Commit 3d7ee348 authored Jul 11, 2018 by Ard Biesheuvel Committed by Ingo Molnar Jul 16, 2018

efi/libstub/arm: Add opt-in Kconfig option for the DTB loader



There are various ways a platform can provide a device tree binary
to the kernel, with different levels of sophistication:

- ideally, the UEFI firmware, which is tightly coupled with the
  platform, provides a device tree image directly as a UEFI
  configuration table, and typically permits the contents to be
  manipulated either via menu options or via UEFI environment
  variables that specify a replacement image,

- GRUB for ARM has a 'devicetree' directive which allows a device
  tree image to be loaded from any location accessible to GRUB, and
  supersede the one provided by the firmware,

- the EFI stub implements a dtb= command line option that allows a
  device tree image to be loaded from a file residing in the same
  file system as the one the kernel image was loaded from.

The dtb= command line option was never intended to be more than a
development feature, to allow the other options to be implemented
in parallel. So let's make it an opt-in feature that is disabled
by default, but can be re-enabled at will.

Note that we already disable the dtb= command line option when we
detect that we are running with UEFI Secure Boot enabled.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
Acked-by: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20180711094040.12506-7-ard.biesheuvel@linaro.org


Signed-off-by: Ingo Molnar <mingo@kernel.org>

parent f5dcc214

drivers/firmware/efi/Kconfig

+12 −0

Original line number	Diff line number	Diff line
		@@ -87,6 +87,18 @@ config EFI_RUNTIME_WRAPPERS
		config EFI_ARMSTUB
		bool

		config EFI_ARMSTUB_DTB_LOADER
		bool "Enable the DTB loader"
		depends on EFI_ARMSTUB
		help
		Select this config option to add support for the dtb= command
		line parameter, allowing a device tree blob to be loaded into
		memory from the EFI System Partition by the stub.

		The device tree is typically provided by the platform or by
		the bootloader, so this option is mostly for development
		purposes only.

		config EFI_BOOTLOADER_CONTROL
		tristate "EFI Bootloader Control"
		depends on EFI_VARS

drivers/firmware/efi/libstub/arm-stub.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -202,8 +202,9 @@ unsigned long efi_entry(void handle, efi_system_table_t sys_table,
		* 'dtb=' unless UEFI Secure Boot is disabled. We assume that secure
		* boot is enabled if we can't determine its state.
		*/
		if (secure_boot != efi_secureboot_mode_disabled &&
		strstr(cmdline_ptr, "dtb=")) {
		if (!IS_ENABLED(CONFIG_EFI_ARMSTUB_DTB_LOADER) \|\|
		secure_boot != efi_secureboot_mode_disabled) {
		if (strstr(cmdline_ptr, "dtb="))
		pr_efi(sys_table, "Ignoring DTB from command line.\n");
		} else {
		status = handle_cmdline_files(sys_table, image, cmdline_ptr,