summaryrefslogtreecommitdiffstats
path: root/OvmfPkg/Library
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2023-05-05 07:17:24 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2023-05-10 13:39:41 +0000
commit41d7832db02d082405ccc1edf38208b7a5cb8d87 (patch)
tree892ae2ff7cc89b0007239137265acd297a42786e /OvmfPkg/Library
parente6447d2a08f5ca585816d093e79a01dad3781f98 (diff)
downloadedk2-41d7832db02d082405ccc1edf38208b7a5cb8d87.tar.gz
edk2-41d7832db02d082405ccc1edf38208b7a5cb8d87.tar.bz2
edk2-41d7832db02d082405ccc1edf38208b7a5cb8d87.zip
OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware
Add new PCD PcdBootRestrictToFirmware. When set to TRUE restrict boot options to EFI applications embedded into the firmware image. Behavior should be identical to the PlatformBootManagerLibGrub library variant. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'OvmfPkg/Library')
-rw-r--r--OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c70
-rw-r--r--OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf2
2 files changed, 68 insertions, 4 deletions
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 3b7dc53e9f..8dc2bbf973 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -291,6 +291,46 @@ RemoveStaleFvFileOptions (
}
VOID
+RestrictBootOptionsToFirmware (
+ VOID
+ )
+{
+ EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions;
+ UINTN BootOptionCount;
+ UINTN Index;
+
+ BootOptions = EfiBootManagerGetLoadOptions (
+ &BootOptionCount,
+ LoadOptionTypeBoot
+ );
+
+ for (Index = 0; Index < BootOptionCount; ++Index) {
+ EFI_DEVICE_PATH_PROTOCOL *Node1;
+
+ //
+ // If the device path starts with Fv(...),
+ // then keep the boot option.
+ //
+ Node1 = BootOptions[Index].FilePath;
+ if (((DevicePathType (Node1) == MEDIA_DEVICE_PATH) &&
+ (DevicePathSubType (Node1) == MEDIA_PIWG_FW_VOL_DP)))
+ {
+ continue;
+ }
+
+ //
+ // Delete the boot option.
+ //
+ EfiBootManagerDeleteLoadOptionVariable (
+ BootOptions[Index].OptionNumber,
+ LoadOptionTypeBoot
+ );
+ }
+
+ EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);
+}
+
+VOID
PlatformRegisterOptionsAndKeys (
VOID
)
@@ -485,7 +525,9 @@ PlatformBootManagerBeforeConsole (
Status
));
- PlatformRegisterOptionsAndKeys ();
+ if (!FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ PlatformRegisterOptionsAndKeys ();
+ }
//
// Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL
@@ -1754,9 +1796,12 @@ PlatformBootManagerAfterConsole (
//
// Perform some platform specific connect sequence
//
- PlatformBdsConnectSequence ();
-
- EfiBootManagerRefreshAllBootOption ();
+ if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ RestrictBootOptionsToFirmware ();
+ } else {
+ PlatformBdsConnectSequence ();
+ EfiBootManagerRefreshAllBootOption ();
+ }
//
// Register UEFI Shell
@@ -1767,6 +1812,15 @@ PlatformBootManagerAfterConsole (
LOAD_OPTION_ACTIVE
);
+ //
+ // Register Grub
+ //
+ PlatformRegisterFvBootOption (
+ &gGrubFileGuid,
+ L"Grub Bootloader",
+ LOAD_OPTION_ACTIVE
+ );
+
RemoveStaleFvFileOptions ();
SetBootOrderFromQemu ();
@@ -1935,6 +1989,14 @@ PlatformBootManagerUnableToBoot (
EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu;
UINTN Index;
+ if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ AsciiPrint (
+ "%a: No bootable option was found.\n",
+ gEfiCallerBaseName
+ );
+ CpuDeadLoop ();
+ }
+
//
// BootManagerMenu doesn't contain the correct information when return status
// is EFI_NOT_FOUND.
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c249a3cf1e..6b396eac7d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -61,6 +61,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
+ gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES
@@ -84,3 +85,4 @@
gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gGrubFileGuid