Commit graph

92 commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 25612ecba4 tree-wide: drop copyright lines for more authors
Acks in https://github.com/systemd/systemd/issues/9320.
2018-06-22 16:39:45 +02:00
Zbigniew Jędrzejewski-Szmek d9b02e1697 tree-wide: drop copyright headers from frequent contributors
Fixes #9320.

for p in Shapovalov Chevalier Rozhkov Sievers Mack Herrmann Schmidt Rudenberg Sahani Landden Andersen Watanabe; do
  git grep -e 'Copyright.*'$p -l|xargs perl -i -0pe 's|/([*][*])?[*]\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\s*[*]([*][*])?/\n*|\n|gms; s|\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\n*|\n|gms'
done
2018-06-20 11:58:53 +02:00
Zbigniew Jędrzejewski-Szmek 50d1760d26 Drop more license boilerplate
$ git grep -e 'This program is free software' -l |grep -v LICENSE | \
  xargs perl -i -0pe 's/ \* This program.*?for more details.\s*\*\n( \* You should have.*licenses.>.\n)?//gms'

For some reason they were missed previously. All those files seem to
have proper SDPX tags.
2018-06-14 13:05:41 +02:00
Zbigniew Jędrzejewski-Szmek 0cd41d4dff Drop my copyright headers
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
2018-06-14 13:03:20 +02:00
Lennart Poettering 96b2fb93c5 tree-wide: beautify remaining copyright statements
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
2018-06-14 10:20:21 +02:00
Lennart Poettering 810adae9e9 tree-wide: use proper unicode © instead of (C) where we can
Let's use a proper unicode copyright symbol where we can, it's prettier.

This important patch is very important.
2018-06-14 10:20:20 +02:00
Lennart Poettering 33de6b57a8 efi: explicitly cast physical address to UINTN when converting to/from pointers
UINTN is the integer type equalling the native ptr size. Let's fix the
casting warnings described in #7788 by casting the the pointers and
values to this type first. That way we cast integers to the right size
first before turning them into pointers, and pointers are first
covnerted to integers of the right size before converting them into
integers.

Not tested, since I lack i386 EFI systems, but I think this is simple
enough to be correct event without testing.

Fixes: #7788
2018-05-31 16:10:46 +02:00
Yu Watanabe 4b4ee0f781 meson: also try to search gnu-efi based on EFI_MACHINE_TYPE_NAME (#8900)
On Fedora rawhide, since gnu-efi-3.0.8-3.fc29, many file paths are
changed to use `EFI_MACHINE_TYPE_NAME` instead of `gnu_efi_arch`.

Fixes #8896.
2018-05-04 17:49:57 +02:00
Lennart Poettering 5d13a15b1d tree-wide: drop spurious newlines (#8764)
Double newlines (i.e. one empty lines) are great to structure code. But
let's avoid triple newlines (i.e. two empty lines), quadruple newlines,
quintuple newlines, …, that's just spurious whitespace.

It's an easy way to drop 121 lines of code, and keeps the coding style
of our sources a bit tigther.
2018-04-19 12:13:23 +02:00
Zbigniew Jędrzejewski-Szmek 11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Zbigniew Jędrzejewski-Szmek 46af0be929 boot: also use _cleanup_freepool_ in util.c
efivar_get() was leaking memory on success, afaict.
2018-03-13 11:42:02 +01:00
Zbigniew Jędrzejewski-Szmek a42d7cf165 sd-boot: introduce _cleanup_freepool_ 2018-03-13 11:41:32 +01:00
Zbigniew Jędrzejewski-Szmek 48af1eb6ee Merge pull request #8086 from hdante/sdboot-setmode-v2 2018-03-07 10:41:44 +01:00
Zbigniew Jędrzejewski-Szmek 70756b3b4d systemd-boot: fix off-by-one buffer overrun
We'd allocate a buffer of some size and then write zero to the byte one after.
2018-03-07 09:03:23 +01:00
Zbigniew Jędrzejewski-Szmek 12643e7c43 systemd-boot: reduce indentation in config_entry_add_linux()
No functional change.
2018-03-07 09:03:18 +01:00
Jan Janssen 4c8c9f9f8a systemd-boot: Try harder not to add ourselves to the list
We don't need to check if we are adding ourselves to the list
if we know that it's the windows or EFI shell loaders.

If we are adding the EFI default loader, additionally try to
see if we can find the systemd-boot magic string and skip
this entry if we do.
2018-03-07 09:03:18 +01:00
Henrique Dante de Almeida 26e51d87f7 boot/efi: improve automatic mode handling
This patch improves the automatic console mode switching by avoiding
changing the mode if it can verify that the text is readable in the
default mode. The implementation avoids changing mode if we're using a
low resolution device (fixed to be smaller than 1920x1080) because we
assume the text is readable, so the initial mode should be a good one.
Also, the mode is not changed when in high resolution mode if the text
viewport area is larger than 10% of the screen. The conclusion is that
only if the text viewport is calculated to occupy less than 10% of the
screen area it is assumed to be hard to read and a new mode is selected.

With this patch the auto mode will typically avoid changing mode
hopefully in most of the cases, only changing it if completely
necessary.
2018-02-03 17:37:16 -02:00
Henrique Dante de Almeida 68d4b8ac9b boot/efi: add console-mode boot option to change resolution
The new boot option allows changing the display console mode to some new
display resolution.

Usage: in systemd-boot configuration file loader/loader.conf add one of:

	console-mode <number>
	console-mode auto
	console-mode max
	console-mode keep

Where number can be:

	1) 0: UEFI standard 80x25 mode
	2) 1: 80x50 mode, if supported by device
	3) 2 or greater: some non-standard device mode, if supported

When using the auto mode, systemd-boot will try to find a reasonable
mode automatically using some heuristic. Current implementation tries to
switch console mode to mode 2 if it exists, mode 1 if it exists, else
mode 0. Mode 2 is the first non standard mode provided by the firmware
developer and it's assumed to be a reasonable mode.

The max mode adds support for switching to the highest numbered console
mode, whatever mode that would be in the system. The maximum mode being
the last one implemented by the firmware provider should be a reasonable
mode.

The keep mode is the default and is only included for completeness. With
this parameter, the user explicitly states and can be assured that
systemd-boot will not change console mode.

Note: patch includes a workaround for mode 1, that may not exist in
EDK2 OVFM and results in a buggy text mode when requested.
2018-02-03 17:32:04 -02:00
Jan Janssen c1d4e298bc systemd-boot: Make automatic entries configurable
Hiding automatic entries allows for giving custom entry names like
"Windows 10" instead of "Windows Boot Manager" by creating an appropriate
loader file in the loader/entries folder.
Note that it is already doable by renaming bootmgfw.efi (or the other auto-detected
boot loaders) and then using the renamed file for a custom entry. But windows will
automatically recreate the boot loader on updates, including the default EFI
bootloader entry if that one is missing.

Make hiding EFI reboot a separate option because there is no simple way to create
it with a custom loader entry and people may still want that around while still
hiding the other auto entries.

Also, turn no_editor into a positive boolean name while we're touching this code.
2018-01-28 17:20:41 +01:00
Jan Janssen 33d4ba32c9 systemd-boot: Return EFI_STATUS instead of INTN for file_read()
file_read() wants to return both a EFI_STATUS (INTN) and a file
length (UINTN). This seems rather fishy for either large files or
when returning errors (which are defined as positive numbers).
Let's just be more clear and return EFI_STATUS and let the file
length be a pointer.
2018-01-28 17:20:41 +01:00
Raphael Vogelgsang 16c73c765d boot/efi: TPM V2 fix for GetEventLog EFI function 2018-01-25 15:03:55 +01:00
Дамјан Георгиевски 34412f79e6 EFI stub: add StubInfo if non-existant
currently if a stub image is directly booted, bootctl reports:
```
Current Loader:
      Product: n/a
          ESP: /dev/disk/by-partuuid/b0a0807d-0592-40e9-adac-3bb724e9e305
         File: └─/EFI/Secure/secure-boot-4.14.8+.efi
```

Let's add a StubInfo which will be displayed by bootctl too (in a later
patch).
2018-01-15 18:08:11 +01:00
Дамјан Георгиевски 1aa15defbf EFI stub: add LoaderFirmwareInfo, LoaderFirmwareType if non-existant
bootctl previously:
```
System:
     Firmware: n/a (n/a)
```

after:
```
System:
     Firmware: UEFI 2.50 (Lenovo 0.4704)
```
2018-01-15 18:05:39 +01:00
Дамјан Георгиевски 19e0e60a57 EFI stub: add LoaderImageIdentifier if non-existant
when an image with the stub is booted directly from UEFI, bootctl status
shows this:
```
Current Loader:
      Product: n/a
          ESP: /dev/disk/by-partuuid/b0a0807d-0592-40e9-adac-3bb724e9e305
         File: └─n/a
```

After this change, the stub reports the image itself:
```
Current Loader:
      Product: n/a
          ESP: /dev/disk/by-partuuid/b0a0807d-0592-40e9-adac-3bb724e9e305
         File: └─/EFI/Secure/secure-boot-4.14.8+.efi
```
2018-01-15 17:59:33 +01:00
bleep_blop 7629744a3d separate flags from shebang 2017-12-25 19:48:49 +01:00
Yu Watanabe 977f65f01d sd-boot, udev: trivial condition simplifications
Reported and proposed by @dcb314.

Fixes #7656 and #7657.
2017-12-25 19:45:40 +01:00
Lennart Poettering 234519ae6d tree-wide: drop a few == NULL and != NULL comparison
Our CODING_STYLE suggests not comparing with NULL, but relying on C's
downgrade-to-bool feature for that. Fix up some code to match these
guidelines. (This is not comprehensive, the coccinelle output for this
is unfortunately kinda borked)
2017-12-11 16:05:40 +01:00
Harald Hoyer bfdf8c3bb8 boot/efi: fixup TPM V2 measuring and logging (#7568)
Honor the log format and use packed event structures.

Fixes https://github.com/systemd/systemd/issues/7118
2017-12-07 21:07:53 +01:00
Max Resch b4f9f2a62f Set secure_boot flag in Kernel Zero-Page (#7482)
Setting the secure_boot flag, avoids getting the printout
"EFI stub: UEFI Secure Boot is enabled." when booting
a Linux kernel with linuxx64.efi.stub and EFI SecureBoot enabled.

This is mainly a cosmetic fixup, as the "quiet" kernel parameter does
not silence pr_efi printouts in the linux kernel (this only works using
the efi stub from the linux source tree)
2017-12-06 15:29:52 +01:00
Zbigniew Jędrzejewski-Szmek 8d44f5a637 shim: fix logically dead code
The alternate verification path could never be taken.

Found by coverity.
2017-11-28 09:25:38 +01:00
Zbigniew Jędrzejewski-Szmek 10a6e01eaa boot/shim: fix char ** vs char * mismatch
This code cannot have ever worked ;(

Found by coverity, obvious when the type is not obfuscated to void*.
2017-11-28 09:25:38 +01:00
Zbigniew Jędrzejewski-Szmek bceda88b52 boot/efi: fix NULL dereference
The comment above makes the intent of the code pretty clear:
"use security2_protocol == NULL as indicator".
So revert the condition in the check and fix the logic in the comment while
at it.

The question is how this could have ever worked: if BS->LocateProtocol
(which is supposedly optional) ever failed, we'd crash here. Strange.

Found by coverity.
2017-11-28 09:25:38 +01:00
Lennart Poettering 4ff183d419
Merge pull request #7154 from keszybz/bootspec
List bootspec entries in bootctl and use the default for kexec
2017-11-20 13:06:33 +01:00
Zbigniew Jędrzejewski-Szmek 3a726fcd08 Add license headers and SPDX identifiers to meson.build files
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek 53e1b68390 Add SPDX license identifiers to source files under the LGPL
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-19 19:08:15 +01:00
Zbigniew Jędrzejewski-Szmek a2fa605a65 sd-boot: simplify the implementation of entry uniquification
There's a slight change in implementation: we first try to append the
version, then look for any non-unique pairs again. Before, we would only
mark as possibly unique those entries we changed. But if there are two
entries that e.g. have the same title and version, but only one has the
machine-id specified, we would treat one of them as still non-unique after
appending the machine-id to the other one. So the new algorithm is simpler
but more robust (not that it matters).
2017-10-23 13:40:54 +02:00
Zbigniew Jędrzejewski-Szmek 349cc4a507 build-sys: use #if Y instead of #ifdef Y everywhere
The advantage is that is the name is mispellt, cpp will warn us.

$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build

squash! build-sys: use #if Y instead of #ifdef Y everywhere

v2:
- fix incorrect setting of HAVE_LIBIDN2
2017-10-04 12:09:29 +02:00
Harald Hoyer 522aa9f5f8 boot/efi: don't hard fail on error for tpm measure (#6473)
Display the error for a small amount of time, but don't fail hard.

In case of a faulty BIOS, a TPM error should not prevent the boot.
If something cares about the PCM measurement, it will be noticed
anyway later on.

Especially important now, that TPM measurement is the default now on
some distribution builds.

https://bugzilla.redhat.com/show_bug.cgi?id=1411156
2017-07-28 03:46:05 -04:00
Zbigniew Jędrzejewski-Szmek 18b9ad1f61 build-sys: rename SD_BOOT_LOG_TPM to ENABLE_TPM
This makes it more like other configure defines.

Also, it fixes meson status output which was looking for HAVE_ and ENABLE_
prefixes only (the define under meson was OK, just the summary message was
wrong.)
2017-07-18 10:05:06 -04:00
Zbigniew Jędrzejewski-Szmek e5f752082e build-sys: drop gitignore patterns for in-tree builds
... and other autotools-generated files.
2017-07-18 10:05:06 -04:00
Matthew Garrett d4cbada2a9 sd-boot: stub: Obtain PE section offsets from RAM, not disk (#6250)
In a Secure Boot scenario the stub loader will have been validated
before execution. A malicious drive could then change the data returned
in future reads, resulting in the loader obtaining incorrect section
offsets and (for instance) allowing the command line to be modified.
Pull that information out of the in-RAM representation of the loader
instead in order to avoid this.

Fixes: #6230

(Lennart did some minor coding style fixes, and renamed pefile.c → pe.c,
as suggested by Kay, given that the file now contains a function whose
name doesn't match the filename as prefix anymore.)
2017-07-03 18:14:09 +02:00
Max Resch b2bb40ce9a sd-boot: added shim signature/MOK validation (#5702)
Adds support for booting in a SecureBoot environment with shim as a
preloader. Install an appropriate UEFI security policy to check PE
signature of a chained kernel or UEFI application (using LoadImage())
against the MOK database maintained by shim, using shim's installed
BootServices.

Implementation details for installing the security policy are based on
code from the LinuxFoundation's SecureBoot PreLoader, part of efitools
licensed under LGPL 2.1

Current signed (by Microsoft) versions of shim (Versions 0.8 & 0.9)
so not install a security policy by themselves, future Versions of
shim might (a compile time switch exists in rectent git versions),
so in the future this PR might become unnecessary.
2017-05-09 20:57:40 +02:00
Michael Biebl 8251ee109c Merge pull request #5842 from keszybz/meson-status-and-conditionals
Meson status and conditional simplification
2017-05-03 16:45:31 +02:00
Zbigniew Jędrzejewski-Szmek 2c201c2140 meson: use booleans for conf.set and drop unecessary conditionals
Using conf.set() with a boolean argument does the right thing:
either #ifdef or #undef. This means that conf.set can be used unconditionally.

Previously I used '1' as the placeholder value, and that needs to be changed to
'true' for consistency (under meson 1 cannot be used in boolean context). All
checks need to be adjusted.
2017-05-02 16:29:11 -04:00
Max Resch a0693fc951 sd-boot: remove compiler warning (#5860)
This small fixup removes a compiler warning when passing tcg (a const
arg type) to the uefi call wapper, which does not define it as const.

All other source files in sd-boot do this cast except measure.c, so
let's fix that.
2017-04-29 22:11:34 -04:00
Max Resch 1f8476b197 sd-boot: remove unnecessary defines (#5848)
As discussed in #5829 `#define` is not necessary, meson and autotools
set the correct compiler flags and the default value is provided by them.
2017-04-29 12:24:25 +02:00
Max Resch 489e15a8b3 meson: add compiler flags for "--tpm" in EFI apps (#5829)
Readds boot log tpm feature that was missing in meson by readding a
defines in efi_conf.h
2017-04-27 20:59:37 -04:00
Zbigniew Jędrzejewski-Szmek b884196cc1 meson: also indent scripts with 8 spaces 2017-04-25 08:49:16 -04:00
Zbigniew Jędrzejewski-Szmek 6800fe7f06 meson: define gnu_efi_arch for the arch efi name, fix ldsdir detection
This fixes ldsdir detection under Debian.

v2:
- define gnu_efi_arch for the arch efi include directory name

  In the autotools naming convention, efi_arch and this directory always had
  the same name. But meson.cpu_family() uses a slightly different convention,
  so those two don't always match.
2017-04-24 19:24:36 -04:00
Zbigniew Jędrzejewski-Szmek 86b3ca7a66 meson: use "sh -eu" and make .sh +x, .py -x
Shell scripts should be executable so that meson reports their
invocation succinctly (does not print 'sh' '-e').
Python scripts should not be executable so that meson does the
detection of the right python binary itself.

Add -u everywhere to catch potential errors.
2017-04-23 21:47:29 -04:00