Implement shim image load protocol

Define a new protocol for loading and starting images, encapsulating
shim's PE loading facilities and verification/authentication against the
same set of certificates that shim_lock::verify() authenticates against.

This removes the need for loaders like GRUB to implement their own PE
loader in order to be able to invoke loaded images as PE applications,
rather than implementing a bespoke OS dependent handover protocol (e.g.,
invoke Linux via its EFI stub)

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

1 files changed, 18 insertions, 0 deletions

diff --git a/shim.h b/shim.h
index 43fcb191..704e34ea 100644
--- a/shim.h
+++ b/shim.h
@@ -55,6 +55,7 @@
 #ifndef SHIM_UNIT_TEST
 #include <efi.h>
 #include <efilib.h>
+#include <efisetjmp.h>
 #undef uefi_call_wrapper
 #include <efierr.h>
 #include <efiip.h>
@@ -237,6 +238,11 @@ typedef struct _SHIM_LOCK {
 	EFI_SHIM_LOCK_CONTEXT Context;
 } SHIM_LOCK;
 
+typedef struct _SHIM_IMAGE_LOADER {
+    EFI_IMAGE_LOAD	LoadImage;
+    EFI_IMAGE_START	StartImage;
+} SHIM_IMAGE_LOADER;
+
 extern EFI_STATUS shim_init(void);
 extern void shim_fini(void);
 extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func,
@@ -326,4 +332,16 @@ verify_buffer (char *data, int datasize,
 
 char *translate_slashes(char *out, const char *str);
 
+typedef struct {
+	EFI_LOADED_IMAGE	li;
+	EFI_IMAGE_ENTRY_POINT	entry_point;
+	EFI_PHYSICAL_ADDRESS	alloc_address;
+	UINTN			alloc_pages;
+	EFI_STATUS		exit_status;
+	CONST CHAR16		*exit_data;
+	UINTN			exit_data_size;
+	jmp_buf			longjmp_buf;
+	BOOLEAN			started;
+} SHIM_LOADED_IMAGE;
+
 #endif /* SHIM_H_ */