[PATCH] efi: Restrict the simple file system protocol to support only FAT

[Masami Hiramatsu]

Hi Ilias,

2021年6月3日(木) 15:25 Ilias Apalodimas <ilias.apalodimas at linaro.org>:
>
> [...]
> > >
> > > At least Debian and Ubuntu do not allow /boot to be on a FAT file system. If we want to boot Linux via the EFI stub without GRUB, we need ext4 support exposed to the EFI sub-system. See Ilias' recent contributions for the EFI_LOAD_FILE2_PROTOCOL for initrd and efidebug. This came in handy for booting via EFI on RISC-V where the initrd= command line parameter is not supported by Linux.
> >
> > IMHO, such dependency is out of UEFI spec. That means Debian/Ubuntu
> > doesn't follow the UEFI spec. (but as far as I know, those install ESP
> > on the disk and install GRUB efi application for boot)
> > And yes, EFI_LOAD_FILE2_PROTOCOL needs to load initrd from somewhere
> > (I'm usually put it on the ESP). But, if the EFI_LOAD_FILE2_PROTOCOL
> > *requires* to access ext4 partition, I think that is not supported by
> > UEFI spec.
>
> One of the advantages in using EFI_LOAD_FILE2_PROTOCOL is that you can load
> it from *any* file system the firmware has access to. The only thing the
> kernel does is provide a buffer big enough to fit in the initrd.  The
> firmware is free to locate the file and copy it in that memory however it
> sees fit.

Ah, I got it. Yes, EFI_LOAD_FILE2_PROTOCOL doesn't depend on the
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. Thus it should be able to load
the file from where the U-Boot can access. However, since current implementation
depends on the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, my patch limits
the ability...

Thank you,

>
> Cheers
> /Ilias
> >
> > Anyway, I agree that denying access to non-FAT partitions is too
> > restricted. What about my other ideas? If the volume is set to
> > ReadOnly, that is good for both of the SCT and the
> > EFI_LOAD_FILE2_PROTOCOL.
> >
> >
> > Thank you,
> >
> > >
> > > Best regards
> > >
> > > Heinrich
> > >
> > >



-- 
Masami Hiramatsu