shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-10 01:17:44 +03:00
Code

tree-wide: Drop gnu-efi

Browse Source 
This drops all mentions of gnu-efi and its manual build machinery. A
future commit will bring bootloader builds back. A new bootloader meson
option is now used to control whether to build sd-boot and its userspace
tooling.
This commit is contained in:
Jan Janssen 2023-02-26 14:09:44 +01:00
parent 9214828313
commit dfca5587cf
29 changed files with 86 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build_test.sh vendored
View File

@ -9,7 +9,7 @@ success() { echo >&2 -e "\033[32;1m$1\033[0m"; }
ARGS=(
"--optimization=0"
"--optimization=s -Dgnu-efi=true -Defi-cflags=-m32 -Defi-libdir=/usr/lib32"
"--optimization=s -Dbootloader=true -Defi-cflags=-m32"
"--optimization=3 -Db_lto=true -Ddns-over-tls=false"
"--optimization=3 -Db_lto=false"
"--optimization=3 -Ddns-over-tls=openssl"

1
README
View File

@ -216,7 +216,6 @@ REQUIREMENTS:
awk, sed, grep, and similar tools
clang >= 10.0, llvm >= 10.0 (optional, required to build BPF programs
from source code in C)
gnu-efi >= 3.0.5 (optional, required for systemd-boot)
During runtime, you need the following additional
dependencies:

2
man/bootctl.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="bootctl" conditional='HAVE_GNU_EFI'
<refentry id="bootctl" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>bootctl</title>

2
man/loader.conf.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="loader.conf" conditional='HAVE_GNU_EFI'
<refentry id="loader.conf" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>loader.conf</title>

21
man/rules/meson.build
View File

@ -5,7 +5,7 @@
# ninja -C build update-man-rules
manpages = [
['binfmt.d', '5', [], 'ENABLE_BINFMT'],
['bootctl', '1', [], 'HAVE_GNU_EFI'],
['bootctl', '1', [], 'ENABLE_BOOTLOADER'],
['bootup', '7', [], ''],
['busctl', '1', [], ''],
['coredump.conf', '5', ['coredump.conf.d'], 'ENABLE_COREDUMP'],
@ -31,7 +31,7 @@ manpages = [
['kernel-command-line', '7', [], ''],
['kernel-install', '8', [], 'ENABLE_KERNEL_INSTALL'],
['libudev', '3', [], ''],
['loader.conf', '5', [], 'HAVE_GNU_EFI'],
['loader.conf', '5', [], 'ENABLE_BOOTLOADER'],
['locale.conf', '5', [], ''],
['localectl', '1', [], 'ENABLE_LOCALED'],
['localtime', '5', [], ''],
@ -877,14 +877,17 @@ manpages = [
['systemd-ask-password', '1', [], ''],
['systemd-backlight@.service', '8', ['systemd-backlight'], 'ENABLE_BACKLIGHT'],
['systemd-binfmt.service', '8', ['systemd-binfmt'], 'ENABLE_BINFMT'],
['systemd-bless-boot-generator', '8', [], 'HAVE_GNU_EFI'],
['systemd-bless-boot.service', '8', ['systemd-bless-boot'], 'HAVE_GNU_EFI'],
['systemd-bless-boot-generator', '8', [], 'ENABLE_BOOTLOADER'],
['systemd-bless-boot.service',
'8',
['systemd-bless-boot'],
'ENABLE_BOOTLOADER'],
['systemd-boot-check-no-failures.service',
'8',
['systemd-boot-check-no-failures'],
''],
['systemd-boot-random-seed.service', '8', [], 'HAVE_GNU_EFI'],
['systemd-boot', '7', ['sd-boot'], 'HAVE_GNU_EFI'],
['systemd-boot-random-seed.service', '8', [], 'ENABLE_BOOTLOADER'],
['systemd-boot', '7', ['sd-boot'], 'ENABLE_BOOTLOADER'],
['systemd-cat', '1', [], ''],
['systemd-cgls', '1', [], ''],
['systemd-cgtop', '1', [], ''],
@ -971,7 +974,7 @@ manpages = [
'systemd-makefs',
'systemd-mkswap@.service'],
''],
['systemd-measure', '1', [], 'HAVE_GNU_EFI'],
['systemd-measure', '1', [], 'ENABLE_BOOTLOADER'],
['systemd-modules-load.service', '8', ['systemd-modules-load'], 'HAVE_KMOD'],
['systemd-mount', '1', ['systemd-umount'], ''],
['systemd-network-generator.service', '8', ['systemd-network-generator'], ''],
@ -992,7 +995,7 @@ manpages = [
'systemd-pcrphase',
'systemd-pcrphase-initrd.service',
'systemd-pcrphase-sysinit.service'],
'HAVE_GNU_EFI'],
'ENABLE_BOOTLOADER'],
['systemd-portabled.service', '8', ['systemd-portabled'], 'ENABLE_PORTABLED'],
['systemd-poweroff.service',
'8',
@ -1027,7 +1030,7 @@ manpages = [
['systemd-stub',
'7',
['linuxaa64.efi.stub', 'linuxia32.efi.stub', 'linuxx64.efi.stub', 'sd-stub'],
'HAVE_GNU_EFI'],
'ENABLE_BOOTLOADER'],
['systemd-suspend.service',
'8',
['systemd-hibernate.service',

2
man/systemd-bless-boot-generator.xml
View File

@ -3,7 +3,7 @@
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-bless-boot-generator" conditional='HAVE_GNU_EFI'>
<refentry id="systemd-bless-boot-generator" conditional='ENABLE_BOOTLOADER'>
<refentryinfo>
<title>systemd-bless-boot-generator</title>

2
man/systemd-bless-boot.service.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-bless-boot.service" conditional='HAVE_GNU_EFI'
<refentry id="systemd-bless-boot.service" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>

2
man/systemd-boot-random-seed.service.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-boot-random-seed.service" conditional='HAVE_GNU_EFI'
<refentry id="systemd-boot-random-seed.service" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>

2
man/systemd-boot.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-boot" conditional='HAVE_GNU_EFI'
<refentry id="systemd-boot" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-boot</title>

2
man/systemd-measure.xml
View File

@ -3,7 +3,7 @@
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-measure" xmlns:xi="http://www.w3.org/2001/XInclude" conditional='HAVE_GNU_EFI'>
<refentry id="systemd-measure" xmlns:xi="http://www.w3.org/2001/XInclude" conditional='ENABLE_BOOTLOADER'>
<refentryinfo>
<title>systemd-measure</title>

2
man/systemd-pcrphase.service.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-pcrphase.service" conditional='HAVE_GNU_EFI'
<refentry id="systemd-pcrphase.service" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>

2
man/systemd-stub.xml
View File

@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-stub" conditional='HAVE_GNU_EFI'
<refentry id="systemd-stub" conditional='ENABLE_BOOTLOADER'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-stub</title>

48
meson.build
View File

@ -1869,6 +1869,7 @@ conf.set10('ENABLE_REMOTE', have)
foreach term : ['analyze',
'backlight',
'binfmt',
'compat-mutable-uid-boundaries',
'coredump',
'efi',
'environment-d',
@ -1880,23 +1881,22 @@ foreach term : ['analyze',
'idn',
'ima',
'initrd',
'compat-mutable-uid-boundaries',
'nscd',
'ldconfig',
'localed',
'logind',
'machined',
'networkd',
'nscd',
'nss-myhostname',
'nss-systemd',
'portabled',
'sysext',
'pstore',
'quotacheck',
'randomseed',
'resolve',
'rfkill',
'smack',
'sysext',
'sysusers',
'timedated',
'timesyncd',
@ -1953,20 +1953,36 @@ catalogs = []
############################################################
# Include these now as they provide gnu-efi detection.
subdir('src/fundamental')
subdir('src/boot/efi')
############################################################
pymod = import('python')
python = pymod.find_installation('python3', required : true, modules : ['jinja2'])
python_39 = python.language_version().version_compare('>=3.9')
#####################################################################
efi_arch = {
'aarch64' : 'aa64',
'arm' : 'arm',
'riscv64' : 'riscv64',
'x86_64' : 'x64',
'x86' : 'ia32',
}.get(host_machine.cpu_family(), '')
if get_option('bootloader') != 'false' and efi_arch != ''
conf.set_quoted('EFI_MACHINE_TYPE_NAME', efi_arch)
elif get_option('bootloader') == 'true' and efi_arch == ''
error('EFI not supported for this arch.')
endif
conf.set10(
'ENABLE_BOOTLOADER',
get_option('efi') and
get_option('bootloader') in ['auto', 'true'] and
efi_arch != '',
)
if get_option('ukify') == 'auto'
want_ukify = python_39 and conf.get('HAVE_GNU_EFI') == 1
elif get_option('ukify') == 'true' and (not python_39 or conf.get('HAVE_GNU_EFI') != 1)
error('ukify requires Python >= 3.9 and GNU EFI')
want_ukify = python_39 and conf.get('ENABLE_BOOTLOADER') == 1
elif get_option('ukify') == 'true' and (not python_39 or conf.get('ENABLE_BOOTLOADER') != 1)
error('ukify requires Python >= 3.9 and -Dbootloader=true')
else
want_ukify = get_option('ukify') == 'true'
endif
@ -2038,6 +2054,7 @@ includes = [libsystemd_includes, include_directories('src/shared')]
subdir('po')
subdir('catalog')
subdir('src/fundamental')
subdir('src/basic')
subdir('src/libsystemd')
subdir('src/shared')
@ -2202,6 +2219,7 @@ subdir('src/libsystemd-network')
subdir('src/analyze')
subdir('src/boot')
subdir('src/boot/efi')
subdir('src/busctl')
subdir('src/coredump')
subdir('src/cryptenroll')
@ -2655,7 +2673,7 @@ if conf.get('HAVE_PAM') == 1
install_dir : rootlibexecdir)
endif
if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1
if conf.get('HAVE_BLKID') == 1 and conf.get('ENABLE_BOOTLOADER') == 1
if get_option('link-boot-shared')
boot_link_with = [libshared]
else
@ -4730,11 +4748,11 @@ foreach tuple : [
# components
['backlight'],
['binfmt'],
['bootloader'],
['bpf-framework', conf.get('BPF_FRAMEWORK') == 1],
['coredump'],
['environment.d'],
['efi'],
['gnu-efi'],
['environment.d'],
['firstboot'],
['hibernate'],
['homed'],

16
meson_options.txt
View File

@ -93,7 +93,7 @@ option('ldconfig', type : 'boolean',
option('resolve', type : 'boolean',
description : 'systemd-resolved stack')
option('efi', type : 'boolean',
description : 'enable systemd-boot and bootctl')
description : 'enable EFI support')
option('tpm', type : 'boolean',
description : 'TPM should be used to log events and extend the registers')
option('environment-d', type : 'boolean',
@ -436,18 +436,8 @@ option('glib', type : 'combo', choices : ['auto', 'true', 'false'],
option('dbus', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'libdbus support (for tests only)')
option('gnu-efi', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gnu-efi support for sd-boot')
option('efi-cflags', type : 'array',
description : 'additional flags for EFI compiler')
# Note that LLD does not support PE/COFF relocations
# https://lists.llvm.org/pipermail/llvm-dev/2021-March/149234.html
option('efi-ld', type : 'combo', choices : ['auto', 'bfd', 'gold'],
description : 'the linker to use for EFI modules')
option('efi-libdir', type : 'string',
description : 'path to the EFI lib directory')
option('efi-includedir', type : 'string', value : '/usr/include/efi',
description : 'path to the EFI header directory')
option('bootloader', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'sd-boot/stub and userspace tools')
option('sbat-distro', type : 'string', value : 'auto',
description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
option('sbat-distro-generation', type : 'integer', value : 1,

2
mkosi.build
View File

@ -139,7 +139,7 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then
-D pcre2=true \
-D glib=true \
-D dbus=true \
-D gnu-efi=true \
-D bootloader=true \
-D kernel-install=true \
-D analyze=true \
-D bpf-framework=true \

1
mkosi.conf.d/10-systemd.conf
View File

@ -53,7 +53,6 @@ BuildPackages=
gcc
gettext
git
gnu-efi
gperf
lld
llvm

1
mkosi.conf.d/centos/10-centos.conf
View File

@ -59,7 +59,6 @@ BuildPackages=
glibc-devel.i686
glibc-static
glibc-static.i686
gnu-efi-devel
libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file.
libxslt
pam-devel

1
mkosi.conf.d/fedora/10-fedora.conf
View File

@ -50,7 +50,6 @@ BuildPackages=
docbook-xsl
dwarves
glibc-static
gnu-efi-devel
libcap-static
pam-devel
pkgconfig # pkgconf shim to provide /usr/bin/pkg-config

2
shell-completion/bash/meson.build
View File

@ -31,7 +31,7 @@ items = [['busctl', ''],
['systemd-path', ''],
['systemd-run', ''],
['udevadm', ''],
['bootctl', 'HAVE_GNU_EFI'],
['bootctl', 'ENABLE_BOOTLOADER'],
['coredumpctl', 'ENABLE_COREDUMP'],
['homectl', 'ENABLE_HOMED'],
['hostnamectl', 'ENABLE_HOSTNAMED'],

2
shell-completion/zsh/meson.build
View File

@ -27,7 +27,7 @@ items = [['_busctl', ''],
['_sd_outputmodes', ''],
['_sd_unit_files', ''],
['_sd_machines', ''],
['_bootctl', 'HAVE_GNU_EFI'],
['_bootctl', 'ENABLE_BOOTLOADER'],
['_coredumpctl', 'ENABLE_COREDUMP'],
['_hostnamectl', 'ENABLE_HOSTNAMED'],
['_localectl', 'ENABLE_LOCALED'],

12
src/boot/efi/boot.c
View File

@ -23,13 +23,6 @@
#include "util.h"
#include "vmm.h"
#ifndef GNU_EFI_USE_MS_ABI
/* We do not use uefi_call_wrapper() in systemd-boot. As such, we rely on the
* compiler to do the calling convention conversion for us. This is check is
* to make sure the -DGNU_EFI_USE_MS_ABI was passed to the compiler. */
#error systemd-boot requires compilation with GNU_EFI_USE_MS_ABI defined.
#endif
/* Magic string for recognizing our own binaries */
_used_ _section_(".sdmagic") static const char magic[] =
"#### LoaderInfo: systemd-boot " GIT_VERSION " ####";
@ -2735,8 +2728,3 @@ out:
}
DEFINE_EFI_MAIN_FUNCTION(run, "systemd-boot", /*wait_for_debugger=*/false);
/* Fedora has a heavily patched gnu-efi that supports elf constructors. It calls into _entry instead. */
EFI_STATUS _entry(EFI_HANDLE image, EFI_SYSTEM_TABLE *system_table) {
return efi_main(image, system_table);
}

375
src/boot/efi/meson.build
View File

@ -1,129 +1,12 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
conf.set10('ENABLE_EFI', get_option('efi'))
conf.set10('HAVE_GNU_EFI', false)
efi_config_h_dir = meson.current_build_dir()
if not get_option('efi') or get_option('gnu-efi') == 'false'
if get_option('gnu-efi') == 'true'
error('gnu-efi support requested, but general efi support is disabled')
endif
if conf.get('ENABLE_BOOTLOADER') != 1
subdir_done()
endif
efi_arch = host_machine.cpu_family()
if efi_arch == 'x86' and '-m64' in get_option('efi-cflags')
efi_arch = 'x86_64'
elif efi_arch == 'x86_64' and '-m32' in get_option('efi-cflags')
efi_arch = 'x86'
endif
efi_arch = {
# host_cc_arch: [efi_arch (see Table 3-2 in UEFI spec), obsolete gnu_efi_inc_arch]
'x86': ['ia32', 'ia32'],
'x86_64': ['x64', 'x86_64'],
'arm': ['arm', 'arm'],
'aarch64': ['aa64', 'aarch64'],
'riscv64': ['riscv64', 'riscv64'],
}.get(efi_arch, [])
efi_incdir = get_option('efi-includedir')
found = false
foreach efi_arch_candidate : efi_arch
efi_archdir = efi_incdir / efi_arch_candidate
if cc.has_header(efi_archdir / 'efibind.h',
args: get_option('efi-cflags'))
found = true
break
endif
endforeach
if not found
if get_option('gnu-efi') == 'true'
error('gnu-efi support requested, but headers not found or efi arch is unknown')
endif
warning('gnu-efi headers not found or efi arch is unknown, disabling gnu-efi support')
subdir_done()
endif
if not cc.has_header_symbol('efi.h', 'EFI_IMAGE_MACHINE_X64',
args: ['-nostdlib', '-ffreestanding', '-fshort-wchar'] + get_option('efi-cflags'),
include_directories: include_directories(efi_incdir,
efi_archdir))
if get_option('gnu-efi') == 'true'
error('gnu-efi support requested, but found headers are too old (3.0.5+ required)')
endif
warning('gnu-efi headers are too old (3.0.5+ required), disabling gnu-efi support')
subdir_done()
endif
objcopy = run_command(cc.cmd_array(), '-print-prog-name=objcopy', check: true).stdout().strip()
objcopy_2_38 = find_program('objcopy', version: '>=2.38', required: false)
efi_ld = get_option('efi-ld')
if efi_ld == 'auto'
efi_ld = cc.get_linker_id().split('.')[1]
if efi_ld not in ['bfd', 'gold']
message('Not using @0@ as efi-ld, falling back to bfd'.format(efi_ld))
efi_ld = 'bfd'
endif
endif
efi_multilib = run_command(
cc.cmd_array(), '-print-multi-os-directory', get_option('efi-cflags'),
check: false
).stdout().strip()
efi_multilib = run_command(
'realpath', '-e', '/usr/lib' / efi_multilib,
check: false
).stdout().strip()
efi_libdir = ''
foreach dir : [get_option('efi-libdir'),
'/usr/lib/gnuefi' / efi_arch[0],
efi_multilib]
if dir != '' and fs.is_dir(dir)
efi_libdir = dir
break
endif
endforeach
if efi_libdir == ''
if get_option('gnu-efi') == 'true'
error('gnu-efi support requested, but efi-libdir was not found')
endif
warning('efi-libdir was not found, disabling gnu-efi support')
subdir_done()
endif
efi_lds = ''
foreach location : [ # New locations first introduced with gnu-efi 3.0.11
[efi_libdir / 'efi.lds',
efi_libdir / 'crt0.o'],
# Older locations...
[efi_libdir / 'gnuefi' / 'elf_@0@_efi.lds'.format(efi_arch[1]),
efi_libdir / 'gnuefi' / 'crt0-efi-@0@.o'.format(efi_arch[1])],
[efi_libdir / 'elf_@0@_efi.lds'.format(efi_arch[1]),
efi_libdir / 'crt0-efi-@0@.o'.format(efi_arch[1])]]
if fs.is_file(location[0]) and fs.is_file(location[1])
efi_lds = location[0]
efi_crt0 = location[1]
break
endif
endforeach
if efi_lds == ''
if get_option('gnu-efi') == 'true'
error('gnu-efi support requested, but cannot find efi.lds')
endif
warning('efi.lds was not found, disabling gnu-efi support')
subdir_done()
endif
conf.set10('HAVE_GNU_EFI', true)
conf.set_quoted('EFI_MACHINE_TYPE_NAME', efi_arch[0])
efi_conf = configuration_data()
efi_conf.set_quoted('EFI_MACHINE_TYPE_NAME', efi_arch[0])
efi_conf.set10('ENABLE_TPM', get_option('tpm'))
foreach ctype : ['color-normal', 'color-entry', 'color-highlight', 'color-edit']
@ -174,151 +57,8 @@ elif get_option('sbat-distro') != ''
endif
endif
efi_config_h = configure_file(
output : 'efi_config.h',
configuration : efi_conf)
efi_cflags = [
'-DGNU_EFI_USE_MS_ABI',
'-DSD_BOOT=1',
'-ffreestanding',
'-fshort-wchar',
'-fvisibility=hidden',
'-I', fundamental_path,
'-I', meson.current_source_dir(),
'-include', efi_config_h,
'-include', version_h,
'-std=gnu11',
'-Wall',
'-Wextra',
] + cc.get_supported_arguments(
basic_disabled_warnings +
possible_common_cc_flags + [
'-fno-stack-protector',
'-fno-strict-aliasing',
'-fpic',
'-fwide-exec-charset=UCS2',
]
)
efi_cflags += cc.get_supported_arguments({
'ia32': ['-mno-sse', '-mno-mmx'],
'x86_64': ['-mno-red-zone', '-mno-sse', '-mno-mmx'],
'arm': ['-mgeneral-regs-only', '-mfpu=none'],
}.get(efi_arch[1], []))
# We are putting the efi_cc command line together ourselves, so make sure to pull any
# relevant compiler flags from meson/CFLAGS as povided by the user or distro.
if get_option('werror')
efi_cflags += ['-Werror']
endif
if get_option('debug') and get_option('mode') == 'developer'
efi_cflags += ['-ggdb', '-DEFI_DEBUG']
endif
if get_option('optimization') in ['1', '2', '3', 's', 'g']
efi_cflags += ['-O' + get_option('optimization')]
endif
if get_option('b_ndebug') == 'true' or (
get_option('b_ndebug') == 'if-release' and get_option('buildtype') in ['plain', 'release'])
efi_cflags += ['-DNDEBUG']
endif
if get_option('b_lto')
efi_cflags += cc.has_argument('-flto=auto') ? ['-flto=auto'] : ['-flto']
endif
foreach arg : get_option('c_args')
if arg in [
'-DNDEBUG',
'-fno-lto',
'-O1', '-O2', '-O3', '-Og', '-Os',
'-Werror',
] or arg.split('=')[0] in [
'-ffile-prefix-map',
'-flto',
] or (get_option('mode') == 'developer' and arg in [
'-DEFI_DEBUG',
'-g', '-ggdb',
])
message('Using "@0@" from c_args for EFI compiler'.format(arg))
efi_cflags += arg
endif
endforeach
efi_cflags += get_option('efi-cflags')
efi_ldflags = [
'-fuse-ld=' + efi_ld,
'-L', efi_libdir,
'-nostdlib',
'-T', efi_lds,
'-Wl,--build-id=sha1',
'-Wl,--fatal-warnings',
'-Wl,--no-undefined',
'-Wl,--warn-common',
'-Wl,-Bsymbolic',
'-z', 'nocombreloc',
'-z', 'noexecstack',
efi_crt0,
]
foreach arg : ['-Wl,--no-warn-execstack',
'-Wl,--no-warn-rwx-segments']
# We need to check the correct linker for supported args. This is what
# cc.has_multi_link_arguments() is for, but it helpfully overrides our
# choice of linker by putting its own -fuse-ld= arg after ours.
if run_command('bash', '-c',
'exec "$@" -x c -o/dev/null <(echo "int main(void){return 0;}")' +
' -fuse-ld=' + efi_ld + ' -Wl,--fatal-warnings ' + arg,
'bash', cc.cmd_array(),
check : false).returncode() == 0
efi_ldflags += arg
endif
endforeach
# If using objcopy, crt0 must not include the PE/COFF header
if run_command('grep', '-q', 'coff_header', efi_crt0, check: false).returncode() == 0
coff_header_in_crt0 = true
else
coff_header_in_crt0 = false
endif
if efi_arch[1] in ['arm', 'riscv64'] or (efi_arch[1] == 'aarch64' and (not objcopy_2_38.found() or coff_header_in_crt0))
efi_ldflags += ['-shared']
# ARM32 and 64bit RISC-V don't have an EFI capable objcopy.
# Older objcopy doesn't support Aarch64 either.
# Use 'binary' instead, and add required symbols manually.
efi_ldflags += ['-Wl,--defsym=EFI_SUBSYSTEM=0xa']
efi_format = ['-O', 'binary']
else
efi_ldflags += ['-pie']
if efi_ld == 'bfd'
efi_ldflags += '-Wl,--no-dynamic-linker'
endif
efi_format = ['--target=efi-app-@0@'.format(efi_arch[1])]
endif
if efi_arch[1] == 'arm'
# On arm, the compiler (correctly) warns about wchar_t size mismatch. This
# is because libgcc is not compiled with -fshort-wchar, but it does not
# have any occurrences of wchar_t in its sources or the documentation, so
# it is safe to assume that we can ignore this warning.
efi_ldflags += ['-Wl,--no-wchar-size-warning']
endif
if cc.get_id() == 'clang' and cc.version().split('.')[0].to_int() <= 10
# clang <= 10 doesn't pass -T to the linker and then even complains about it being unused
efi_ldflags += ['-Wl,-T,' + efi_lds, '-Wno-unused-command-line-argument']
endif
summary({
'EFI machine type' : efi_arch[0],
'EFI LD' : efi_ld,
'EFI lds' : efi_lds,
'EFI crt0' : efi_crt0,
'EFI include directory' : efi_archdir},
section : 'Extensible Firmware Interface')
summary({'UEFI architecture' : efi_arch},
section : 'UEFI')
if efi_conf.get('SBAT_DISTRO', '') != ''
summary({
@ -327,49 +67,16 @@ if efi_conf.get('SBAT_DISTRO', '') != ''
'SBAT distro version': sbat_distro_version_display,
'SBAT distro summary': efi_conf.get('SBAT_DISTRO_SUMMARY'),
'SBAT distro URL': efi_conf.get('SBAT_DISTRO_URL')},
section : 'Extensible Firmware Interface')
section : 'UEFI')
endif
configure_file(
output : 'efi_config.h',
configuration : efi_conf)
############################################################
efi_headers = files(
'bcd.h',
'console.h',
'cpio.h',
'device-path-util.h',
'devicetree.h',
'drivers.h',
'efi-string.h',
'efi.h',
'graphics.h',
'initrd.h',
'linux.h',
'log.h',
'measure.h',
'part-discovery.h',
'pe.h',
'proto/block-io.h',
'proto/console-control.h',
'proto/device-path.h',
'proto/dt-fixup.h',
'proto/file-io.h',
'proto/graphics-output.h',
'proto/load-file.h',
'proto/loaded-image.h',
'proto/rng.h',
'proto/security-arch.h',
'proto/shell-parameters.h',
'proto/simple-text-io.h',
'proto/tcg.h',
'random-seed.h',
'secure-boot.h',
'shim.h',
'splash.h',
'ticks.h',
'util.h',
)
common_sources = files(
libefi_sources = files(
'console.c',
'device-path-util.c',
'devicetree.c',
@ -400,7 +107,7 @@ stub_sources = files(
'stub.c',
)
if efi_arch[1] in ['ia32', 'x86_64']
if host_machine.cpu_family() in ['x86', 'x86_64']
stub_sources += files('linux_x86.c')
endif
@ -414,7 +121,7 @@ tests += [
]
# BCD parser only makes sense on arches that Windows supports.
if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
if host_machine.cpu_family() in ['aarch64', 'arm', 'x86_64', 'x86']
systemd_boot_sources += files('bcd.c')
tests += [
{
@ -448,63 +155,3 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
},
]
endif
systemd_boot_objects = []
stub_objects = []
foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources
# FIXME: replace ''.format(file) with fs.name(file) when meson_version requirement is >= 0.59.0
o_file = custom_target('@0@.o'.format(file).split('/')[-1],
input : file,
output : '@0@.o'.format(file).split('/')[-1],
command : [cc.cmd_array(), '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags],
depend_files : efi_headers + fundamental_headers)
if (fundamental_source_paths + common_sources + systemd_boot_sources).contains(file)
systemd_boot_objects += o_file
endif
if (fundamental_source_paths + common_sources + stub_sources).contains(file)
stub_objects += o_file
endif
endforeach
foreach tuple : [['systemd-boot@0@.@1@', systemd_boot_objects, false, 'systemd-boot'],
['linux@0@.@1@.stub', stub_objects, true, 'systemd-stub']]
elf = custom_target(
tuple[0].format(efi_arch[0], 'elf'),
input : tuple[1],
output : tuple[0].format(efi_arch[0], 'elf'),
command : [cc.cmd_array(),
'-o', '@OUTPUT@',
efi_cflags,
efi_ldflags,
'@INPUT@',
'-lgnuefi',
'-lgcc'],
install : tuple[2],
install_tag: tuple[3],
install_dir : bootlibdir)
efi = custom_target(
tuple[0].format(efi_arch[0], 'efi'),
input : elf,
output : tuple[0].format(efi_arch[0], 'efi'),
command : [objcopy,
'-j', '.bss*',
'-j', '.data',
'-j', '.dynamic',
'-j', '.dynsym',
'-j', '.osrel',
'-j', '.rel*',
'-j', '.sbat',
'-j', '.sdata',
'-j', '.sdmagic',
'-j', '.text',
'--strip-all',
'--section-alignment=512',
efi_format,
'@INPUT@', '@OUTPUT@'],
install : true,
install_tag: tuple[3],
install_dir : bootlibdir)
alias_target(tuple[3], efi)
endforeach

5
src/boot/efi/stub.c
View File

@ -423,8 +423,3 @@ static EFI_STATUS run(EFI_HANDLE image) {
}
DEFINE_EFI_MAIN_FUNCTION(run, "systemd-stub", /*wait_for_debugger=*/false);
/* See comment in boot.c. */
EFI_STATUS _entry(EFI_HANDLE image, EFI_SYSTEM_TABLE *system_table) {
return efi_main(image, system_table);
}

18
src/fundamental/meson.build
View File

@ -1,25 +1,11 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
fundamental_path = meson.current_source_dir()
fundamental_include = include_directories('.')
fundamental_headers = files(
'bootspec-fundamental.h',
'efivars-fundamental.h',
'macro-fundamental.h',
'memory-util-fundamental.h',
'sha256.h',
'string-util-fundamental.h',
'tpm-pcr.h',
)
# for sd-boot
fundamental_source_paths = files(
fundamental_sources = files(
'bootspec-fundamental.c',
'efivars-fundamental.c',
'sha256.c',
'string-util-fundamental.c',
'tpm-pcr.c',
)
# for libbasic
fundamental_sources = fundamental_source_paths + fundamental_headers

2
src/test/meson.build
View File

@ -456,7 +456,7 @@ tests += [
},
{
'sources' : files('test-sbat.c'),
'condition' : 'HAVE_GNU_EFI',
'condition' : 'ENABLE_BOOTLOADER',
'c_args' : '-I@0@'.format(efi_config_h_dir),
},
{

2
test/meson.build
View File

@ -73,7 +73,7 @@ if install_tests
'../-.mount',
testsuite08_dir + '/local-fs.target.wants/-.mount')
if conf.get('HAVE_GNU_EFI') == 1 and conf.get('HAVE_ZSTD') == 1
if conf.get('ENABLE_BOOTLOADER') == 1 and conf.get('HAVE_ZSTD') == 1
install_subdir('test-bcd',
exclude_files : '.gitattributes',
install_dir : testdata_dir)

2
test/mkosi.default.networkd-test
View File

@ -33,8 +33,6 @@ BuildPackages=
gcc
gettext
git
gnu-efi
gnu-efi-devel
gnutls-devel
gperf
hostname

8
tools/oss-fuzz.sh
View File

@ -35,18 +35,12 @@ else
apt-get update
apt-get install -y gperf m4 gettext python3-pip \
libcap-dev libmount-dev \
pkg-config wget python3-jinja2 zipmerge
pkg-config wget python3-jinja2 zipmerge zstd
if [[ "$ARCHITECTURE" == i386 ]]; then
apt-get install -y pkg-config:i386 libcap-dev:i386 libmount-dev:i386
fi
# gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd
# is hidden. It isn't linked against efi. It doesn't
# even include "efi.h" because "bcd.c" can work in "unit test" mode
# where it isn't necessary.
apt-get install -y gnu-efi zstd
pip3 install -r .github/workflows/requirements.txt --require-hashes
# https://github.com/google/oss-fuzz/issues/6868

18
units/meson.build
View File

@ -105,9 +105,9 @@ units = [
['systemd-ask-password-wall.path', '',
'multi-user.target.wants/'],
['systemd-ask-password-wall.service', ''],
['systemd-boot-random-seed.service', 'HAVE_GNU_EFI',
['systemd-boot-random-seed.service', 'ENABLE_BOOTLOADER',
'sysinit.target.wants/'],
['systemd-boot-update.service', 'HAVE_GNU_EFI'],
['systemd-boot-update.service', 'ENABLE_BOOTLOADER'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],
['systemd-exit.service', ''],
@ -187,7 +187,7 @@ in_units = [
['systemd-backlight@.service', 'ENABLE_BACKLIGHT'],
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
['systemd-bless-boot.service', 'HAVE_GNU_EFI HAVE_BLKID'],
['systemd-bless-boot.service', 'ENABLE_BOOTLOADER HAVE_BLKID'],
['systemd-boot-check-no-failures.service', ''],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
['systemd-pstore.service', 'ENABLE_PSTORE'],
@ -259,16 +259,16 @@ in_units = [
'sysinit.target.wants/ initrd-root-fs.target.wants/'],
['user-runtime-dir@.service', ''],
['user@.service', ''],
['systemd-pcrphase-initrd.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2 ENABLE_INITRD',
['systemd-pcrphase-initrd.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2 ENABLE_INITRD',
'initrd.target.wants/'],
['systemd-pcrphase-sysinit.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2',
['systemd-pcrphase-sysinit.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2',
'sysinit.target.wants/'],
['systemd-pcrphase.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2',
['systemd-pcrphase.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2',
'sysinit.target.wants/'],
['systemd-pcrmachine.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2',
['systemd-pcrmachine.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2',
'sysinit.target.wants/'],
['systemd-pcrfs-root.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2'],
['systemd-pcrfs@.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2'],
['systemd-pcrfs-root.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2'],
['systemd-pcrfs@.service', 'ENABLE_BOOTLOADER HAVE_OPENSSL HAVE_TPM2'],
['systemd-growfs-root.service', ''],
['systemd-growfs@.service', ''],
]