boot: several follow-ups for .efifw section support (#36230)

Follow-ups for #35091.
2025-03-14 04:58:28 +03:00 · 2025-02-06 14:53:12 +09:00 · 2025-02-06 14:53:12 +09:00 · 229d91793f
commit 229d91793f
parent 5e12894f05 52a0bf1621
5 changed files with 25 additions and 36 deletions
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
@ -81,27 +81,27 @@
      <listitem><para>An optional <literal>.dtb</literal> section with a compiled binary DeviceTree.
      </para></listitem>

-      <listitem><para>Zero or more <literal>.dtbauto</literal> sections. <filename>systemd-stub</filename>
+      <listitem><para>Zero or more <literal>.dtbauto</literal> sections. <command>systemd-stub</command>
      will always use the first matching one. The match is performed by taking the first DeviceTree's
-      <varname>compatible</varname> string supplied by the firmware in configuration tables and comparing it
-      with the first <varname>compatible</varname> string from each of the <literal>.dtbauto</literal>
+      <literal>compatible</literal> string supplied by the firmware in configuration tables and comparing it
+      with the first <literal>compatible</literal> string from each of the <literal>.dtbauto</literal>
      sections. If the firmware does not provide a DeviceTree, the match is done using the
-      <varname>.hwids</varname> section instead. After selecting a <literal>.hwids</literal> section (see the
-      description below), the <varname>compatible</varname> string from that section will be used to perform
+      <literal>.hwids</literal> section instead. After selecting a <literal>.hwids</literal> section (see the
+      description below), the <literal>compatible</literal> string from that section will be used to perform
      the same matching procedure. If a match is found, that <literal>.dtbauto</literal> section will be
-      loaded and will override <varname>.dtb</varname> if present.</para></listitem>
+      loaded and will override <literal>.dtb</literal> if present.</para></listitem>

      <listitem><para>Zero or more <literal>.efifw</literal> sections for the firmware image. It works
-      in many ways similar to <literal>.dtbauto</literal> sections. <filename>systemd-stub</filename>
+      in many ways similar to <literal>.dtbauto</literal> sections. <command>systemd-stub</command>
      will always use the first matching one. The match is performed by first selecting the most appropriate
-      entry in the <varname>.hwids</varname> section based on the hardware IDs supplied by SMBIOS (see below).
-      If a suitable entry is found, the <varname>fwid</varname> string from that entry will be used to
-      perform the matching procedure for firmware blobs in <varname>.efifw</varname> section. The first
+      entry in the <literal>.hwids</literal> section based on the hardware IDs supplied by SMBIOS (see below).
+      If a suitable entry is found, the <literal>fwid</literal> string from that entry will be used to
+      perform the matching procedure for firmware blobs in <literal>.efifw</literal> section. The first
      matching firmware will be loaded.
      </para></listitem>

      <listitem><para>Zero or more <literal>.hwids</literal> sections with hardware IDs of the machines to
-      match DeviceTrees. <filename>systemd-stub</filename> will use the SMBIOS data to calculate hardware IDs
+      match DeviceTrees. <command>systemd-stub</command> will use the SMBIOS data to calculate hardware IDs
      of the machine (as per <ulink
      url="https://learn.microsoft.com/en-us/windows-hardware/drivers/install/specifying-hardware-ids-for-a-computer">specification</ulink>),
      and then it will try to find any of them in each of the <literal>.hwids</literal> sections. The first
@ -189,7 +189,7 @@
      archive is generated from all files found that way, placing them in the
      <filename>/.extra/credentials/</filename> directory of the initrd file hierarchy. The main initrd may
      then access them in this directory. This is supposed to be used to store auxiliary, encrypted,
-      authenticated credentials for use with <varname>LoadCredentialEncrypted=</varname> in the UEFI System
+      authenticated credentials for use with <varname>LoadCredentialEncrypted</varname> in the UEFI System
      Partition. See
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      and
--- a/src/boot/efi-firmware.c
+++ b/src/boot/efi-firmware.c
@ -1,8 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */

-#include "efifirmware.h"
+#include "efi-firmware.h"
 #include "util.h"
-#include <endian.h>

 static bool efifw_validate_header(
                const void *blob,
@ -43,7 +42,7 @@ static bool efifw_validate_header(
        if (blob_len < total_computed_size)
                return false;

-        const char *fwid    = (const char*)blob + header_len;
+        const char *fwid    = (const char*) blob + header_len;
        const char *payload = fwid + fwid_len;

        /* check that fwid points to a NUL terminated string */
@ -58,27 +57,17 @@ static bool efifw_validate_header(
        return true;
 }

-static const char* efifw_get_fwid(
-                const void *efifwblob,
-                size_t efifwblob_len) {
-
-        const char* fwid;
-        if (!efifw_validate_header(efifwblob, efifwblob_len, &fwid, NULL))
-                return NULL;
-
-        return fwid;
-}
-
-EFI_STATUS efifirmware_match_by_fwid(
-                const void *uki_efifw,
-                size_t uki_efifw_len,
+EFI_STATUS efi_firmware_match_by_fwid(
+                const void *blob,
+                size_t blob_len,
                const char *fwid) {

+        assert(blob);
        assert(fwid);

-        const char *fwblob_fwid = efifw_get_fwid(uki_efifw, uki_efifw_len);
-        if (!fwblob_fwid)
+        const char *blob_fwid;
+        if (!efifw_validate_header(blob, blob_len, &blob_fwid, NULL))
                return EFI_INVALID_PARAMETER;

-        return streq8(fwblob_fwid, fwid) ? EFI_SUCCESS : EFI_NOT_FOUND;
+        return streq8(blob_fwid, fwid) ? EFI_SUCCESS : EFI_NOT_FOUND;
 }
--- a/src/boot/efi-firmware.h
+++ b/src/boot/efi-firmware.h
@ -28,4 +28,4 @@ typedef struct EfiFwHeader {
        uint8_t payload[] _alignas_(uint64_t);
 } EfiFwHeader;

-EFI_STATUS efifirmware_match_by_fwid(const void *uki_efifw, size_t uki_efifw_length, const char *fwid);
+EFI_STATUS efi_firmware_match_by_fwid(const void *blob, size_t blob_len, const char *fwid);
--- a/src/boot/meson.build
+++ b/src/boot/meson.build
@ -284,8 +284,8 @@ libefi_sources = files(
        'console.c',
        'device-path-util.c',
        'devicetree.c',
-        'efifirmware.c',
        'drivers.c',
+        'efi-firmware.c',
        'efi-string.c',
        'efivars.c',
        'export-vars.c',
--- a/src/boot/pe.c
+++ b/src/boot/pe.c
@ -2,7 +2,7 @@

 #include "chid.h"
 #include "devicetree.h"
-#include "efifirmware.h"
+#include "efi-firmware.h"
 #include "pe.h"
 #include "util.h"

@ -215,7 +215,7 @@ static bool pe_use_this_firmware(
        if (!fwid)
                return false;

-        err = efifirmware_match_by_fwid(efifw, efifw_size, fwid);
+        err = efi_firmware_match_by_fwid(efifw, efifw_size, fwid);
        if (err == EFI_SUCCESS)
                return true;
        if (err == EFI_INVALID_PARAMETER)