2022-11-22 17:25:52 -06:00
|
|
|
//! This module implements the protocols to hand an initrd to the
|
|
|
|
//! Linux kernel.
|
2022-11-23 07:11:24 -06:00
|
|
|
//!
|
|
|
|
//! XXX The initrd signature validation is vulnerable to TOCTOU,
|
|
|
|
//! because we read the initrd multiple times. The code needs to be
|
|
|
|
//! restructured to solve this.
|
2022-11-22 17:25:52 -06:00
|
|
|
|
2022-11-27 19:39:36 -06:00
|
|
|
use core::{ffi::c_void, pin::Pin, ptr::slice_from_raw_parts_mut};
|
2022-11-22 17:25:52 -06:00
|
|
|
|
2022-11-27 13:34:39 -06:00
|
|
|
use alloc::{boxed::Box, vec::Vec};
|
2022-11-22 17:25:52 -06:00
|
|
|
use uefi::{
|
|
|
|
prelude::BootServices,
|
|
|
|
proto::{
|
|
|
|
device_path::{DevicePath, FfiDevicePath},
|
|
|
|
Protocol,
|
|
|
|
},
|
2022-11-22 17:52:38 -06:00
|
|
|
unsafe_guid, Handle, Identify, Result, ResultExt, Status,
|
2022-11-22 17:25:52 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
/// The Linux kernel's initrd loading device path.
|
|
|
|
///
|
|
|
|
/// The Linux kernel points us to
|
|
|
|
/// [u-boot](https://github.com/u-boot/u-boot/commit/ec80b4735a593961fe701cc3a5d717d4739b0fd0#diff-1f940face4d1cf74f9d2324952759404d01ee0a81612b68afdcba6b49803bdbbR28)
|
|
|
|
/// for documentation.
|
|
|
|
// XXX This should actually be something like:
|
|
|
|
// static const struct {
|
|
|
|
// struct efi_vendor_dev_path vendor;
|
|
|
|
// struct efi_generic_dev_path end;
|
|
|
|
// } __packed initrd_dev_path = {
|
|
|
|
// {
|
|
|
|
// {
|
|
|
|
// EFI_DEV_MEDIA,
|
|
|
|
// EFI_DEV_MEDIA_VENDOR,
|
|
|
|
// sizeof(struct efi_vendor_dev_path),
|
|
|
|
// },
|
|
|
|
// LINUX_EFI_INITRD_MEDIA_GUID
|
|
|
|
// }, {
|
|
|
|
// EFI_DEV_END_PATH,
|
|
|
|
// EFI_DEV_END_ENTIRE,
|
|
|
|
// sizeof(struct efi_generic_dev_path)
|
|
|
|
// }
|
|
|
|
// };
|
|
|
|
static mut DEVICE_PATH_PROTOCOL: [u8; 24] = [
|
|
|
|
0x04, 0x03, 0x14, 0x00, 0x27, 0xe4, 0x68, 0x55, 0xfc, 0x68, 0x3d, 0x4f, 0xac, 0x74, 0xca, 0x55,
|
|
|
|
0x52, 0x31, 0xcc, 0x68, 0x7f, 0xff, 0x04, 0x00,
|
|
|
|
];
|
|
|
|
|
2022-11-24 05:11:17 -06:00
|
|
|
/// The UEFI LoadFile2 protocol.
|
|
|
|
///
|
|
|
|
/// This protocol has a single method to load a file.
|
2022-11-22 17:25:52 -06:00
|
|
|
#[repr(C)]
|
|
|
|
#[unsafe_guid("4006c0c1-fcb3-403e-996d-4a6c8724e06d")]
|
|
|
|
#[derive(Protocol)]
|
|
|
|
struct LoadFile2Protocol {
|
|
|
|
load_file: unsafe extern "efiapi" fn(
|
|
|
|
this: &mut LoadFile2Protocol,
|
|
|
|
file_path: *const FfiDevicePath,
|
|
|
|
boot_policy: bool,
|
|
|
|
buffer_size: *mut usize,
|
|
|
|
buffer: *mut c_void,
|
|
|
|
) -> Status,
|
|
|
|
|
|
|
|
// This is not part of the official protocol struct.
|
2022-11-27 13:34:39 -06:00
|
|
|
initrd_data: Vec<u8>,
|
2022-11-22 17:25:52 -06:00
|
|
|
}
|
|
|
|
|
2022-11-22 17:52:38 -06:00
|
|
|
impl LoadFile2Protocol {
|
|
|
|
fn load_file(
|
|
|
|
&mut self,
|
|
|
|
_file_path: *const FfiDevicePath,
|
|
|
|
_boot_policy: bool,
|
|
|
|
buffer_size: *mut usize,
|
|
|
|
buffer: *mut c_void,
|
|
|
|
) -> Result<()> {
|
2022-11-27 13:34:39 -06:00
|
|
|
if buffer.is_null() || unsafe { *buffer_size } < self.initrd_data.len() {
|
2022-11-22 17:52:38 -06:00
|
|
|
unsafe {
|
2022-11-27 13:34:39 -06:00
|
|
|
*buffer_size = self.initrd_data.len();
|
2022-11-22 17:52:38 -06:00
|
|
|
}
|
|
|
|
return Err(Status::BUFFER_TOO_SMALL.into());
|
|
|
|
};
|
|
|
|
|
2022-11-23 06:51:07 -06:00
|
|
|
unsafe {
|
2022-11-27 13:34:39 -06:00
|
|
|
*buffer_size = self.initrd_data.len();
|
2022-11-23 06:51:07 -06:00
|
|
|
}
|
|
|
|
|
2022-11-22 17:52:38 -06:00
|
|
|
let output_slice: &mut [u8] =
|
|
|
|
unsafe { &mut *slice_from_raw_parts_mut(buffer as *mut u8, *buffer_size) };
|
|
|
|
|
2022-11-27 13:34:39 -06:00
|
|
|
output_slice.copy_from_slice(&self.initrd_data);
|
2022-11-22 17:52:38 -06:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
unsafe extern "efiapi" fn raw_load_file(
|
|
|
|
this: &mut LoadFile2Protocol,
|
|
|
|
file_path: *const FfiDevicePath,
|
|
|
|
boot_policy: bool,
|
|
|
|
buffer_size: *mut usize,
|
|
|
|
buffer: *mut c_void,
|
2022-11-22 17:25:52 -06:00
|
|
|
) -> Status {
|
2022-11-22 17:52:38 -06:00
|
|
|
this.load_file(file_path, boot_policy, buffer_size, buffer)
|
|
|
|
.status()
|
2022-11-22 17:25:52 -06:00
|
|
|
}
|
|
|
|
|
2022-11-24 05:11:17 -06:00
|
|
|
/// A RAII wrapper to install and uninstall the Linux initrd loading
|
|
|
|
/// protocol.
|
|
|
|
///
|
|
|
|
/// **Note:** You need to call [`InitrdLoader::uninstall`], before
|
|
|
|
/// this is dropped.
|
2022-11-22 17:25:52 -06:00
|
|
|
pub struct InitrdLoader {
|
|
|
|
proto: Pin<Box<LoadFile2Protocol>>,
|
|
|
|
handle: Handle,
|
|
|
|
registered: bool,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl InitrdLoader {
|
2022-11-24 05:18:23 -06:00
|
|
|
/// Create a new [`InitrdLoader`].
|
|
|
|
///
|
|
|
|
/// `handle` is the handle where the protocols are registered
|
|
|
|
/// on. `file` is the file that is served to Linux.
|
2022-11-27 19:39:36 -06:00
|
|
|
pub fn new(boot_services: &BootServices, handle: Handle, initrd_data: Vec<u8>) -> Result<Self> {
|
2022-11-22 17:25:52 -06:00
|
|
|
let mut proto = Box::pin(LoadFile2Protocol {
|
2022-11-22 17:52:38 -06:00
|
|
|
load_file: raw_load_file,
|
2022-11-27 13:34:39 -06:00
|
|
|
initrd_data,
|
2022-11-22 17:25:52 -06:00
|
|
|
});
|
|
|
|
|
2022-11-24 05:18:23 -06:00
|
|
|
// Linux finds the right handle by looking for something that
|
|
|
|
// implements the device path protocol for the specific device
|
|
|
|
// path.
|
2022-11-22 17:25:52 -06:00
|
|
|
unsafe {
|
2022-11-24 05:18:23 -06:00
|
|
|
let dp_proto: *mut u8 = DEVICE_PATH_PROTOCOL.as_mut_ptr();
|
2022-11-22 17:25:52 -06:00
|
|
|
|
|
|
|
boot_services.install_protocol_interface(
|
|
|
|
Some(handle),
|
|
|
|
&DevicePath::GUID,
|
|
|
|
dp_proto as *mut c_void,
|
|
|
|
)?;
|
|
|
|
|
|
|
|
let lf_proto: *mut LoadFile2Protocol = proto.as_mut().get_mut();
|
|
|
|
|
|
|
|
boot_services.install_protocol_interface(
|
|
|
|
Some(handle),
|
|
|
|
&LoadFile2Protocol::GUID,
|
|
|
|
lf_proto as *mut c_void,
|
|
|
|
)?;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(InitrdLoader {
|
|
|
|
handle,
|
|
|
|
proto,
|
|
|
|
registered: true,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn uninstall(&mut self, boot_services: &BootServices) -> Result<()> {
|
|
|
|
// This should only be called once.
|
|
|
|
assert!(self.registered);
|
|
|
|
|
|
|
|
unsafe {
|
|
|
|
let dp_proto: *mut u8 = &mut DEVICE_PATH_PROTOCOL[0];
|
|
|
|
boot_services.uninstall_protocol_interface(
|
|
|
|
self.handle,
|
|
|
|
&DevicePath::GUID,
|
|
|
|
dp_proto as *mut c_void,
|
|
|
|
)?;
|
|
|
|
|
|
|
|
let lf_proto: *mut LoadFile2Protocol = self.proto.as_mut().get_mut();
|
|
|
|
|
|
|
|
boot_services.uninstall_protocol_interface(
|
|
|
|
self.handle,
|
|
|
|
&LoadFile2Protocol::GUID,
|
|
|
|
lf_proto as *mut c_void,
|
|
|
|
)?;
|
|
|
|
}
|
|
|
|
|
|
|
|
self.registered = false;
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Drop for InitrdLoader {
|
|
|
|
fn drop(&mut self) {
|
|
|
|
// Dropped without unregistering!
|
|
|
|
assert!(!self.registered);
|
|
|
|
}
|
|
|
|
}
|