Compare commits
3 Commits
8d3209a28d
...
21a13a09a5
Author | SHA1 | Date |
---|---|---|
Ani Sinha | 21a13a09a5 | |
Ani Sinha | dede6124e3 | |
Ani Sinha | 4b356c90dc |
|
@ -91,6 +91,15 @@
|
||||||
the same matching procedure. If a match is found, that <literal>.dtbauto</literal> section will be
|
the same matching procedure. If a match is found, that <literal>.dtbauto</literal> section will be
|
||||||
loaded and will override <varname>.dtb</varname> if present.</para></listitem>
|
loaded and will override <varname>.dtb</varname> if present.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>Zero or more <literal>.efifwauto</literal> sections for the firmware image. It works
|
||||||
|
in many ways similar to <varname>.dtbauto</varname> sections. <filename>systemd-stub</filename>
|
||||||
|
will always use the first matching one. The match is performed by first selecting the most appropriate
|
||||||
|
entry in the <varname>.hwids</varname> section based on the hardware IDs supplied by SMBIOS (see below).
|
||||||
|
If a suitable entry is found, the <varname>compatible</varname> string from that entry will be used to
|
||||||
|
perform the matching procedure for firmware blobs in <varname>.efifwauto</varname> section. The first
|
||||||
|
matching firmware will be loaded.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
<listitem><para>Zero or more <literal>.hwids</literal> sections with hardware IDs of the machines to
|
<listitem><para>Zero or more <literal>.hwids</literal> sections with hardware IDs of the machines to
|
||||||
match DeviceTrees. <filename>systemd-stub</filename> will use the SMBIOS data to calculate hardware IDs
|
match DeviceTrees. <filename>systemd-stub</filename> will use the SMBIOS data to calculate hardware IDs
|
||||||
of the machine (as per <ulink
|
of the machine (as per <ulink
|
||||||
|
|
|
@ -9,19 +9,20 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
|
||||||
* https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#section-table-section-headers
|
* https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#section-table-section-headers
|
||||||
* (Note that PE *object* files may have longer section names (via indirection in the string table) but
|
* (Note that PE *object* files may have longer section names (via indirection in the string table) but
|
||||||
* this is not allowed for PE *executables*, which UKIs are.) */
|
* this is not allowed for PE *executables*, which UKIs are.) */
|
||||||
[UNIFIED_SECTION_LINUX] = ".linux",
|
[UNIFIED_SECTION_LINUX] = ".linux",
|
||||||
[UNIFIED_SECTION_OSREL] = ".osrel",
|
[UNIFIED_SECTION_OSREL] = ".osrel",
|
||||||
[UNIFIED_SECTION_CMDLINE] = ".cmdline",
|
[UNIFIED_SECTION_CMDLINE] = ".cmdline",
|
||||||
[UNIFIED_SECTION_INITRD] = ".initrd",
|
[UNIFIED_SECTION_INITRD] = ".initrd",
|
||||||
[UNIFIED_SECTION_UCODE] = ".ucode",
|
[UNIFIED_SECTION_UCODE] = ".ucode",
|
||||||
[UNIFIED_SECTION_SPLASH] = ".splash",
|
[UNIFIED_SECTION_SPLASH] = ".splash",
|
||||||
[UNIFIED_SECTION_DTB] = ".dtb",
|
[UNIFIED_SECTION_DTB] = ".dtb",
|
||||||
[UNIFIED_SECTION_UNAME] = ".uname",
|
[UNIFIED_SECTION_UNAME] = ".uname",
|
||||||
[UNIFIED_SECTION_SBAT] = ".sbat",
|
[UNIFIED_SECTION_SBAT] = ".sbat",
|
||||||
[UNIFIED_SECTION_PCRSIG] = ".pcrsig",
|
[UNIFIED_SECTION_PCRSIG] = ".pcrsig",
|
||||||
[UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
|
[UNIFIED_SECTION_PCRPKEY] = ".pcrpkey",
|
||||||
[UNIFIED_SECTION_PROFILE] = ".profile",
|
[UNIFIED_SECTION_PROFILE] = ".profile",
|
||||||
[UNIFIED_SECTION_DTBAUTO] = ".dtbauto",
|
[UNIFIED_SECTION_DTBAUTO] = ".dtbauto",
|
||||||
[UNIFIED_SECTION_HWIDS] = ".hwids",
|
[UNIFIED_SECTION_HWIDS] = ".hwids",
|
||||||
|
[UNIFIED_SECTION_FIRMWARE] = ".efifwauto",
|
||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
|
@ -20,6 +20,7 @@ typedef enum UnifiedSection {
|
||||||
UNIFIED_SECTION_PROFILE,
|
UNIFIED_SECTION_PROFILE,
|
||||||
UNIFIED_SECTION_DTBAUTO,
|
UNIFIED_SECTION_DTBAUTO,
|
||||||
UNIFIED_SECTION_HWIDS,
|
UNIFIED_SECTION_HWIDS,
|
||||||
|
UNIFIED_SECTION_FIRMWARE,
|
||||||
_UNIFIED_SECTION_MAX,
|
_UNIFIED_SECTION_MAX,
|
||||||
} UnifiedSection;
|
} UnifiedSection;
|
||||||
|
|
||||||
|
|
|
@ -101,18 +101,20 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||||
" -j Same as --json=pretty on tty, --json=short otherwise\n"
|
" -j Same as --json=pretty on tty, --json=short otherwise\n"
|
||||||
" --append=PATH Load specified JSON signature, and append new signature to it\n"
|
" --append=PATH Load specified JSON signature, and append new signature to it\n"
|
||||||
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
|
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
|
||||||
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
||||||
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
||||||
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
||||||
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
" --firmware=PATH Path to firmware image file %7$s .efifwauto\n"
|
||||||
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
||||||
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
||||||
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
||||||
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
||||||
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
" --dtbauto=PATH Path to DeviceTree file for auto selection %7$s .dtbauto\n"
|
||||||
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
||||||
" --profile=PATH Path to profile file %7$s .profile\n"
|
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
||||||
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
||||||
|
" --profile=PATH Path to profile file %7$s .profile\n"
|
||||||
|
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
||||||
"\nSee the %2$s for details.\n",
|
"\nSee the %2$s for details.\n",
|
||||||
program_invocation_short_name,
|
program_invocation_short_name,
|
||||||
link,
|
link,
|
||||||
|
@ -158,8 +160,9 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
ARG_PCRPKEY,
|
ARG_PCRPKEY,
|
||||||
ARG_PROFILE,
|
ARG_PROFILE,
|
||||||
ARG_HWIDS,
|
ARG_HWIDS,
|
||||||
|
ARG_DTBAUTO,
|
||||||
_ARG_SECTION_LAST,
|
_ARG_SECTION_LAST,
|
||||||
ARG_DTBAUTO = _ARG_SECTION_LAST,
|
ARG_FIRMWARE = _ARG_SECTION_LAST,
|
||||||
ARG_BANK,
|
ARG_BANK,
|
||||||
ARG_PRIVATE_KEY,
|
ARG_PRIVATE_KEY,
|
||||||
ARG_PRIVATE_KEY_SOURCE,
|
ARG_PRIVATE_KEY_SOURCE,
|
||||||
|
@ -180,6 +183,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
{ "osrel", required_argument, NULL, ARG_OSREL },
|
{ "osrel", required_argument, NULL, ARG_OSREL },
|
||||||
{ "cmdline", required_argument, NULL, ARG_CMDLINE },
|
{ "cmdline", required_argument, NULL, ARG_CMDLINE },
|
||||||
{ "initrd", required_argument, NULL, ARG_INITRD },
|
{ "initrd", required_argument, NULL, ARG_INITRD },
|
||||||
|
{ "firmware", required_argument, NULL, ARG_FIRMWARE },
|
||||||
{ "ucode", required_argument, NULL, ARG_UCODE },
|
{ "ucode", required_argument, NULL, ARG_UCODE },
|
||||||
{ "splash", required_argument, NULL, ARG_SPLASH },
|
{ "splash", required_argument, NULL, ARG_SPLASH },
|
||||||
{ "dtb", required_argument, NULL, ARG_DTB },
|
{ "dtb", required_argument, NULL, ARG_DTB },
|
||||||
|
|
|
@ -242,6 +242,7 @@ class UkifyConfig:
|
||||||
efi_arch: str
|
efi_arch: str
|
||||||
hwids: Path
|
hwids: Path
|
||||||
initrd: list[Path]
|
initrd: list[Path]
|
||||||
|
firmware: list[Path]
|
||||||
join_profiles: list[Path]
|
join_profiles: list[Path]
|
||||||
json: Union[Literal['pretty'], Literal['short'], Literal['off']]
|
json: Union[Literal['pretty'], Literal['short'], Literal['off']]
|
||||||
linux: Optional[Path]
|
linux: Optional[Path]
|
||||||
|
@ -362,21 +363,22 @@ class Uname:
|
||||||
|
|
||||||
|
|
||||||
DEFAULT_SECTIONS_TO_SHOW = {
|
DEFAULT_SECTIONS_TO_SHOW = {
|
||||||
'.linux': 'binary',
|
'.linux': 'binary',
|
||||||
'.initrd': 'binary',
|
'.initrd': 'binary',
|
||||||
'.ucode': 'binary',
|
'.ucode': 'binary',
|
||||||
'.splash': 'binary',
|
'.splash': 'binary',
|
||||||
'.dtb': 'binary',
|
'.dtb': 'binary',
|
||||||
'.dtbauto': 'binary',
|
'.dtbauto': 'binary',
|
||||||
'.hwids': 'binary',
|
'.hwids': 'binary',
|
||||||
'.cmdline': 'text',
|
'.efifwauto': 'binary',
|
||||||
'.osrel': 'text',
|
'.cmdline': 'text',
|
||||||
'.uname': 'text',
|
'.osrel': 'text',
|
||||||
'.pcrpkey': 'text',
|
'.uname': 'text',
|
||||||
'.pcrsig': 'text',
|
'.pcrpkey': 'text',
|
||||||
'.sbat': 'text',
|
'.pcrsig': 'text',
|
||||||
'.sbom': 'binary',
|
'.sbat': 'text',
|
||||||
'.profile': 'text',
|
'.sbom': 'binary',
|
||||||
|
'.profile': 'text',
|
||||||
} # fmt: skip
|
} # fmt: skip
|
||||||
|
|
||||||
|
|
||||||
|
@ -1204,16 +1206,17 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
|
|
||||||
sections = [
|
sections = [
|
||||||
# name, content, measure?
|
# name, content, measure?
|
||||||
('.osrel', opts.os_release, True),
|
('.osrel', opts.os_release, True),
|
||||||
('.cmdline', opts.cmdline, True),
|
('.cmdline', opts.cmdline, True),
|
||||||
('.dtb', opts.devicetree, True),
|
('.dtb', opts.devicetree, True),
|
||||||
*(('.dtbauto', dtb, True) for dtb in opts.devicetree_auto),
|
*(('.dtbauto', dtb, True) for dtb in opts.devicetree_auto),
|
||||||
('.hwids', hwids, True),
|
('.hwids', hwids, True),
|
||||||
('.uname', opts.uname, True),
|
('.uname', opts.uname, True),
|
||||||
('.splash', opts.splash, True),
|
('.splash', opts.splash, True),
|
||||||
('.pcrpkey', pcrpkey, True),
|
('.pcrpkey', pcrpkey, True),
|
||||||
('.initrd', initrd, True),
|
('.initrd', initrd, True),
|
||||||
('.ucode', opts.microcode, True),
|
*(('.efifwauto', fw, True) for fw in opts.firmware),
|
||||||
|
('.ucode', opts.microcode, True),
|
||||||
] # fmt: skip
|
] # fmt: skip
|
||||||
|
|
||||||
# If we're building a PE profile binary, the ".profile" section has to be the first one.
|
# If we're building a PE profile binary, the ".profile" section has to be the first one.
|
||||||
|
@ -1269,6 +1272,7 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
'.osrel',
|
'.osrel',
|
||||||
'.cmdline',
|
'.cmdline',
|
||||||
'.initrd',
|
'.initrd',
|
||||||
|
'.efifwauto',
|
||||||
'.ucode',
|
'.ucode',
|
||||||
'.splash',
|
'.splash',
|
||||||
'.dtb',
|
'.dtb',
|
||||||
|
@ -1729,6 +1733,16 @@ CONFIG_ITEMS = [
|
||||||
config_key='UKI/Initrd',
|
config_key='UKI/Initrd',
|
||||||
config_push=ConfigItem.config_list_prepend,
|
config_push=ConfigItem.config_list_prepend,
|
||||||
),
|
),
|
||||||
|
ConfigItem(
|
||||||
|
'--firmware',
|
||||||
|
metavar='PATH',
|
||||||
|
type=Path,
|
||||||
|
action='append',
|
||||||
|
default=[],
|
||||||
|
help='firmware file [.efifwauto section]',
|
||||||
|
config_key='UKI/Firmware',
|
||||||
|
config_push=ConfigItem.config_list_prepend,
|
||||||
|
),
|
||||||
ConfigItem(
|
ConfigItem(
|
||||||
'--microcode',
|
'--microcode',
|
||||||
metavar='UCODE',
|
metavar='UCODE',
|
||||||
|
|
Loading…
Reference in New Issue