From 1e57d64e51387e59db69fa8bda3157e488fe71f3 Mon Sep 17 00:00:00 2001 From: srs5694 Date: Sat, 8 Dec 2012 17:49:34 -0500 Subject: [PATCH] Fixed ELILO-in-Secure-Boot bug and bug that caused hangs of the EFI shell on some systems. --- NEWS.txt | 12 ++++++------ docs/refind/secureboot.html | 25 ++++++------------------- refind/main.c | 26 +++++++++++++++----------- refind/mok.c | 2 +- 4 files changed, 28 insertions(+), 37 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index ca90d7e..c927700 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,12 +1,12 @@ 0.5.1 (??/??/201?): ------------------- -- Implemented a workaround to enable ELILO to launch with Secure Boot - active: Pass a "-C \path\to\elilo\elilo.conf" option to the program. - The user will need to explicitly provide the path to the Linux kernel and - initrd, not rely on the program to be able to read the files from the - current directory. In elilo.conf, the path should be specified with - forward slashes or doubled-up backslashes. +- Fixed bug that caused some programs (EFI shells, in particular) to hang + when launching on some systems (DUET, in particular). + +- Implemented a fix to enable ELILO to launch with Secure Boot active. + This fix might help with some other boot loaders in Secure Boot mode, + too, but I don't know of any specifics. 0.5.0 (12/6/2012): ------------------ diff --git a/docs/refind/secureboot.html b/docs/refind/secureboot.html index d193e87..d254f81 100644 --- a/docs/refind/secureboot.html +++ b/docs/refind/secureboot.html @@ -226,25 +226,12 @@ Change Your Name to your own name or other identifying characteristics, try to launch two drivers, rEFInd throws up an Access Denied error for the second driver. -
  • ELILO can't find the directory from which it was launched when launched - from rEFInd in Secure Boot mode. This means that you must pass the - -C /path/to/binary/elilo.conf option - to ELILO. rEFInd does this automatically for the default ELILO option, - but you should bear the need in mind if you edit that option or use the - secondary boot options. Because of the same problem, you must specify - the complete path to your kernel and initial RAM disk file in - elilo.conf. Be sure to specify these paths using either - forward slashes (/) or doubled-up backslashes (\\). - It's possible that some other boot loaders will suffer from the same - problem.
    • - -
  • Signing the Windows boot loader with a MOK won't work; it hangs, - probably for reasons similar to the ones that cause ELILO to fail to - find its home directory. Fortunately, the Windows 8 boot loader should - work because it should be verified and launched via EFI calls rather - than via the new shim-derived code. (I lack a Windows 8 installation - for testing, though.) This limitation could affect you if you want to - boot Windows 7 with Secure Boot active, though.
    • +
  • Signing the Windows boot loader with a MOK won't work; it hangs. + Fortunately, the Windows 8 boot loader should work because it should be + verified and launched via EFI calls rather than via the new + shim-derived code. (I lack a Windows 8 installation for testing, + though.) This limitation could affect you if you want to boot Windows 7 + with Secure Boot active.
  • Under certain circumstances, the time required to launch a boot loader can increase. This is unlikely to be noticeable for the average small diff --git a/refind/main.c b/refind/main.c index ffbcdb3..e53c2ed 100644 --- a/refind/main.c +++ b/refind/main.c @@ -118,7 +118,7 @@ static VOID AboutrEFInd(VOID) if (AboutMenu.EntryCount == 0) { AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT); - AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.5.0.1"); + AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.5.0.2"); AddMenuInfoLine(&AboutMenu, L""); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer"); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012 Roderick W. Smith"); @@ -196,8 +196,12 @@ static EFI_STATUS StartEFIImageList(IN EFI_DEVICE_PATH **DevicePaths, } else { MergeStrings(&FullLoadOptions, LoadOptions, 0); } // if/else - // NOTE: We also include the terminating null in the length for safety. - } // if (LoadOptions != NULL) + } else { // LoadOptions == NULL + // NOTE: We provide a non-null string when no options are specified for safety; + // some systems (at least DUET) can hang when launching some programs (such as + // an EFI shell) without this. + FullLoadOptions = StrDuplicate(L" "); + } if (Verbose) Print(L"Starting %s\nUsing load options '%s'\n", ImageTitle, FullLoadOptions); @@ -211,8 +215,8 @@ static EFI_STATUS StartEFIImageList(IN EFI_DEVICE_PATH **DevicePaths, // TODO: Track down the cause of this error and fix it, if possible. // ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex], // ImageData, ImageSize, &ChildImageHandle); - ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex], - NULL, 0, &ChildImageHandle); + ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex], + NULL, 0, &ChildImageHandle); if ((Status == EFI_ACCESS_DENIED) && (ShimLoaded())) { FindVolumeAndFilename(DevicePaths[DevicePathIndex], &DeviceVolume, &loader); if (DeviceVolume != NULL) { @@ -743,12 +747,12 @@ VOID SetLoaderDefaults(LOADER_ENTRY *Entry, CHAR16 *LoaderPath, IN REFIT_VOLUME } else if (StriCmp(FileName, L"e.efi") == 0 || StriCmp(FileName, L"elilo.efi") == 0 || StriSubCmp(L"elilo", FileName)) { MergeStrings(&OSIconName, L"elilo,linux", L','); Entry->OSType = 'E'; - if (secure_mode()) { // hack to enable ELILO to boot in secure mode - Temp = StrDuplicate(L"-C "); - MergeStrings(&Temp, PathOnly, 0); - MergeStrings(&Temp, L"elilo.conf", L'\\'); - Entry->LoadOptions = Temp; - } +// if (secure_mode()) { // hack to enable ELILO to boot in secure mode +// Temp = StrDuplicate(L"-C "); +// MergeStrings(&Temp, PathOnly, 0); +// MergeStrings(&Temp, L"elilo.conf", L'\\'); +// Entry->LoadOptions = Temp; +// } if (ShortcutLetter == 0) ShortcutLetter = 'L'; Entry->UseGraphicsMode = GlobalConfig.GraphicsFor & GRAPHICS_FOR_ELILO; diff --git a/refind/mok.c b/refind/mok.c index d97d877..091028a 100644 --- a/refind/mok.c +++ b/refind/mok.c @@ -436,7 +436,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, EFI_LOADED_IM * disk, and its load options, so fix up the loaded image protocol values */ DevicePath = FileDevicePath(NULL, FileName); - DevicePath = FileDevicePath(DeviceVolume->DeviceHandle, FileName); +// DevicePath = FileDevicePath(DeviceVolume->DeviceHandle, FileName); li->DeviceHandle = DeviceVolume->DeviceHandle; li->FilePath = DevicePath; li->LoadOptionsSize = ((UINT32)StrLen(Options) + 1) * sizeof(CHAR16); -- 2.39.2