stub(*): merge dynamically initrds

For dynamic usecases, e.g. credentials or system extension images, we have a need for dynamic merging of initrds.
2023-11-15 05:24:59 +01:00 · 2023-11-15 05:24:59 +01:00 · e2e8059df2
parent 88bcd99ca8
commit e2e8059df2
2 changed files with 22 additions and 3 deletions
--- a/rust/uefi/stub/src/fat.rs
+++ b/rust/uefi/stub/src/fat.rs
@ -51,7 +51,7 @@ pub fn boot_linux(
    // image and then parse the PE data structures from it. This is
    // safe, because we don't touch any data in the data sections that
    // might conceivably change while we look at the slice.
-    let config = unsafe {
+    let mut config = unsafe {
        EmbeddedConfiguration::new(
            booted_image_file(system_table.boot_services())
                .unwrap()
@ -67,5 +67,16 @@ pub fn boot_linux(
        secure_boot_enabled,
    );

-    boot_linux_unchecked(handle, system_table, config.kernel, &cmdline, config.initrd).status()
+    let mut final_initrd = Vec::new();
+    final_initrd.append(&mut config.initrd);
+
+    // Correctness: dynamic initrds are supposed to be validated by caller,
+    // i.e. they are system extension images or credentials
+    // that are supposedly measured in TPM2.
+    // Therefore, it is normal to not verify their hashes against a configuration.
+    for mut extra_initrd in dynamic_initrds {
+        final_initrd.append(&mut extra_initrd);
+    }
+
+    boot_linux_unchecked(handle, system_table, config.kernel, &cmdline, final_initrd).status()
 }
--- a/rust/uefi/stub/src/thin.rs
+++ b/rust/uefi/stub/src/thin.rs
@ -99,7 +99,7 @@ pub fn boot_linux(
    let secure_boot_enabled = get_secure_boot_status(system_table.runtime_services());

    let kernel_data;
-    let initrd_data;
+    let mut initrd_data;

    {
        let file_system = system_table
@ -135,5 +135,13 @@ pub fn boot_linux(
        secure_boot_enabled,
    )?;

+    // Correctness: dynamic initrds are supposed to be validated by caller,
+    // i.e. they are system extension images or credentials
+    // that are supposedly measured in TPM2.
+    // Therefore, it is normal to not verify their hashes against a configuration.
+    for mut extra_initrd in dynamic_initrds {
+        initrd_data.append(&mut extra_initrd);
+    }
+
    boot_linux_unchecked(handle, system_table, kernel_data, &cmdline, initrd_data)
 }