The EFI zboot decompression code that has been merged into v6.1-rc1 is fully generic, and relies on the EFI stub inside the encapsulated image to implement the actual EFI boot sequence. While this works fine, it has some drawbacks that we might prefer to fix: - executing the EFI stub of the inner image requires that it is signed if secure boot is enabled, which is a bit of a hassle, given that signing the image must occur during the build; - decompressing a PE/COFF image and calling LoadImage() on it means that it gets copied again, and potentially yet another time if the placement does not meet per-arch requirements. Given that the zboot decompressor and the EFI stub are built from the same set of objects in the libstub static library, we can make things a bit simpler, by incorporating everything the stub does into the zboot decompressor, and only handing off to the decompressed image after ExitBootServices(). This removes the need for signing the inner image, and allows us to decompress the image directly into the intended location in memory. This involves some refactoring, to remove the dependency on symbols that are only defined when linking directly to vmlinux, such as string and memory compare routines, and section boundaries of the core kernel. While at it, remove some functionality if it's not worth the effort making it work on both code paths, such as the EFI properties table, and the randomization of the UEFI runtime regions. Since image signing no longer needs to occur during the build, let's also drop the support for invoking sbsign during the build on both the inner image and the decompressor. (I intend to send that patch as a fix for v6.1 so we don't add zombie Kconfig symbols to a LTS kernel) Cc: Matthew Garrett <mjg59@xxxxxxxxxxxxx> Cc: Peter Jones <pjones@xxxxxxxxxx> Cc: Ilias Apalodimas <ilias.apalodimas@xxxxxxxxxx> Cc: Palmer Dabbelt <palmer@xxxxxxxxxxx> Cc: Atish Patra <atishp@xxxxxxxxxxxxxx> Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: Huacai Chen <chenhuacai@xxxxxxxxxxx> Cc: Xi Ruoyao <xry111@xxxxxxxxxxx> Cc: Lennart Poettering <lennart@xxxxxxxxxxxxxx> Cc: Jeremy Linton <jeremy.linton@xxxxxxx> Cc: Will Deacon <will@xxxxxxxxxx> Cc: Catalin Marinas <catalin.marinas@xxxxxxx> Ard Biesheuvel (21): arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel() arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel() arm64: efi: Move efi-entry.S into the libstub source directory efi: libstub: Remove zboot signing from build options efi: libstub: Drop randomization of runtime memory map efi: libstub: Drop handling of EFI properties table efi: libstub: Deduplicate ftrace command line argument filtering efi: libstub: Use local strncmp() implementation unconditionally efi: libstub: Clone memcmp() into the stub efi: libstub: Enable efi_printk() in zboot decompressor efi: loongarch: Drop exports of unused string routines efi: libstub: Move screen_info handling to common code efi: libstub: Provide local implementations of strrchr() and memchr() efi: libstub: Factor out EFI stub entrypoint into separate file efi: libstub: Add image code and data size to the zimage metadata efi: libstub: Factor out min alignment and preferred kernel load address efi/riscv: libstub: Split off kernel image relocation for builtin stub efi/arm64: libstub: Split off kernel image relocation for builtin stub efi/loongarch: Don't jump to kernel entry via the old image efi/loongarch: libstub: Split off kernel image relocation for builtin stub efi: libstub: Merge zboot decompressor with the ordinary stub arch/arm/include/asm/efi.h | 3 - arch/arm/kernel/efi.c | 31 +- arch/arm64/include/asm/efi.h | 15 +- arch/arm64/kernel/Makefile | 9 +- arch/arm64/kernel/efi-entry.S | 69 ----- arch/arm64/kernel/image-vars.h | 8 - arch/loongarch/include/asm/efi.h | 14 +- arch/loongarch/kernel/efi.c | 24 +- arch/loongarch/kernel/image-vars.h | 8 - arch/riscv/include/asm/efi.h | 13 +- arch/riscv/kernel/image-vars.h | 6 - drivers/firmware/efi/Kconfig | 22 -- drivers/firmware/efi/efi-init.c | 21 +- drivers/firmware/efi/efi.c | 5 + drivers/firmware/efi/libstub/Makefile | 30 +- drivers/firmware/efi/libstub/Makefile.zboot | 53 +--- drivers/firmware/efi/libstub/arm32-stub.c | 37 --- drivers/firmware/efi/libstub/arm64-entry.S | 69 +++++ drivers/firmware/efi/libstub/arm64-stub.c | 49 +--- drivers/firmware/efi/libstub/arm64.c | 61 ++++ drivers/firmware/efi/libstub/efi-stub-entry.c | 65 +++++ drivers/firmware/efi/libstub/efi-stub-helper.c | 143 --------- drivers/firmware/efi/libstub/efi-stub.c | 140 +++------ drivers/firmware/efi/libstub/efistub.h | 15 + drivers/firmware/efi/libstub/file.c | 18 -- drivers/firmware/efi/libstub/intrinsics.c | 18 ++ drivers/firmware/efi/libstub/loongarch-stub.c | 89 ++---- drivers/firmware/efi/libstub/loongarch.c | 80 +++++ drivers/firmware/efi/libstub/printk.c | 154 ++++++++++ drivers/firmware/efi/libstub/riscv-stub.c | 96 +----- drivers/firmware/efi/libstub/riscv.c | 98 +++++++ drivers/firmware/efi/libstub/screen_info.c | 56 ++++ drivers/firmware/efi/libstub/string.c | 95 +++++- drivers/firmware/efi/libstub/zboot-header.S | 2 +- drivers/firmware/efi/libstub/zboot.c | 307 +++++--------------- include/linux/efi.h | 2 +- 36 files changed, 972 insertions(+), 953 deletions(-) delete mode 100644 arch/arm64/kernel/efi-entry.S create mode 100644 drivers/firmware/efi/libstub/arm64-entry.S create mode 100644 drivers/firmware/efi/libstub/arm64.c create mode 100644 drivers/firmware/efi/libstub/efi-stub-entry.c create mode 100644 drivers/firmware/efi/libstub/loongarch.c create mode 100644 drivers/firmware/efi/libstub/printk.c create mode 100644 drivers/firmware/efi/libstub/riscv.c create mode 100644 drivers/firmware/efi/libstub/screen_info.c -- 2.35.1