search

riscvarchive / riscv-edk2

Port of EDK2 implementation of UEFI to RISC-V. See documentation at:
https://github.com/riscv/riscv-uefi-edk2-docs
Other
22 stars 10 forks source link

Figure out why the security policy is preventing linux from booting #8

Closed JohnAZoidberg closed 3 years ago

JohnAZoidberg commented 3 years ago

Executing Linux from ESP doesn't work.

Mapping table
      FS0: Alias(s):HD0b:;BLK1:
          VenHw(837DCA9E-E874-4D82-B29A-23FE0E23D1E2,0070001000000000)/HD(1,GPT,BA028C54-F869-4BFC-B0C9-EEE3CFED7EAB,0x22,0x1FFBD)
     BLK2: Alias(s):
          VenHw(837DCA9E-E874-4D82-B29A-23FE0E23D1E2,0080001000000000)
     BLK0: Alias(s):
          VenHw(837DCA9E-E874-4D82-B29A-23FE0E23D1E2,0070001000000000)
Press ESC in 1 seconds to skip startup.nsh or any other key to continue.
FSOpen: Open '\startup.nsh' Success
Shell> fs0:
FS0:\>  Open '\' Success
FS0:\> initrd initramfs.cpio
FSOpen: Open '\initramfs.cpio' Success
InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B BF8321E0
InstallProtocolInterface: 4006C0C1-FCB3-403E-996D-4A6C8724E06D BF8321F8
FSOpen: Open '\' Success
FS0:\> linux-riscv64.efi root=/dev/vda rootwait earlycon
FSOpen: Open '\linux-riscv64.efi' Success
[Security] 3rd party image[0] is deferred to load before EndOfDxe: VenHw(837DCA9E-E874-4D82-B29A-23FE0E23D1E2,0070001000000000)/HD(1,GPT,BA028C54-F869-4BFC-B0C9-EEE3CFED7EAB,0x22,0x1FFBD)/\linux-riscv64.efi.
Script Error Status: Access Denied (line number 3)
FSOpen: Open '\' Success

Looks like we're not signaling the end of DXE.

This commit is a workaround: https://github.com/riscv/riscv-edk2/commit/c3508f4aef9b53e6d24870bc2212c275f0843861

JohnAZoidberg commented 3 years ago

Because Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib doesn't signal end of DXE.

JohnAZoidberg commented 3 years ago

Fixed by

Author: Daniel Schaefer <git@danielschaefer.me>
Date:   Fri May 7 05:17:31 2021 +0800

    Signal EndOfDxe in boot manager

    Otherwise we can't load a 3rd party image because we're still in DXE.
    MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c prevents
    that.

diff --git a/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index 82cd311df5..47b6f459d4 100644
--- a/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -155,6 +155,11 @@ PlatformBootManagerBeforeConsole (
   EFI_INPUT_KEY                F2;
   EFI_BOOT_MANAGER_LOAD_OPTION BootOption;

+  //^M
+  // Signal EndOfDxe PI Event^M
+  //^M
+  EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);^M
+^M
   //
   // Update the console variables.
   //
diff --git a/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index afba07573f..a7b99cab53 100644
--- a/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/Platform/RISC-V/PlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -48,6 +48,7 @@
   PrintLib

 [Guids]
+  gEfiEndOfDxeEventGroupGuid^M

 [Protocols]
   gEfiGenericMemTestProtocolGuid  ## CONSUMES

in edk2-platforms.