Updated support for SHIM on RISC-V #641
Conversation
Add what is needed to build on riscv64. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> This is an update to rhboot#420 which brings it in alignment with the current upstream. Signed-off-by: Brian 'redbeard' Harrington <redbeard@dead-city.org>
brianredbeard
force-pushed
the
riscv-shim
branch
from
144f786 to
debe983
Compare
|
@vathpela can we get a review? |
brianredbeard
force-pushed
the
riscv-shim
branch
from
debe983 to
5031a99
Compare
|
FYI, reverted the previous commit after a discussion with @xypron. Heinrich helpfully pointed out that the structure of pre-processor definitions in the form of |
|
FYI gnu-efi ( https://github.com/rhboot/gnu-efi/tree/master ) has been rebased to 3.0.18 (released 3 days ago!). The builds are already available for F40 and F41 in Fedora too: |
Make.defaults
Outdated
| ARCH_GNUEFI ?= riscv64 | ||
| ARCH_SUFFIX ?= riscv64 | ||
| ARCH_SUFFIX_UPPER ?= RISCV64 | ||
| FORMAT := -O binary |
There was a problem hiding this comment.
We had some discussions with Peter Jones last year. There was a strong preference not to add more "-O binary" architectures. Two patches landed in binutils 2.42:
[PATCH] Add basic support for RISC-V 64-bit EFI objects
[PATCH] Handle "efi-app-riscv64" and similar targets in objcopy. // From Peter Jones
That means we have efi-app-riscv64 support. That probably means it should look more like aarch64. I haven't looked deeper or tested it.
There was a problem hiding this comment.
@davidlt Shim has an .sbat section with the contents of a CSV file for defining the security patch level. How would you create that section with binutils' efi-app-riscv64 target?
The content of the .sbat section is something like:
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
shim,4,UEFI shim,shim,1,https://github.com/rhboot/shim
shim.ubuntu,1,Ubuntu,shim,15.8-0ubuntu1,https://www.ubuntu.com/
There was a problem hiding this comment.
It really seems that the lines
+ FORMAT := -O binary
+ SUBSYSTEM := 0xa
+ ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ TIMESTAMP_LOCATION := 72
are not needed. SUBSYSTEM defaults to 0x0a in branch main of https://github.com/rhboot/gnu-efi.git:
gnu-efi/gnuefi/crt0-efi-riscv64.S:20:
#define EFI_SUBSYSTEM 10
TIMESTAMP_LOCATION is unused.
FORMAT is a flag passed to riscv64-linux-gnu-objcopy which seems unneded.
@brianredbeard Could you please drop the lines from your merge request.
|
The last commit is missing |
|
|
||
| #if defined(__riscv) && __riscv_xlen == 64 | ||
| #ifndef DEFAULT_LOADER | ||
| #define DEFAULT_LOADER L"\\grubriscv64.efi" |
There was a problem hiding this comment.
Shouldn't the file name be shorter (as in 8.3 format) given a FAT filesystem?
There was a problem hiding this comment.
- FAT supports long file names since Windows 95.
- The default name for EFI binaries on RISC-V is /EFI/BOOT/BOOTRISCV64.EFI. That is not 8.3 either.
- Distros like Fedora and Ubuntu are already using grubriscv64.efi as file name (cf. https://fedoraproject.org/wiki/Architectures/RISC-V/GRUB2)
There was a problem hiding this comment.
Okay, cool. I was just thinking I've seen some vendors expect/model on it being strict FAT12 in the x86 space, and seeing the longer file name started to bug me. Also interesting Ubuntu beat Debian since I checked Debian packaging yesterday when the question came up in another project of "what would the filename be?!" so we could correctly account for it.
There was a problem hiding this comment.
UEFI requires support for FAT long filenames (LFN) in all FAT12, FAT16 and FAT32 so it's fine
|
Hey, I'm wondering what's missing to get this one merged at this point? From a cursory look, it seems that all points raised during review have been addressed. I'm really keen on seeing this make its way to Fedora. Along with the lack of an up-to-date GRUB2 (which is something that's supposedly being addressed as we speak), not having shim is, at least as far as I'm aware, the last remaining blocker to producing usable (albeit still unofficial) Fedora images for RISC-V. |
|
It is not very clean, but I was able to build and boot shim on a VisionFive 2 and EDK2 on a qemu/libvirt VM. I forked shim and gnu-efi with some rough work I had to pull a few things together to get builds working on riscv64.
You can basically clone https://github.com/jmontleon/shim/tree/riscv and With |
I don't think any distro has intentions to sign anything for RISC-V yet and I don't know if Microsoft would even accept it, or what the value would be in handing Microsoft the control over the RISC-V CA too. And unsigned you can just use grub directly and be happy, so I think there's no value merging changes like this and adding the maintenance overhead or have it potentially break each release because nobody tests it. |
|
Am 24. Juni 2024 09:46:14 MESZ schrieb Julian Andres Klode ***@***.***>:
> Hey, I'm wondering what's missing to get this one merged at this point? From a cursory look, it seems that all points raised during review have been addressed.
>
> I'm really keen on seeing this make its way to Fedora. Along with the lack of an up-to-date GRUB2 (which is something that's supposedly [being ***@***.***/thread/PHGU7UQS6O5SLLZIWTVD3E73OTM4GCS7/) as we speak), not having shim is, at least as far as I'm aware, the last remaining blocker to producing usable (albeit still unofficial) Fedora images for RISC-V.
I don't think any distro has intentions to sign anything for RISC-V yet and I don't know if Microsoft would even accept it, or what the value would be in handing Microsoft the control over the RISC-V CA too.
Testing should be done in the CI. There is no need for Microsoft signing for testing.
There has not been any decision on a global signing authority yet.
We should avoid development after the hardware is out. Instead we should provide the RISC-V community the tools needed to test secure boot now. This does not imply that distros have to package it now.
Best regards
Heinrich
…
And unsigned you can just use grub directly and be happy, so I think there's no value merging changes like this and adding the maintenance overhead or have it potentially break each release because nobody tests it.
|
AFAIK shim doesn't just handle the Secure Boot part though, it also takes care of locating and running the GRUB binary when installed as the fallback entry ( Anyway, that's the part I'm interested in, as it would allow us to ship disk images that can be booted right away, without the need on the user's part to create UEFI boot entries themselves, For this to work there's no need for the shim binary to be signed, much less to determine who the signing entity would be. |
|
ncroxon/gnu-efi#34 was merged. Using that work and this PR I had to make a few changes to get things working properly. I also ended up having to reimplement the closed PR #410. I did see the note re: patching gnu-efi instead of shim, which would basically be undoing the CHAR8 commit (ncroxon/gnu-efi@ce1ec9d) if that approach is desired. |
I doubt it. SHIM and SHIM's gnu-efi is outdated and in a very inconsistent state. CHAR8 should be 'unsigned char' since that's how UEFI spec says it is. |
|
On the face, the code this patch adds looks mostly okay to me, but there are still several problems here regarding the result. Even after following jmontleon's suggestions above, there are issues here, ranging from a minor problem with the PR itself to things that make this difficult to consider merging:
|
|
@vathpela It has been awhile since I looked but I remain able to build off the latest upstream gnu-efi with the additional changes I laid out in https://github.com/jmontleon/shim But updating gnu-efi to 5ea320f0f01c8de8f9dd4e4e38a245608f0287dd still builds: I did a scratch a riscv64 scratch build (http://fedora.riscv.rocks/koji/taskinfo?taskID=1837632) and tested in a virtual machine quick. It seems to still work ok. I did see an issue with va_list on x86_64 and added a workaround patch to the srpm there so it should build on x86_64 now as well. I'm definitely not insisting this or all the rest is 100% correct and ready to merge, but it should at least be possible to build and perhaps we can start working down the list of other issues you raised above? |
UEFI spec says CHAR8 is Latin-1 (0-255) so it's unsigned
Can be done by defining GNU_EFI_3_0_COMPAT
Not defining GNU_EFI_USE_EXTERNAL_STDARG??
Totally agree - this is a bit clutching at straws though - if there's a problem that isn't fixed just send a bug report |
Okay, but if I try that in the fairly straightforward way with this PR's code, which seems like it should be similar, it doesn't work because of the char signedness issue on riscv64: https://github.com/rhboot/shim/actions/runs/12678246015/job/35335419817?pr=713 I don't doubt that you've got something working, but I'm not reviewing some series of changes somewhere else, because I can't pull that. I'm reviewing a pull request here, and it doesn't work for the reasons state above.
That needs to be represented in the patches here.
Sure, that makes sense - but that's what this PR is for? The changes we need should be in the PR. Now obviously we need to have some more discussion about gnu-efi especially with regard to the char issue and the va_list weirdness; I understand that. But there's no proposed fix for those issues in this PR as far as I can see. |
Minor correction to myself - it's failing in #713 because there's no patch here to fix the define to make the breaking change with realloc() work. If I define GNU_EFI_3_0_COMPAT, it then breaks on something regarding elf.h changes and include paths in gnu-efi. I haven't debugged this further. |
I'm not even sure if this is actually an issue right now, because again, this PR doesn't give me a tree that builds due to other issues. Happy to continue this part of the discussion once we've figured out the blocking issues.
Looks likely, but even adding that here doesn't get me a tree that builds with any version of gnu-efi that I have.
It may well be that the right answer is to define that for this platform and not add the code that's added to
No, this is not clutching at straws - things that a) are sometimes hard to even notice, b) take up giant amounts of time to debug and c) can introduce exploitable flaws on other arches are an absolute showstopper, and I'm telling you that's a significant concern. Even if I weren't concerned about that, just rebasing to the upstream gnu-efi tree doesn't look possible without significant work, as it's an absolute mess. I can't even fast forward the master branch on top of an older checkout of that master branch. Seriously, try it: Rebasing our patches on top of it is also a mess, partly because of some refactoring patches that need to be rectified, partly because of the incredibly excessive use of merge commits, and partly because several patches from the rhboot gnu-efi tree appear to have been cherry-picked and sent upstream with different commit messages and attribution, which is itself concerning but in a different way. |
|
@vathpela thanks for looking further into this! I have no wisdom to share when it comes to the specifics of the changes being discussed, so I'll leave that to the other people involved in the conversation. It seems obvious to me though that the diff in this PR doesn't match what is currently being used in Fedora RISC-V, since we are definitely building the package successfully there. @jmontleon perhaps you can work with @brianredbeard to update this PR so that it matches reality? Anyway, I see that you've enabled a riscv64 cross-compilation job as part of #713. That's very nice! And it looks like it didn't require a big effort to do so either. In case you are interested in going further than mere compile-testing (once the PR is updated, of course!), we have documented the process of setting up an emulated riscv64 environment using QEMU. It should hopefully be fairly straightforward, but feel free to reach out to me if you have any questions. Hope this helps :) |
|
Currently attempting to build a working tree (yes i'm aware commit messages look awful -- this was purely for testing) |
|
Things still to do - after people have given more comments about my changes:
|
|
@gmbr3 I am in no position to give any feedback on the technical side of things, but I have to say that I'm absolutely ecstatic to see you making progress. As someone who's extremely keen on seeing shim running on riscv64, your continued efforts give me a lot of hope. Thank you and keep up the excellent work! |
|
@gmbr3 I took a look at your work — not the code itself, which is unfortunately way too complex and specialized for me to even begin to grasp, but rather the overall structure in terms of git branches and so on — and my understanding is as follows. What you're trying to do is to get upstream gnu-efi to a point where shim could successfully build against it instead of having to rely on its own soft fork which is based on an aging gnu-efi version (3.0.12 from 2020). This work has been happening in gnu-efi#62. Additionally, you have your own shim branch where you're working on integrating those gnu-efi changes back into shim. Does this sound about right? Assuming I haven't gotten anything horribly wrong, the effort seems to me like it's going in the right direction. I can't speak for the shim maintainers though. What I think would be really helpful is if you opened a separate PR for your changes. Maybe mark it as draft for now, since it can't really be considered for inclusion yet, but at least it'd provide a way for the maintainers to conveniently see all your work in one place and hopefully provide feedback. You could consider incorporating #712/#713 into it as well. Thank you in advance for considering this, and once again for your ongoing work on riscv64 support! |
@gmbr3 I can't competently review your code either, but I did try building it on x86, aarch64, and risc-v fedora VMs. It builds and boots on the first two, but the build fails on risc-v: and so on... |
|
Is there any progress? |
|
I was able to reproduce the build error that @marta-lewandowska reported above. Looking at the changes that are included in the https://github.com/gmbr3/shim/commits/gnu-efi/ branch a bit more closely (though I have to once again put out there the disclaimer that I know next to nothing about shim from a developer's perspective) I get the impression that @gmbr3 has been working pretty much exclusively on making shim build against the latest version of gnu-efi rather than porting it to the riscv64 architecture. That is an extremely valuable endeavor, as it would leave us much better positioned to move forward with the riscv64 port; however, assuming that I've understood the situation correctly, it's not surprising that the branch would fail to build on riscv64. The fact that it apparently builds and runs fine on x86_64 and aarch64 is certainly encouraging though! I've gone one step further and rebased the branch from this PR, which contains the initial riscv64 port by @xypron and further updates by @brianredbeard, on top of the gnu-efi update branch by @gmbr3. The result manages to get a lot further into the build process, but unfortunately still fails in the end: @gmbr3 once again assuming that my understanding of the current state is correct, can you please go ahead and create a separate PR specifically for the effort of updating gnu-efi in shim? @vathpela has indicated that this needs to happen before the maintainers will look at the proposed changes. Once that branch exists, perhaps @xypron can attempt to rebase his port of top of it? What exists in #420 and here appears to be tantalizingly close to just working, and I'm sure that if someone who actually knows what they're doing could take another stab at it we'd have a real chance at getting the port merged. I'm obviously always happy to build random branches and run any tests you might want me to. |
|
Coming back to this after a few busy months. For the recently released RHEL 10 on RISC-V Developer Preview, I ended up cobbling together a fairly rough package based on the Fedora one. It combines shim 15.8, upstream gnu-efi 4.0.0, the patches found in this PR, plus a few fixes from @jmontleon's riscv branch and some of my own. The dist-git tree has been published in the CentOS ISA SIG GitLab area, c10s-rv branch. I have also pushed an upstream-ish equivalent to my 15.8-riscv64 branch. That all works fine on riscv64, but it fails to build on x86_64: So that's obviously a big problem, in addition to being a complete hodgepodge of patches messily building on top of each other with no rhyme or reason and being based on a now outdated version of shim. In the meantime, gnu-efi#62 has been merged and is included in the gnu-efi 4.0.1 release. That's great news! I was able to take @gmbr3's gnu-efi branch, swap in the actual gnu-efi 4.0.1 release add the usual set of riscv64 patches. The result is available from my gmbr3-riscv64 branch and, unlike last time around, it builds successfully both on x86_64 and riscv64 thanks to picking up Jason's fixes, which I had missed during the previous attempt. But shim itself has moved forward. gnu-efi#69 identifies a number of additional commits that need to be upstreamed. As a hack, I have coarsely chopped off the shim features related to the bits missing from upstream gnu-efi to see whether I would be able to get closer to the current state of shim. The result is in my main-riscv64 and yeah, it's pretty awful :) but it builds on both x86_64 and riscv64, so at least there's that! It seems to me that we're really quite close to being able to switch to upstream gnu-efi and adding riscv64 support, it's mostly a matter of everyone coming together, picking up all the work that's already out there, organizing it and polishing it up so that it's suitable for merging. @vathpela what are your thoughts on the matter? Does the work I've collected in the various branches mentioned above look like it's going in the right direction, are you seeing obvious problems with it and so on? Thanks! |
|
@andreabolognani it looks like gnu-efi changes needed for shim 16 have been merged upstream, but there is no PR for updating gnu-efi in shim. |
|
@marta-lewandowska understood. I was hoping that @gmbr3 and @xypron would be spurred into action by my updates, but clearly that hasn't been the case so far. I also didn't want to split the conversation since we've collected so much good information here. I will attempt to put together a somewhat reasonable branch of my own, polish it up to some degree and open a PR based on it. I'm really not the best candidate to be doing that due to lack of expertise when it comes to developing both gnu-efi and shim, but if there's no other way forward I'm willing to at least take a stab. |
|
@vathpela @marta-lewandowska I have now created #777 (for switching to upstream gnu-efi) and #778 (for adding riscv64 support on top of that). Hopefully this will help move things forward :) |
Add what is needed to build on riscv64.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
This is an update which supersedes #420 which brings it in alignment with the current upstream and fixes a minor style nit around the definition of
__riscv.