| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 1 | // SPDX-License-Identifier: GPL-2.0 |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2014 Oracle Co., Daniel Kiper |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 4 | */ |
| 5 | |
| 6 | #include <linux/bitops.h> |
| 7 | #include <linux/efi.h> |
| 8 | #include <linux/init.h> |
| 9 | #include <linux/string.h> |
| 10 | |
| 11 | #include <xen/xen.h> |
| 12 | #include <xen/xen-ops.h> |
| 13 | #include <xen/interface/platform.h> |
| 14 | |
| 15 | #include <asm/page.h> |
| 16 | #include <asm/setup.h> |
| 17 | #include <asm/xen/hypercall.h> |
| 18 | |
| 19 | static efi_char16_t vendor[100] __initdata; |
| 20 | |
| 21 | static efi_system_table_t efi_systab_xen __initdata = { |
| 22 | .hdr = { |
| 23 | .signature = EFI_SYSTEM_TABLE_SIGNATURE, |
| 24 | .revision = 0, /* Initialized later. */ |
| 25 | .headersize = 0, /* Ignored by Linux Kernel. */ |
| 26 | .crc32 = 0, /* Ignored by Linux Kernel. */ |
| 27 | .reserved = 0 |
| 28 | }, |
| 29 | .fw_vendor = EFI_INVALID_TABLE_ADDR, /* Initialized later. */ |
| 30 | .fw_revision = 0, /* Initialized later. */ |
| 31 | .con_in_handle = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 32 | .con_in = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 33 | .con_out_handle = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 34 | .con_out = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 35 | .stderr_handle = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 36 | .stderr = EFI_INVALID_TABLE_ADDR, /* Not used under Xen. */ |
| 37 | .runtime = (efi_runtime_services_t *)EFI_INVALID_TABLE_ADDR, |
| 38 | /* Not used under Xen. */ |
| 39 | .boottime = (efi_boot_services_t *)EFI_INVALID_TABLE_ADDR, |
| 40 | /* Not used under Xen. */ |
| 41 | .nr_tables = 0, /* Initialized later. */ |
| 42 | .tables = EFI_INVALID_TABLE_ADDR /* Initialized later. */ |
| 43 | }; |
| 44 | |
| 45 | static efi_system_table_t __init *xen_efi_probe(void) |
| 46 | { |
| 47 | struct xen_platform_op op = { |
| 48 | .cmd = XENPF_firmware_info, |
| 49 | .u.firmware_info = { |
| 50 | .type = XEN_FW_EFI_INFO, |
| 51 | .index = XEN_FW_EFI_CONFIG_TABLE |
| 52 | } |
| 53 | }; |
| 54 | union xenpf_efi_info *info = &op.u.firmware_info.u.efi_info; |
| 55 | |
| 56 | if (!xen_initial_domain() || HYPERVISOR_platform_op(&op) < 0) |
| 57 | return NULL; |
| 58 | |
| 59 | /* Here we know that Xen runs on EFI platform. */ |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 60 | xen_efi_runtime_setup(); |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 61 | |
| 62 | efi_systab_xen.tables = info->cfg.addr; |
| 63 | efi_systab_xen.nr_tables = info->cfg.nent; |
| 64 | |
| 65 | op.cmd = XENPF_firmware_info; |
| 66 | op.u.firmware_info.type = XEN_FW_EFI_INFO; |
| 67 | op.u.firmware_info.index = XEN_FW_EFI_VENDOR; |
| 68 | info->vendor.bufsz = sizeof(vendor); |
| 69 | set_xen_guest_handle(info->vendor.name, vendor); |
| 70 | |
| 71 | if (HYPERVISOR_platform_op(&op) == 0) { |
| 72 | efi_systab_xen.fw_vendor = __pa_symbol(vendor); |
| 73 | efi_systab_xen.fw_revision = info->vendor.revision; |
| 74 | } else |
| 75 | efi_systab_xen.fw_vendor = __pa_symbol(L"UNKNOWN"); |
| 76 | |
| 77 | op.cmd = XENPF_firmware_info; |
| 78 | op.u.firmware_info.type = XEN_FW_EFI_INFO; |
| 79 | op.u.firmware_info.index = XEN_FW_EFI_VERSION; |
| 80 | |
| 81 | if (HYPERVISOR_platform_op(&op) == 0) |
| 82 | efi_systab_xen.hdr.revision = info->version; |
| 83 | |
| 84 | op.cmd = XENPF_firmware_info; |
| 85 | op.u.firmware_info.type = XEN_FW_EFI_INFO; |
| 86 | op.u.firmware_info.index = XEN_FW_EFI_RT_VERSION; |
| 87 | |
| 88 | if (HYPERVISOR_platform_op(&op) == 0) |
| 89 | efi.runtime_version = info->version; |
| 90 | |
| 91 | return &efi_systab_xen; |
| 92 | } |
| 93 | |
| 94 | /* |
| 95 | * Determine whether we're in secure boot mode. |
| 96 | * |
| 97 | * Please keep the logic in sync with |
| 98 | * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot(). |
| 99 | */ |
| 100 | static enum efi_secureboot_mode xen_efi_get_secureboot(void) |
| 101 | { |
| 102 | static efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID; |
| 103 | static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID; |
| 104 | efi_status_t status; |
| 105 | u8 moksbstate, secboot, setupmode; |
| 106 | unsigned long size; |
| 107 | |
| 108 | size = sizeof(secboot); |
| 109 | status = efi.get_variable(L"SecureBoot", &efi_variable_guid, |
| 110 | NULL, &size, &secboot); |
| 111 | |
| 112 | if (status == EFI_NOT_FOUND) |
| 113 | return efi_secureboot_mode_disabled; |
| 114 | |
| 115 | if (status != EFI_SUCCESS) |
| 116 | goto out_efi_err; |
| 117 | |
| 118 | size = sizeof(setupmode); |
| 119 | status = efi.get_variable(L"SetupMode", &efi_variable_guid, |
| 120 | NULL, &size, &setupmode); |
| 121 | |
| 122 | if (status != EFI_SUCCESS) |
| 123 | goto out_efi_err; |
| 124 | |
| 125 | if (secboot == 0 || setupmode == 1) |
| 126 | return efi_secureboot_mode_disabled; |
| 127 | |
| 128 | /* See if a user has put the shim into insecure mode. */ |
| 129 | size = sizeof(moksbstate); |
| 130 | status = efi.get_variable(L"MokSBStateRT", &shim_guid, |
| 131 | NULL, &size, &moksbstate); |
| 132 | |
| 133 | /* If it fails, we don't care why. Default to secure. */ |
| 134 | if (status != EFI_SUCCESS) |
| 135 | goto secure_boot_enabled; |
| 136 | |
| 137 | if (moksbstate == 1) |
| 138 | return efi_secureboot_mode_disabled; |
| 139 | |
| 140 | secure_boot_enabled: |
| 141 | pr_info("UEFI Secure Boot is enabled.\n"); |
| 142 | return efi_secureboot_mode_enabled; |
| 143 | |
| 144 | out_efi_err: |
| 145 | pr_err("Could not determine UEFI Secure Boot status.\n"); |
| 146 | return efi_secureboot_mode_unknown; |
| 147 | } |
| 148 | |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 149 | void __init xen_efi_init(struct boot_params *boot_params) |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 150 | { |
| 151 | efi_system_table_t *efi_systab_xen; |
| 152 | |
| 153 | efi_systab_xen = xen_efi_probe(); |
| 154 | |
| 155 | if (efi_systab_xen == NULL) |
| 156 | return; |
| 157 | |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 158 | strncpy((char *)&boot_params->efi_info.efi_loader_signature, "Xen", |
| 159 | sizeof(boot_params->efi_info.efi_loader_signature)); |
| 160 | boot_params->efi_info.efi_systab = (__u32)__pa(efi_systab_xen); |
| 161 | boot_params->efi_info.efi_systab_hi = (__u32)(__pa(efi_systab_xen) >> 32); |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 162 | |
| David Brazdil | 0f672f6 | 2019-12-10 10:32:29 +0000 | [diff] [blame^] | 163 | boot_params->secure_boot = xen_efi_get_secureboot(); |
| Andrew Scull | b4b6d4a | 2019-01-02 15:54:55 +0000 | [diff] [blame] | 164 | |
| 165 | set_bit(EFI_BOOT, &efi.flags); |
| 166 | set_bit(EFI_PARAVIRT, &efi.flags); |
| 167 | set_bit(EFI_64BIT, &efi.flags); |
| 168 | } |