diff options
| author | Jan Janssen <medhefgo@web.de> | 2022-08-04 10:21:15 +0200 |
|---|---|---|
| committer | Jan Janssen <medhefgo@web.de> | 2022-08-04 10:21:15 +0200 |
| commit | bafc594528767192bc4b3c0081a992a9e2647d50 (patch) | |
| tree | 12c1efc35118bb424a654c611f0784effaa021a5 | |
| parent | adb9485acb2b7f429a72ce6db024724a809b6ec1 (diff) | |
| download | systemd-bafc594528767192bc4b3c0081a992a9e2647d50.tar.gz | |
boot: Skip safety countdown when running in a VM
| -rw-r--r-- | src/boot/efi/secure-boot.c | 5 | ||||
| -rw-r--r-- | src/boot/efi/ticks.c | 26 | ||||
| -rw-r--r-- | src/boot/efi/util.c | 17 | ||||
| -rw-r--r-- | src/boot/efi/util.h | 8 |
4 files changed, 34 insertions, 22 deletions
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index 854825abdb..cf7a464d0a 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -49,6 +49,11 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) { unsigned timeout_sec = 15; for(;;) { + /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing + * we can brick there. */ + if (in_hypervisor()) + break; + PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec); uint64_t key; diff --git a/src/boot/efi/ticks.c b/src/boot/efi/ticks.c index 16e488c958..1b74ba15d0 100644 --- a/src/boot/efi/ticks.c +++ b/src/boot/efi/ticks.c @@ -2,35 +2,17 @@ #include <efi.h> #include <efilib.h> -#if defined(__i386__) || defined(__x86_64__) -#include <cpuid.h> -#endif -#include <stdbool.h> #include "ticks.h" - -#if defined(__i386__) || defined(__x86_64__) -static bool in_hypervisor(void) { - uint32_t eax, ebx, ecx, edx; - - /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero - * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful - * for keeping time, hence don't attempt to use it. - * - * This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI - * environment. */ - - if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0) - return false; - - return !!(ecx & 0x80000000U); -} -#endif +#include "util.h" #ifdef __x86_64__ static uint64_t ticks_read(void) { uint64_t a, d; + /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero + * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful + * for keeping time, hence don't attempt to use it. */ if (in_hypervisor()) return 0; diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 6fcf9b3121..a41dbaa43e 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -2,6 +2,9 @@ #include <efi.h> #include <efilib.h> +#if defined(__i386__) || defined(__x86_64__) +# include <cpuid.h> +#endif #include "ticks.h" #include "util.h" @@ -768,3 +771,17 @@ EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DE SetDevicePathEndNode(dp); return EFI_SUCCESS; } + +#if defined(__i386__) || defined(__x86_64__) +bool in_hypervisor(void) { + uint32_t eax, ebx, ecx, edx; + + /* This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI + * environment. */ + + if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0) + return false; + + return !!(ecx & 0x80000000U); +} +#endif diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index bb4bb64e0e..afbc217d53 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -179,3 +179,11 @@ static inline void beep(UINTN beep_count) {} EFI_STATUS open_volume(EFI_HANDLE device, EFI_FILE **ret_file); EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DEVICE_PATH **ret_dp); + +#if defined(__i386__) || defined(__x86_64__) +bool in_hypervisor(void); +#else +static inline bool in_hypervisor(void) { + return false; +} +#endif |