Commit 4a1106af authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'efi_updates_for_v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull EFI updates from Borislav Petkov:
 "These got delayed due to a last minute ia64 build issue which got
  fixed in the meantime.

  EFI updates collected by Ard Biesheuvel:

   - Don't move BSS section around pointlessly in the x86 decompressor

   - Refactor helper for discovering the EFI secure boot mode

   - Wire up EFI secure boot to IMA for arm64

   - Some fixes for the capsule loader

   - Expose the RT_PROP table via the EFI test module

   - Relax DT and kernel placement restrictions on ARM

  with a few followup fixes:

   - fix the build breakage on IA64 caused by recent capsule loader
     changes

   - suppress a type mismatch build warning in the expansion of
     EFI_PHYS_ALIGN on ARM"

* tag 'efi_updates_for_v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi: arm: force use of unsigned type for EFI_PHYS_ALIGN
  efi: ia64: disable the capsule loader
  efi: stub: get rid of efi_get_max_fdt_addr()
  efi/efi_test: read RuntimeServicesSupported
  efi: arm: reduce minimum alignment of uncompressed kernel
  efi: capsule: clean scatter-gather entries from the D-cache
  efi: capsule: use atomic kmap for transient sglist mappings
  efi: x86/xen: switch to efi_get_secureboot_mode helper
  arm64/ima: add ima_arch support
  ima: generalize x86/EFI arch glue for other EFI architectures
  efi: generalize efi_get_secureboot
  efi/libstub: EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER should not default to yes
  efi/x86: Only copy the compressed kernel image in efi_relocate_kernel()
  efi/libstub/x86: simplify efi_is_native()
parents 60e8edd2 3dcb8b53

arch/arm/include/asm/efi.h

+11 −13
Original line number Diff line number Diff line
@@ -66,24 +66,17 @@ static inline void efifb_setup_from_dmi(struct screen_info *si, const char *opt) 
#define MAX_UNCOMP_KERNEL_SIZE	SZ_32M



/*

 * phys-to-virt patching requires that the physical to virtual offset fits

 * into the immediate field of an add/sub instruction, which comes down to the

 * 24 least significant bits being zero, and so the offset should be a multiple

 * of 16 MB. Since PAGE_OFFSET itself is a multiple of 16 MB, the physical

 * base should be aligned to 16 MB as well.

 * phys-to-virt patching requires that the physical to virtual offset is a

 * multiple of 2 MiB. However, using an alignment smaller than TEXT_OFFSET

 * here throws off the memory allocation logic, so let's use the lowest power

 * of two greater than 2 MiB and greater than TEXT_OFFSET.

 */

#define EFI_PHYS_ALIGN		SZ_16M



/* on ARM, the FDT should be located in a lowmem region */

static inline unsigned long efi_get_max_fdt_addr(unsigned long image_addr)

{

	return round_down(image_addr, EFI_PHYS_ALIGN) + SZ_512M;

}

#define EFI_PHYS_ALIGN		max(UL(SZ_2M), roundup_pow_of_two(TEXT_OFFSET))



/* on ARM, the initrd should be loaded in a lowmem region */

static inline unsigned long efi_get_max_initrd_addr(unsigned long image_addr)

{

	return round_down(image_addr, EFI_PHYS_ALIGN) + SZ_512M;

	return round_down(image_addr, SZ_4M) + SZ_512M;

}



struct efi_arm_entry_state {
@@ -93,4 +86,9 @@ struct efi_arm_entry_state { 
	u32	sctlr_after_ebs;

};



static inline void efi_capsule_flush_cache_range(void *addr, int size)

{

	__cpuc_flush_dcache_area(addr, size);

}



#endif /* _ASM_ARM_EFI_H */

arch/arm64/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -1877,6 +1877,7 @@ config EFI 
	select EFI_RUNTIME_WRAPPERS

	select EFI_STUB

	select EFI_GENERIC_STUB

	imply IMA_SECURE_AND_OR_TRUSTED_BOOT

	default y

	help

	  This option provides support for runtime services provided

arch/arm64/include/asm/efi.h

+5 −6
Original line number Diff line number Diff line
@@ -64,12 +64,6 @@ efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...); 
#define EFI_KIMG_ALIGN	\

	(SEGMENT_ALIGN > THREAD_ALIGN ? SEGMENT_ALIGN : THREAD_ALIGN)



/* on arm64, the FDT may be located anywhere in system RAM */

static inline unsigned long efi_get_max_fdt_addr(unsigned long image_addr)

{

	return ULONG_MAX;

}



/*

 * On arm64, we have to ensure that the initrd ends up in the linear region,

 * which is a 1 GB aligned region of size '1UL << (VA_BITS_MIN - 1)' that is
@@ -141,4 +135,9 @@ static inline void efi_set_pgd(struct mm_struct *mm) 
void efi_virtmap_load(void);

void efi_virtmap_unload(void);



static inline void efi_capsule_flush_cache_range(void *addr, int size)

{

	__flush_dcache_area(addr, size);

}



#endif /* _ASM_EFI_H */

arch/riscv/include/asm/efi.h

+0 −6
Original line number Diff line number Diff line
@@ -27,12 +27,6 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); 


#define ARCH_EFI_IRQ_FLAGS_MASK (SR_IE | SR_SPIE)



/* on RISC-V, the FDT may be located anywhere in system RAM */

static inline unsigned long efi_get_max_fdt_addr(unsigned long image_addr)

{

	return ULONG_MAX;

}



/* Load initrd at enough distance from DRAM start */

static inline unsigned long efi_get_max_initrd_addr(unsigned long image_addr)

{

arch/x86/boot/compressed/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -35,7 +35,7 @@ cflags-$(CONFIG_X86_32) := -march=i386 
cflags-$(CONFIG_X86_64) := -mcmodel=small -mno-red-zone

KBUILD_CFLAGS += $(cflags-y)

KBUILD_CFLAGS += -mno-mmx -mno-sse

KBUILD_CFLAGS += -ffreestanding

KBUILD_CFLAGS += -ffreestanding -fshort-wchar

KBUILD_CFLAGS += -fno-stack-protector

KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)

KBUILD_CFLAGS += $(call cc-disable-warning, gnu)

CRA Git | Maintained and supported by SUSTech CRA and CCSE