[PATCH 00/21] efi: Combine stub functionality with zboot decompressor

[Ard Biesheuvel <ardb@kernel.org>]

The EFI zboot decompression code that has been merged into v6.1-rc1 is
fully generic, and relies on the EFI stub inside the encapsulated image
to implement the actual EFI boot sequence. While this works fine, it has
some drawbacks that we might prefer to fix:
- executing the EFI stub of the inner image requires that it is signed
  if secure boot is enabled, which is a bit of a hassle, given that
  signing the image must occur during the build;
- decompressing a PE/COFF image and calling LoadImage() on it means that
  it gets copied again, and potentially yet another time if the
  placement does not meet per-arch requirements.

Given that the zboot decompressor and the EFI stub are built from the
same set of objects in the libstub static library, we can make things a
bit simpler, by incorporating everything the stub does into the zboot
decompressor, and only handing off to the decompressed image after
ExitBootServices(). This removes the need for signing the inner image,
and allows us to decompress the image directly into the intended
location in memory.

This involves some refactoring, to remove the dependency on symbols that
are only defined when linking directly to vmlinux, such as string and
memory compare routines, and section boundaries of the core kernel.

While at it, remove some functionality if it's not worth the effort
making it work on both code paths, such as the EFI properties table, and
the randomization of the UEFI runtime regions.

Since image signing no longer needs to occur during the build, let's
also drop the support for invoking sbsign during the build on both the
inner image and the decompressor. (I intend to send that patch as a fix
for v6.1 so we don't add zombie Kconfig symbols to a LTS kernel)

Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Peter Jones <pjones@redhat.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Atish Patra <atishp@atishpatra.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Huacai Chen <chenhuacai@loongson.cn>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Jeremy Linton <jeremy.linton@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>

Ard Biesheuvel (21):
  arm64: efi: Move dcache cleaning of loaded image out of
    efi_enter_kernel()
  arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel()
  arm64: efi: Move efi-entry.S into the libstub source directory
  efi: libstub: Remove zboot signing from build options
  efi: libstub: Drop randomization of runtime memory map
  efi: libstub: Drop handling of EFI properties table
  efi: libstub: Deduplicate ftrace command line argument filtering
  efi: libstub: Use local strncmp() implementation unconditionally
  efi: libstub: Clone memcmp() into the stub
  efi: libstub: Enable efi_printk() in zboot decompressor
  efi: loongarch: Drop exports of unused string routines
  efi: libstub: Move screen_info handling to common code
  efi: libstub: Provide local implementations of strrchr() and memchr()
  efi: libstub: Factor out EFI stub entrypoint into separate file
  efi: libstub: Add image code and data size to the zimage metadata
  efi: libstub: Factor out min alignment and preferred kernel load
    address
  efi/riscv: libstub: Split off kernel image relocation for builtin stub
  efi/arm64: libstub: Split off kernel image relocation for builtin stub
  efi/loongarch: Don't jump to kernel entry via the old image
  efi/loongarch: libstub: Split off kernel image relocation for builtin
    stub
  efi: libstub: Merge zboot decompressor with the ordinary stub

 arch/arm/include/asm/efi.h                     |   3 -
 arch/arm/kernel/efi.c                          |  31 +-
 arch/arm64/include/asm/efi.h                   |  15 +-
 arch/arm64/kernel/Makefile                     |   9 +-
 arch/arm64/kernel/efi-entry.S                  |  69 -----
 arch/arm64/kernel/image-vars.h                 |   8 -
 arch/loongarch/include/asm/efi.h               |  14 +-
 arch/loongarch/kernel/efi.c                    |  24 +-
 arch/loongarch/kernel/image-vars.h             |   8 -
 arch/riscv/include/asm/efi.h                   |  13 +-
 arch/riscv/kernel/image-vars.h                 |   6 -
 drivers/firmware/efi/Kconfig                   |  22 --
 drivers/firmware/efi/efi-init.c                |  21 +-
 drivers/firmware/efi/efi.c                     |   5 +
 drivers/firmware/efi/libstub/Makefile          |  30 +-
 drivers/firmware/efi/libstub/Makefile.zboot    |  53 +---
 drivers/firmware/efi/libstub/arm32-stub.c      |  37 ---
 drivers/firmware/efi/libstub/arm64-entry.S     |  69 +++++
 drivers/firmware/efi/libstub/arm64-stub.c      |  49 +---
 drivers/firmware/efi/libstub/arm64.c           |  61 ++++
 drivers/firmware/efi/libstub/efi-stub-entry.c  |  65 +++++
 drivers/firmware/efi/libstub/efi-stub-helper.c | 143 ---------
 drivers/firmware/efi/libstub/efi-stub.c        | 140 +++------
 drivers/firmware/efi/libstub/efistub.h         |  15 +
 drivers/firmware/efi/libstub/file.c            |  18 --
 drivers/firmware/efi/libstub/intrinsics.c      |  18 ++
 drivers/firmware/efi/libstub/loongarch-stub.c  |  89 ++----
 drivers/firmware/efi/libstub/loongarch.c       |  80 +++++
 drivers/firmware/efi/libstub/printk.c          | 154 ++++++++++
 drivers/firmware/efi/libstub/riscv-stub.c      |  96 +-----
 drivers/firmware/efi/libstub/riscv.c           |  98 +++++++
 drivers/firmware/efi/libstub/screen_info.c     |  56 ++++
 drivers/firmware/efi/libstub/string.c          |  95 +++++-
 drivers/firmware/efi/libstub/zboot-header.S    |   2 +-
 drivers/firmware/efi/libstub/zboot.c           | 307 +++++---------------
 include/linux/efi.h                            |   2 +-
 36 files changed, 972 insertions(+), 953 deletions(-)
 delete mode 100644 arch/arm64/kernel/efi-entry.S
 create mode 100644 drivers/firmware/efi/libstub/arm64-entry.S
 create mode 100644 drivers/firmware/efi/libstub/arm64.c
 create mode 100644 drivers/firmware/efi/libstub/efi-stub-entry.c
 create mode 100644 drivers/firmware/efi/libstub/loongarch.c
 create mode 100644 drivers/firmware/efi/libstub/printk.c
 create mode 100644 drivers/firmware/efi/libstub/riscv.c
 create mode 100644 drivers/firmware/efi/libstub/screen_info.c

-- 
2.35.1