• Ard Biesheuvel's avatar
    efi: libstub: Merge zboot decompressor with the ordinary stub · c51e97e7
    Ard Biesheuvel authored
    Even though our EFI zboot decompressor is pedantically spec compliant
    and idiomatic for EFI image loaders, calling LoadImage() and
    StartImage() for the nested image is a bit of a burden. Not only does it
    create workflow issues for the distros (as both the inner and outer
    PE/COFF images need to be signed for secure boot), it also copies the
    image around in memory numerous times:
    - first, the image is decompressed into a buffer;
    - the buffer is consumed by LoadImage(), which copies the sections into
      a newly allocated memory region to hold the executable image;
    - once the EFI stub is invoked by StartImage(), it will also move the
      image in memory in case of KASLR, mirrored memory or if the image must
      execute from a certain a priori defined address.
    
    There are only two EFI spec compliant ways to load code into memory and
    execute it:
    - use LoadImage() and StartImage(),
    - call ExitBootServices() and take ownership of the entire system, after
      which anything goes.
    
    Given that the EFI zboot decompressor always invokes the EFI stub, and
    given that both are built from the same set of objects, let's merge the
    two, so that we can avoid LoadImage()/StartImage but still load our
    image into memory without breaking the above rules.
    
    This also means we can decompress the image directly into its final
    location, which could be randomized or meet other platform specific
    constraints that LoadImage() does not know how to adhere to. It also
    means that, even if the encapsulated image still has the EFI stub
    incorporated as well, it does not need to be signed for secure boot when
    wrapping it in the EFI zboot decompressor.
    
    In the future, we might decide to retire the EFI stub attached to the
    decompressed image, but for the time being, they can happily coexist.
    Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
    c51e97e7
file.c 6.24 KB