diff options
| -rw-r--r-- | OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 70 | ||||
| -rw-r--r-- | OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 | ||||
| -rw-r--r-- | OvmfPkg/OvmfPkg.dec | 3 |
3 files changed, 71 insertions, 4 deletions
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 3b7dc53e9f..8dc2bbf973 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -291,6 +291,46 @@ RemoveStaleFvFileOptions ( }
VOID
+RestrictBootOptionsToFirmware (
+ VOID
+ )
+{
+ EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions;
+ UINTN BootOptionCount;
+ UINTN Index;
+
+ BootOptions = EfiBootManagerGetLoadOptions (
+ &BootOptionCount,
+ LoadOptionTypeBoot
+ );
+
+ for (Index = 0; Index < BootOptionCount; ++Index) {
+ EFI_DEVICE_PATH_PROTOCOL *Node1;
+
+ //
+ // If the device path starts with Fv(...),
+ // then keep the boot option.
+ //
+ Node1 = BootOptions[Index].FilePath;
+ if (((DevicePathType (Node1) == MEDIA_DEVICE_PATH) &&
+ (DevicePathSubType (Node1) == MEDIA_PIWG_FW_VOL_DP)))
+ {
+ continue;
+ }
+
+ //
+ // Delete the boot option.
+ //
+ EfiBootManagerDeleteLoadOptionVariable (
+ BootOptions[Index].OptionNumber,
+ LoadOptionTypeBoot
+ );
+ }
+
+ EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);
+}
+
+VOID
PlatformRegisterOptionsAndKeys (
VOID
)
@@ -485,7 +525,9 @@ PlatformBootManagerBeforeConsole ( Status
));
- PlatformRegisterOptionsAndKeys ();
+ if (!FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ PlatformRegisterOptionsAndKeys ();
+ }
//
// Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL
@@ -1754,9 +1796,12 @@ PlatformBootManagerAfterConsole ( //
// Perform some platform specific connect sequence
//
- PlatformBdsConnectSequence ();
-
- EfiBootManagerRefreshAllBootOption ();
+ if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ RestrictBootOptionsToFirmware ();
+ } else {
+ PlatformBdsConnectSequence ();
+ EfiBootManagerRefreshAllBootOption ();
+ }
//
// Register UEFI Shell
@@ -1767,6 +1812,15 @@ PlatformBootManagerAfterConsole ( LOAD_OPTION_ACTIVE
);
+ //
+ // Register Grub
+ //
+ PlatformRegisterFvBootOption (
+ &gGrubFileGuid,
+ L"Grub Bootloader",
+ LOAD_OPTION_ACTIVE
+ );
+
RemoveStaleFvFileOptions ();
SetBootOrderFromQemu ();
@@ -1935,6 +1989,14 @@ PlatformBootManagerUnableToBoot ( EFI_BOOT_MANAGER_LOAD_OPTION BootManagerMenu;
UINTN Index;
+ if (FeaturePcdGet (PcdBootRestrictToFirmware)) {
+ AsciiPrint (
+ "%a: No bootable option was found.\n",
+ gEfiCallerBaseName
+ );
+ CpuDeadLoop ();
+ }
+
//
// BootManagerMenu doesn't contain the correct information when return status
// is EFI_NOT_FOUND.
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e..6b396eac7d 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -61,6 +61,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
+ gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES
@@ -84,3 +85,4 @@ gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gGrubFileGuid
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 03ae29e7b0..cc5a4ceead 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -422,6 +422,9 @@ # check to decide whether to abort dispatch of the driver it is linked into.
gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|""|VOID*|0x68
+ ## Restrict boot to EFI applications in firmware volumes.
+ gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
|