) & ~((typeof(arg))(align) - 1)) + +static void __init efi_verify_dom0(uint64_t mbi_in) +{ + uint64_t ptr; + const multiboot2_tag_t *tag; + EFI_SHIM_LOCK_PROTOCOL *shim_lock; + EFI_STATUS status; + const multiboot2_tag_module_t *kernel = NULL; + const multiboot2_fixed_t *mbi_fix = _p(mbi_in); + static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID; + static EFI_GUID __initdata global_variable_guid = EFI_GLOBAL_VARIABLE; + + ptr = ALIGN_UP(mbi_in + sizeof(*mbi_fix), MULTIBOOT2_TAG_ALIGN); + + for ( tag = _p(ptr); (uint64_t)tag - mbi_in < mbi_fix->total_size; + tag = _p(ALIGN_UP((uint64_t)tag + tag->size, MULTIBOOT2_TAG_ALIGN)) ) + { + if ( tag->type == MULTIBOOT2_TAG_TYPE_MODULE ) + { + kernel = (const multiboot2_tag_module_t *)tag; + break; + } + else if ( tag->type == MULTIBOOT2_TAG_TYPE_END ) + break; + } + + if ( !kernel ) + return; + + if ( (status = efi_bs->LocateProtocol(&shim_lock_guid, NULL, + (void **)&shim_lock)) != EFI_SUCCESS ) + { + UINT32 attr; + UINT8 data; + UINTN size = sizeof(data); + + status = efi_rs->GetVariable((CHAR16 *)L"SecureBoot", &global_variable_guid, + &attr, &size, &data); + if ( status == EFI_NOT_FOUND ) + return; + + if ( EFI_ERROR(status) ) + PrintErrMesg(L"Could not get SecureBoot variable", status); + + if ( attr != (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS) ) + PrintErrMesg(L"Unexpected SecureBoot attributes", attr); + + if ( size == 1 && data == 0 ) + return; + + blexit(L"Could not locate shim but Secure Boot is enabled"); + } + + if ( (status = shim_lock->Verify(_p(kernel->mod_start), + kernel->mod_end - kernel->mod_start)) != EFI_SUCCESS ) + PrintErrMesg(L"Dom0 kernel image could not be verified", status); +} + void asmlinkage __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable, - const char *cmdline) + const char *cmdline, uint64_t mbi_in) { EFI_GRAPHICS_OUTPUT_PROTOCOL *gop; EFI_HANDLE gop_handle; @@ -902,6 +963,8 @@ void asmlinkage __init efi_multiboot2(EFI_HANDLE ImageHandle, efi_relocate_esrt(SystemTable); + efi_verify_dom0(mbi_in); + efi_exit_boot(ImageHandle, SystemTable); }