diff options
| -rw-r--r-- | BUILDING | 6 | ||||
| -rw-r--r-- | Make.defaults | 4 | ||||
| -rw-r--r-- | shim.c | 11 |
3 files changed, 21 insertions, 0 deletions
@@ -45,6 +45,12 @@ Variables you could set to customize the build: shim has already verified the kernel when shim loaded the kernel as the second stage loader. In such a case, and only in this case, you should use DISABLE_EBS_PROTECTION=y to build. +- DISABLE_REMOVABLE_LOAD_OPTIONS + Do not parse load options when invoked as boot*.efi. This prevents boot + failures because of unexpected data in boot entries automatically generated + by firmware. It breaks loading non-default second-stage loaders when invoked + via that path, and requires using a binary named shim*.efi (or really anything + else). - REQUIRE_TPM if tpm logging or extends return an error code, treat that as a fatal error. - ARCH diff --git a/Make.defaults b/Make.defaults index d041f0d5..18677daa 100644 --- a/Make.defaults +++ b/Make.defaults @@ -153,6 +153,10 @@ ifneq ($(origin DISABLE_EBS_PROTECTION), undefined) DEFINES += -DDISABLE_EBS_PROTECTION endif +ifneq ($(origin DISABLE_REMOVABLE_LOAD_OPTIONS), undefined) + DEFINES += -DDISABLE_REMOVABLE_LOAD_OPTIONS +endif + LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) FORMAT ?= --target efi-app-$(ARCH) @@ -1170,6 +1170,17 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle) return efi_status; } +#if defined(DISABLE_REMOVABLE_LOAD_OPTIONS) + /* + * boot services build very strange load options, and we might misparse them, + * causing boot failures on removable media. + */ + if (is_removable_media_path(li)) { + dprint("Invoked from removable media path, ignoring boot options"); + return EFI_SUCCESS; + } +#endif + efi_status = parse_load_options(li); if (EFI_ERROR(efi_status)) { perror (L"Failed to get load options: %r\n", efi_status); |