diff options
| author | Michael Brown | 2023-05-24 11:20:31 +0200 |
|---|---|---|
| committer | Michael Brown | 2023-05-24 11:20:31 +0200 |
| commit | 6a7f560e60837fc2ce82a7aa976035656f7d231e (patch) | |
| tree | 5a6f06694b4eaef5b8ec6ccb1e4976d8594d3dc2 | |
| parent | [efi] Support versions of shim that perform SBAT verification (diff) | |
| download | ipxe-6a7f560e60837fc2ce82a7aa976035656f7d231e.tar.gz ipxe-6a7f560e60837fc2ce82a7aa976035656f7d231e.tar.xz ipxe-6a7f560e60837fc2ce82a7aa976035656f7d231e.zip | |
[efi] Implement "shim" as a dummy command on non-EFI platforms
The "shim" command will skip downloading the shim binary (and is
therefore a conditional no-op) if there is already a selected EFI
image that can be executed directly via LoadImage()/StartImage().
This allows the same iPXE script to be used with Secure Boot either
enabled or disabled.
Generalise this further to provide a dummy "shim" command that is an
unconditional no-op on non-EFI platforms. This then allows the same
iPXE script to be used for BIOS, EFI with Secure Boot disabled, or EFI
with Secure Boot enabled.
The same effect could be achieved by using "iseq ${platform} efi"
within the script, but this would complicate end-user documentation.
To minimise the code size impact, the dummy "shim" command is a pure
no-op that does not call parse_options() and so will ignore even
standardised arguments such as "--help".
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/config/defaults/efi.h | 1 | ||||
| -rw-r--r-- | src/config/general.h | 2 | ||||
| -rw-r--r-- | src/hci/commands/shim_cmd.c | 14 |
3 files changed, 15 insertions, 2 deletions
diff --git a/src/config/defaults/efi.h b/src/config/defaults/efi.h index 998bdcc1..8e53b9ab 100644 --- a/src/config/defaults/efi.h +++ b/src/config/defaults/efi.h @@ -47,7 +47,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define USB_BLOCK /* USB block devices */ #define REBOOT_CMD /* Reboot command */ -#define SHIM_CMD /* EFI shim command */ #if defined ( __i386__ ) || defined ( __x86_64__ ) #define IOAPI_X86 diff --git a/src/config/general.h b/src/config/general.h index 2a371d0e..6e8e86b2 100644 --- a/src/config/general.h +++ b/src/config/general.h @@ -160,7 +160,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); //#define CERT_CMD /* Certificate management commands */ //#define IMAGE_MEM_CMD /* Read memory command */ #define IMAGE_ARCHIVE_CMD /* Archive image management commands */ -//#define SHIM_CMD /* EFI shim command */ +#define SHIM_CMD /* EFI shim command (or dummy command) */ /* * ROM-specific options diff --git a/src/hci/commands/shim_cmd.c b/src/hci/commands/shim_cmd.c index 9150af3f..11956290 100644 --- a/src/hci/commands/shim_cmd.c +++ b/src/hci/commands/shim_cmd.c @@ -36,6 +36,13 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * */ +/* Exist as a dummy command on non-EFI platforms */ +#ifdef PLATFORM_efi +#define shim_dummy 0 +#else +#define shim_dummy 1 +#endif + /** "shim" options */ struct shim_options { /** Download timeout */ @@ -79,6 +86,12 @@ static int shim_exec ( int argc, char **argv ) { int download; int rc; + /* Do absolutely nothing if this is a non-EFI platform */ + if ( shim_dummy ) { + rc = 0; + goto err_dummy; + } + /* Parse options */ if ( ( rc = parse_options ( argc, argv, &shim_cmd, &opts ) ) != 0 ) goto err_parse; @@ -105,6 +118,7 @@ static int shim_exec ( int argc, char **argv ) { err_shim: err_image: err_parse: + err_dummy: return rc; } |