-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathstub.c
213 lines (182 loc) · 6.24 KB
/
stub.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
/*
* stubby
*
* Copyright (c) 2020 Cisco Systems, Inc. <[email protected]>
*
* This file was originally copied from systemd under the LGPL-2.1+ license
* and that license has been preserved in this project. The systemd source
* repository can be found at https://github.com/systemd/systemd.
*
*/
/*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
#include "stubby_efi.h"
#include "disk.h"
#include "kcmdline.h"
#include "linux.h"
#include "pe.h"
#include "stra.h"
#include "util.h"
/* magic string to find in the binary image */
static const char __attribute__((used)) magic[] =
"#### LoaderInfo: stubby " VERSION " ####";
BOOLEAN use_shell_cmdline(UINTN len)
{
EFI_STATUS err;
UINTN i;
// If cmdline file is missing then use the shell's
if (len == 0)
return TRUE;
// Otherwise require StubbyIgnoreCmdlineSection UEFI var to be 1
err = efivar_get_int(L"StubbyIgnoreCmdlineSection", &i);
return err == EFI_SUCCESS && i == 1;
}
static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table)
{
EFI_LOADED_IMAGE *loaded_image;
_cleanup_freepool_ CHAR8 *b = NULL;
UINTN size;
BOOLEAN secure = FALSE;
CHAR8 *sections[] = {
(CHAR8 *)".cmdline",
(CHAR8 *)".linux",
(CHAR8 *)".initrd",
NULL
};
UINTN addrs[ELEMENTSOF(sections) - 1] = {};
UINTN offs[ELEMENTSOF(sections) - 1] = {};
UINTN szs[ELEMENTSOF(sections) - 1] = {};
CHAR8 *bt_cmdline = (CHAR8*)"";
UINTN bt_cmdline_len = 0;
CHAR8 *rt_cmdline = NULL;
UINTN rt_cmdline_len = 0;
CHAR8 *cmdline = NULL;
UINTN cmdline_len = 0;
CHAR16 uuid[37];
EFI_STATUS err;
InitializeLib(image, sys_table);
err = uefi_call_wrapper(BS->OpenProtocol, 6,
image, &LoadedImageProtocol,
(VOID **)&loaded_image,
image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL);
if (EFI_ERROR(err)) {
Print(L"Error getting a LoadedImageProtocol handle: %r\n", err);
uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
return err;
}
if (efivar_get_raw(&global_guid,
L"SecureBoot", &b, &size) == EFI_SUCCESS)
if (*b > 0)
secure = TRUE;
err = pe_memory_locate_sections(loaded_image->ImageBase,
sections, addrs, offs, szs);
if (EFI_ERROR(err)) {
Print(L"Unable to locate embedded .linux section: %r\n", err);
uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
return err;
}
if (szs[0] > 0) {
bt_cmdline_len = szs[0];
bt_cmdline = (CHAR8 *)(loaded_image->ImageBase + addrs[0]);
}
if (bt_cmdline[bt_cmdline_len] != '\0') {
Print(L"builtin command line was not null-terminated\n");
return EFI_INVALID_PARAMETER;
}
CHAR16 *options;
UINTN i;
options = (CHAR16 *)loaded_image->LoadOptions;
rt_cmdline_len = (loaded_image->LoadOptionsSize /
sizeof(CHAR16)) * sizeof(CHAR8);
// when loaded by uefi shell, LoadOptionsSize will include a terminating null (0x00 0x00)
// when loaded by nvram, LoadOptionsSize will *not* include a terminating null.
// set rt_cmdline_len to not include it.
if (rt_cmdline_len > 0 && options[rt_cmdline_len-1] == '\0') {
// length included terminating null
rt_cmdline_len--;
}
rt_cmdline = AllocatePool(rt_cmdline_len+1);
if (rt_cmdline == NULL) {
Print(L"Failed to allocate memory for command line");
return EFI_OUT_OF_RESOURCES;
}
for (i = 0; i < rt_cmdline_len; i++) {
rt_cmdline[i] = options[i];
}
rt_cmdline[rt_cmdline_len] = '\0';
if (!remove_leading_efi_name(rt_cmdline, &rt_cmdline_len)) {
Print(L"remove_leading_efi_name returned error\n");
return EFI_INVALID_PARAMETER;
}
err = get_cmdline_with_print(
secure, bt_cmdline, bt_cmdline_len, rt_cmdline, rt_cmdline_len,
&cmdline, &cmdline_len);
if EFI_ERROR(err) {
if (cmdline != NULL) {
FreePool(cmdline);
}
// exiting with either SECURITY_VIOLATION or EFI_ACCESS_DENIED will result
// in shim trying to launch mok manager and a confusing "Not Found" error path.
if (err == EFI_SECURITY_VIOLATION || err == EFI_ACCESS_DENIED) {
err = EFI_INVALID_PARAMETER;
}
return err;
}
/* export the device path we are started from, if it's not set yet */
if (efivar_get_raw(&loader_guid, L"LoaderDevicePartUUID", NULL,
NULL) != EFI_SUCCESS)
if (disk_get_part_uuid(loaded_image->DeviceHandle,
uuid) == EFI_SUCCESS)
efivar_set(L"LoaderDevicePartUUID", uuid, FALSE);
/* if LoaderImageIdentifier is not set, assume the image with this stub
* was loaded directly from UEFI */
if (efivar_get_raw(&loader_guid, L"LoaderImageIdentifier", NULL,
NULL) != EFI_SUCCESS) {
_cleanup_freepool_ CHAR16 *s;
s = DevicePathToStr(loaded_image->FilePath);
efivar_set(L"LoaderImageIdentifier", s, FALSE);
}
/* if LoaderFirmwareInfo is not set, let's set it */
if (efivar_get_raw(&loader_guid, L"LoaderFirmwareInfo", NULL,
NULL) != EFI_SUCCESS) {
_cleanup_freepool_ CHAR16 *s;
s = PoolPrint(L"%s %d.%02d\n",
ST->FirmwareVendor,
ST->FirmwareRevision >> 16,
ST->FirmwareRevision & 0xffff);
efivar_set(L"LoaderFirmwareInfo", s, FALSE);
}
/* ditto for LoaderFirmwareType */
if (efivar_get_raw(&loader_guid, L"LoaderFirmwareType", NULL,
NULL) != EFI_SUCCESS) {
_cleanup_freepool_ CHAR16 *s;
s = PoolPrint(L"UEFI %d.%02d\n", ST->Hdr.Revision >> 16,
ST->Hdr.Revision & 0xffff);
efivar_set(L"LoaderFirmwareType", s, FALSE);
}
/* add StubInfo */
if (efivar_get_raw(&loader_guid,
L"StubInfo", NULL, NULL) != EFI_SUCCESS)
efivar_set(L"StubInfo", L"stubby " VERSION, FALSE);
err = linux_exec(image, cmdline, cmdline_len,
(UINTN)loaded_image->ImageBase + addrs[1],
(UINTN)loaded_image->ImageBase + addrs[2], szs[2]);
FreePool(cmdline);
Print(L"Execution of embedded linux image failed: %r\n", err);
uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000);
return err;
}