f4f4e3c715
Add support for performing basic TPM measurements. Right now this only supports extending PCRs statically and only on UEFI. In future we might want to have some sort of mechanism for choosing which events get logged to which PCRs, but this seems like a good default policy and we can wait to see whether anyone has a use case before adding more complexity. Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
473 lines
12 KiB
C
473 lines
12 KiB
C
/* multiboot.c - boot a multiboot OS image. */
|
|
/*
|
|
* GRUB -- GRand Unified Bootloader
|
|
* Copyright (C) 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009,2010 Free Software Foundation, Inc.
|
|
*
|
|
* GRUB is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GRUB is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/*
|
|
* FIXME: The following features from the Multiboot specification still
|
|
* need to be implemented:
|
|
* - drives table
|
|
* - ROM configuration table
|
|
* - SMBIOS tables
|
|
* - Networking information
|
|
*/
|
|
|
|
#include <grub/loader.h>
|
|
#include <grub/command.h>
|
|
#ifdef GRUB_USE_MULTIBOOT2
|
|
#include <grub/multiboot2.h>
|
|
#define GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER GRUB_MULTIBOOT2_CONSOLE_FRAMEBUFFER
|
|
#define GRUB_MULTIBOOT_CONSOLE_EGA_TEXT GRUB_MULTIBOOT2_CONSOLE_EGA_TEXT
|
|
#define GRUB_MULTIBOOT(x) grub_multiboot2_ ## x
|
|
#else
|
|
#include <grub/multiboot.h>
|
|
#define GRUB_MULTIBOOT(x) grub_multiboot_ ## x
|
|
#endif
|
|
#include <grub/cpu/multiboot.h>
|
|
#include <grub/elf.h>
|
|
#include <grub/aout.h>
|
|
#include <grub/file.h>
|
|
#include <grub/err.h>
|
|
#include <grub/dl.h>
|
|
#include <grub/mm.h>
|
|
#include <grub/misc.h>
|
|
#include <grub/env.h>
|
|
#include <grub/cpu/relocator.h>
|
|
#include <grub/video.h>
|
|
#include <grub/memory.h>
|
|
#include <grub/i18n.h>
|
|
#include <grub/tpm.h>
|
|
|
|
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
|
#ifdef GRUB_MACHINE_EFI
|
|
#include <grub/efi/efi.h>
|
|
#endif
|
|
|
|
struct grub_relocator *GRUB_MULTIBOOT (relocator) = NULL;
|
|
grub_uint32_t GRUB_MULTIBOOT (payload_eip);
|
|
#if defined (GRUB_MACHINE_PCBIOS) || defined (GRUB_MACHINE_MULTIBOOT) || defined (GRUB_MACHINE_COREBOOT) || defined (GRUB_MACHINE_QEMU)
|
|
#define DEFAULT_VIDEO_MODE "text"
|
|
#else
|
|
#define DEFAULT_VIDEO_MODE "auto"
|
|
#endif
|
|
|
|
static int accepts_video;
|
|
static int accepts_ega_text;
|
|
static int console_required;
|
|
static grub_dl_t my_mod;
|
|
|
|
|
|
/* Helper for grub_get_multiboot_mmap_count. */
|
|
static int
|
|
count_hook (grub_uint64_t addr __attribute__ ((unused)),
|
|
grub_uint64_t size __attribute__ ((unused)),
|
|
grub_memory_type_t type __attribute__ ((unused)), void *data)
|
|
{
|
|
grub_size_t *count = data;
|
|
|
|
(*count)++;
|
|
return 0;
|
|
}
|
|
|
|
/* Return the length of the Multiboot mmap that will be needed to allocate
|
|
our platform's map. */
|
|
grub_uint32_t
|
|
GRUB_MULTIBOOT (get_mmap_count) (void)
|
|
{
|
|
grub_size_t count = 0;
|
|
|
|
grub_mmap_iterate (count_hook, &count);
|
|
|
|
return count;
|
|
}
|
|
|
|
grub_err_t
|
|
GRUB_MULTIBOOT (set_video_mode) (void)
|
|
{
|
|
grub_err_t err;
|
|
const char *modevar;
|
|
|
|
#if GRUB_MACHINE_HAS_VGA_TEXT
|
|
if (accepts_video)
|
|
#endif
|
|
{
|
|
modevar = grub_env_get ("gfxpayload");
|
|
if (! modevar || *modevar == 0)
|
|
err = grub_video_set_mode (DEFAULT_VIDEO_MODE, 0, 0);
|
|
else
|
|
{
|
|
char *tmp;
|
|
tmp = grub_xasprintf ("%s;" DEFAULT_VIDEO_MODE, modevar);
|
|
if (! tmp)
|
|
return grub_errno;
|
|
err = grub_video_set_mode (tmp, 0, 0);
|
|
grub_free (tmp);
|
|
}
|
|
}
|
|
#if GRUB_MACHINE_HAS_VGA_TEXT
|
|
else
|
|
err = grub_video_set_mode ("text", 0, 0);
|
|
#endif
|
|
|
|
return err;
|
|
}
|
|
|
|
#ifdef GRUB_MACHINE_EFI
|
|
#ifdef __x86_64__
|
|
#define grub_relocator_efi_boot grub_relocator64_efi_boot
|
|
#define grub_relocator_efi_state grub_relocator64_efi_state
|
|
#endif
|
|
#endif
|
|
|
|
#ifdef grub_relocator_efi_boot
|
|
static void
|
|
efi_boot (struct grub_relocator *rel,
|
|
grub_uint32_t target)
|
|
{
|
|
#ifdef GRUB_USE_MULTIBOOT2
|
|
struct grub_relocator_efi_state state_efi = MULTIBOOT2_EFI_INITIAL_STATE;
|
|
#else
|
|
struct grub_relocator_efi_state state_efi = MULTIBOOT_EFI_INITIAL_STATE;
|
|
#endif
|
|
state_efi.MULTIBOOT_EFI_ENTRY_REGISTER = GRUB_MULTIBOOT (payload_eip);
|
|
state_efi.MULTIBOOT_EFI_MBI_REGISTER = target;
|
|
|
|
grub_relocator_efi_boot (rel, state_efi);
|
|
}
|
|
#else
|
|
#define grub_efi_is_finished 1
|
|
static void
|
|
efi_boot (struct grub_relocator *rel __attribute__ ((unused)),
|
|
grub_uint32_t target __attribute__ ((unused)))
|
|
{
|
|
}
|
|
#endif
|
|
|
|
#if defined (__i386__) || defined (__x86_64__)
|
|
static void
|
|
normal_boot (struct grub_relocator *rel, struct grub_relocator32_state state)
|
|
{
|
|
grub_relocator32_boot (rel, state, 0);
|
|
}
|
|
#else
|
|
static void
|
|
normal_boot (struct grub_relocator *rel, struct grub_relocator32_state state)
|
|
{
|
|
grub_relocator32_boot (rel, state);
|
|
}
|
|
#endif
|
|
|
|
static grub_err_t
|
|
grub_multiboot_boot (void)
|
|
{
|
|
grub_err_t err;
|
|
|
|
#ifdef GRUB_USE_MULTIBOOT2
|
|
struct grub_relocator32_state state = MULTIBOOT2_INITIAL_STATE;
|
|
#else
|
|
struct grub_relocator32_state state = MULTIBOOT_INITIAL_STATE;
|
|
#endif
|
|
state.MULTIBOOT_ENTRY_REGISTER = GRUB_MULTIBOOT (payload_eip);
|
|
|
|
err = GRUB_MULTIBOOT (make_mbi) (&state.MULTIBOOT_MBI_REGISTER);
|
|
|
|
if (err)
|
|
return err;
|
|
|
|
if (grub_efi_is_finished)
|
|
normal_boot (GRUB_MULTIBOOT (relocator), state);
|
|
else
|
|
efi_boot (GRUB_MULTIBOOT (relocator), state.MULTIBOOT_MBI_REGISTER);
|
|
|
|
/* Not reached. */
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
static grub_err_t
|
|
grub_multiboot_unload (void)
|
|
{
|
|
GRUB_MULTIBOOT (free_mbi) ();
|
|
|
|
grub_relocator_unload (GRUB_MULTIBOOT (relocator));
|
|
GRUB_MULTIBOOT (relocator) = NULL;
|
|
|
|
grub_dl_unref (my_mod);
|
|
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
static grub_uint64_t highest_load;
|
|
|
|
#define MULTIBOOT_LOAD_ELF64
|
|
#include "multiboot_elfxx.c"
|
|
#undef MULTIBOOT_LOAD_ELF64
|
|
|
|
#define MULTIBOOT_LOAD_ELF32
|
|
#include "multiboot_elfxx.c"
|
|
#undef MULTIBOOT_LOAD_ELF32
|
|
|
|
/* Load ELF32 or ELF64. */
|
|
grub_err_t
|
|
GRUB_MULTIBOOT (load_elf) (mbi_load_data_t *mld)
|
|
{
|
|
if (grub_multiboot_is_elf32 (mld->buffer))
|
|
return grub_multiboot_load_elf32 (mld);
|
|
else if (grub_multiboot_is_elf64 (mld->buffer))
|
|
return grub_multiboot_load_elf64 (mld);
|
|
|
|
return grub_error (GRUB_ERR_UNKNOWN_OS, N_("invalid arch-dependent ELF magic"));
|
|
}
|
|
|
|
grub_err_t
|
|
GRUB_MULTIBOOT (set_console) (int console_type, int accepted_consoles,
|
|
int width, int height, int depth,
|
|
int console_req)
|
|
{
|
|
console_required = console_req;
|
|
if (!(accepted_consoles
|
|
& (GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER
|
|
| (GRUB_MACHINE_HAS_VGA_TEXT ? GRUB_MULTIBOOT_CONSOLE_EGA_TEXT : 0))))
|
|
{
|
|
if (console_required)
|
|
return grub_error (GRUB_ERR_BAD_OS,
|
|
"OS requires a console but none is available");
|
|
grub_puts_ (N_("WARNING: no console will be available to OS"));
|
|
accepts_video = 0;
|
|
accepts_ega_text = 0;
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
if (console_type == GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER)
|
|
{
|
|
char *buf;
|
|
if (depth && width && height)
|
|
buf = grub_xasprintf ("%dx%dx%d,%dx%d,auto", width,
|
|
height, depth, width, height);
|
|
else if (width && height)
|
|
buf = grub_xasprintf ("%dx%d,auto", width, height);
|
|
else
|
|
buf = grub_strdup ("auto");
|
|
|
|
if (!buf)
|
|
return grub_errno;
|
|
grub_env_set ("gfxpayload", buf);
|
|
grub_free (buf);
|
|
}
|
|
else
|
|
{
|
|
#if GRUB_MACHINE_HAS_VGA_TEXT
|
|
grub_env_set ("gfxpayload", "text");
|
|
#else
|
|
/* Always use video if no VGA text is available. */
|
|
grub_env_set ("gfxpayload", "auto");
|
|
#endif
|
|
}
|
|
|
|
accepts_video = !!(accepted_consoles & GRUB_MULTIBOOT_CONSOLE_FRAMEBUFFER);
|
|
accepts_ega_text = !!(accepted_consoles & GRUB_MULTIBOOT_CONSOLE_EGA_TEXT);
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
static grub_err_t
|
|
grub_cmd_multiboot (grub_command_t cmd __attribute__ ((unused)),
|
|
int argc, char *argv[])
|
|
{
|
|
grub_file_t file = 0;
|
|
grub_err_t err;
|
|
|
|
grub_loader_unset ();
|
|
|
|
highest_load = 0;
|
|
|
|
#ifndef GRUB_USE_MULTIBOOT2
|
|
grub_multiboot_quirks = GRUB_MULTIBOOT_QUIRKS_NONE;
|
|
int option_found = 0;
|
|
|
|
do
|
|
{
|
|
option_found = 0;
|
|
if (argc != 0 && grub_strcmp (argv[0], "--quirk-bad-kludge") == 0)
|
|
{
|
|
argc--;
|
|
argv++;
|
|
option_found = 1;
|
|
grub_multiboot_quirks |= GRUB_MULTIBOOT_QUIRK_BAD_KLUDGE;
|
|
}
|
|
|
|
if (argc != 0 && grub_strcmp (argv[0], "--quirk-modules-after-kernel") == 0)
|
|
{
|
|
argc--;
|
|
argv++;
|
|
option_found = 1;
|
|
grub_multiboot_quirks |= GRUB_MULTIBOOT_QUIRK_MODULES_AFTER_KERNEL;
|
|
}
|
|
} while (option_found);
|
|
#endif
|
|
|
|
if (argc == 0)
|
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
|
|
|
file = grub_file_open (argv[0], GRUB_FILE_TYPE_MULTIBOOT_KERNEL);
|
|
if (! file)
|
|
return grub_errno;
|
|
|
|
grub_dl_ref (my_mod);
|
|
|
|
/* Skip filename. */
|
|
GRUB_MULTIBOOT (init_mbi) (argc - 1, argv + 1);
|
|
|
|
grub_relocator_unload (GRUB_MULTIBOOT (relocator));
|
|
GRUB_MULTIBOOT (relocator) = grub_relocator_new ();
|
|
|
|
if (!GRUB_MULTIBOOT (relocator))
|
|
goto fail;
|
|
|
|
err = GRUB_MULTIBOOT (load) (file, argv[0]);
|
|
if (err)
|
|
goto fail;
|
|
|
|
GRUB_MULTIBOOT (set_bootdev) ();
|
|
|
|
grub_loader_set (grub_multiboot_boot, grub_multiboot_unload, 0);
|
|
|
|
fail:
|
|
if (file)
|
|
grub_file_close (file);
|
|
|
|
if (grub_errno != GRUB_ERR_NONE)
|
|
{
|
|
grub_relocator_unload (GRUB_MULTIBOOT (relocator));
|
|
GRUB_MULTIBOOT (relocator) = NULL;
|
|
grub_dl_unref (my_mod);
|
|
}
|
|
|
|
return grub_errno;
|
|
}
|
|
|
|
static grub_err_t
|
|
grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
|
|
int argc, char *argv[])
|
|
{
|
|
grub_file_t file = 0;
|
|
grub_ssize_t size;
|
|
void *module = NULL;
|
|
grub_addr_t target;
|
|
grub_err_t err;
|
|
int nounzip = 0;
|
|
grub_uint64_t lowest_addr = 0;
|
|
|
|
if (argc == 0)
|
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
|
|
|
if (grub_strcmp (argv[0], "--nounzip") == 0)
|
|
{
|
|
argv++;
|
|
argc--;
|
|
nounzip = 1;
|
|
}
|
|
|
|
if (argc == 0)
|
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
|
|
|
if (!GRUB_MULTIBOOT (relocator))
|
|
return grub_error (GRUB_ERR_BAD_ARGUMENT,
|
|
N_("you need to load the kernel first"));
|
|
|
|
file = grub_file_open (argv[0], GRUB_FILE_TYPE_MULTIBOOT_MODULE
|
|
| (nounzip ? GRUB_FILE_TYPE_NO_DECOMPRESS : GRUB_FILE_TYPE_NONE));
|
|
if (! file)
|
|
return grub_errno;
|
|
|
|
#ifndef GRUB_USE_MULTIBOOT2
|
|
lowest_addr = 0x100000;
|
|
if (grub_multiboot_quirks & GRUB_MULTIBOOT_QUIRK_MODULES_AFTER_KERNEL)
|
|
lowest_addr = ALIGN_UP (highest_load + 1048576, 4096);
|
|
#endif
|
|
|
|
size = grub_file_size (file);
|
|
if (size)
|
|
{
|
|
grub_relocator_chunk_t ch;
|
|
err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
|
|
lowest_addr, (0xffffffff - size) + 1,
|
|
size, MULTIBOOT_MOD_ALIGN,
|
|
GRUB_RELOCATOR_PREFERENCE_NONE, 1);
|
|
if (err)
|
|
{
|
|
grub_file_close (file);
|
|
return err;
|
|
}
|
|
module = get_virtual_current_address (ch);
|
|
target = get_physical_target_address (ch);
|
|
}
|
|
else
|
|
{
|
|
module = 0;
|
|
target = 0;
|
|
}
|
|
|
|
err = GRUB_MULTIBOOT (add_module) (target, size, argc - 1, argv + 1);
|
|
if (err)
|
|
{
|
|
grub_file_close (file);
|
|
return err;
|
|
}
|
|
|
|
if (size && grub_file_read (file, module, size) != size)
|
|
{
|
|
grub_file_close (file);
|
|
if (!grub_errno)
|
|
grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"),
|
|
argv[0]);
|
|
return grub_errno;
|
|
}
|
|
|
|
grub_file_close (file);
|
|
// TODO figure out the GRUB_VERIFY_ equivalent for this one
|
|
//grub_tpm_measure (module, size, GRUB_BINARY_PCR, argv[0]);
|
|
//grub_print_error();
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
static grub_command_t cmd_multiboot, cmd_module;
|
|
|
|
GRUB_MOD_INIT(multiboot)
|
|
{
|
|
cmd_multiboot =
|
|
#ifdef GRUB_USE_MULTIBOOT2
|
|
grub_register_command ("multiboot2", grub_cmd_multiboot,
|
|
0, N_("Load a multiboot 2 kernel."));
|
|
cmd_module =
|
|
grub_register_command ("module2", grub_cmd_module,
|
|
0, N_("Load a multiboot 2 module."));
|
|
#else
|
|
grub_register_command ("multiboot", grub_cmd_multiboot,
|
|
0, N_("Load a multiboot kernel."));
|
|
cmd_module =
|
|
grub_register_command ("module", grub_cmd_module,
|
|
0, N_("Load a multiboot module."));
|
|
#endif
|
|
|
|
my_mod = mod;
|
|
}
|
|
|
|
GRUB_MOD_FINI(multiboot)
|
|
{
|
|
grub_unregister_command (cmd_multiboot);
|
|
grub_unregister_command (cmd_module);
|
|
}
|