efi: add some documentation and increase test coverage

efi/grub_test.go

@@ -53,6 +53,18 @@ func (s *grubSuite) TestGrubImageHandlePrefix2(c *C) {
 	c.Check(prefix, Equals, "/EFI/debian")
 }
 
+func (s *grubSuite) TestGrubImageHandlePrefix3(c *C) {
+	image, err := OpenPeImage(NewFileImage("testdata/386/mockgrub.efi"))
+	c.Assert(err, IsNil)
+	defer image.Close()
+
+	grubImage := NewGrubImageHandle(image)
+
+	prefix, err := grubImage.Prefix()
+	c.Check(err, IsNil)
+	c.Check(prefix, Equals, "/EFI/ubuntu")
+}
+
 func (s *grubSuite) TestGrubImageHandlePrefixNone(c *C) {
 	image, err := OpenPeImage(NewFileImage("testdata/amd64/mockgrub_no_prefix.efi"))
 	c.Assert(err, IsNil)

efi/pe.go

@@ -51,6 +51,7 @@ type peImageHandle interface {
 	// Source returns the image source
 	Source() Image
 
+	// Machine is the target machine
 	Machine() uint16
 
 	// OpenSection returns a new io.SectionReader for the section with

efi/shim_test.go

@@ -320,7 +320,7 @@ func (s *shimSuite) TestShimImageHandleReadVendorDBEmpty(c *C) {
 
 func (s *shimSuite) TestShimImageHandleReadVendorDBNoVendorCert(c *C) {
 	err := s.testShimImageHandleReadVendorDB(c, &testShimImageHandleReadVendorDBData{
-		path: "testdata/amd64/mockgrub1.efi.signed.shim.1"})
+		path: "testdata/amd64/mockgrub.efi"})
 	c.Check(err, ErrorMatches, "no .vendor_cert section")
 }
 

efi/testdata/buildenv.yaml

@@ -1,7 +1,7 @@
 go-arch: amd64
 go-version: go1.18.10
 kernel-version: |
-  Linux version 6.2.0-37-generic (buildd@bos03-amd64-010) (x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~23.04) 12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.40) #38-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 30 21:04:52 UTC 2023
+  Linux version 6.2.0-39-generic (buildd@bos03-amd64-014) (x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~23.04) 12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.40) #40-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 14 14:18:00 UTC 2023
 os-release:
   BUG_REPORT_URL: '"https://bugs.launchpad.net/ubuntu/"'
   HOME_URL: '"https://www.ubuntu.com/"'
@@ -51,8 +51,8 @@ packages:
   libbinutils: 2.40-2ubuntu4.1
   libblkid1: 2.38.1-4ubuntu12.38.1-4ubuntu1
   libbz2-1.0: 1.0.8-5build1
-  libc-bin: 2.37-0ubuntu2.1
-  libc6: 2.37-0ubuntu2.12.37-0ubuntu2.1
+  libc-bin: 2.37-0ubuntu2.2
+  libc6: 2.37-0ubuntu2.22.37-0ubuntu2.2
   libcap-ng0: 0.8.3-1build2
   libcap2: 1:2.66-3ubuntu2.11:2.66-3ubuntu2.1
   libcc1-0: 13.1.0-2ubuntu2~23.04
@@ -88,11 +88,11 @@ packages:
   libsmartcols1: 2.38.1-4ubuntu1
   libssl3: 3.0.8-1ubuntu1.43.0.8-1ubuntu1.4
   libstdc++6: 13.1.0-2ubuntu2~23.0413.1.0-2ubuntu2~23.04
-  libsystemd0: 252.5-2ubuntu3.1252.5-2ubuntu3.1
+  libsystemd0: 252.5-2ubuntu3.2252.5-2ubuntu3.2
   libtinfo6: 6.4-2ubuntu0.16.4-2ubuntu0.1
   libtsan2: 13.1.0-2ubuntu2~23.04
   libubsan1: 13.1.0-2ubuntu2~23.04
-  libudev1: 252.5-2ubuntu3.1252.5-2ubuntu3.1
+  libudev1: 252.5-2ubuntu3.2252.5-2ubuntu3.2
   libuuid1: 2.38.1-4ubuntu12.38.1-4ubuntu1
   libzstd1: 1.5.4+dfsg2-41.5.4+dfsg2-4
   login: 1:4.13+dfsg1-1ubuntu1
@@ -103,7 +103,7 @@ packages:
   sbsigntool: 0.9.4-3.1ubuntu2
   sed: 4.9-1
   sysvinit-utils: 3.06-2ubuntu1
-  tar: 1.34+dfsg-1.2ubuntu0.1
+  tar: 1.34+dfsg-1.2ubuntu0.2
   usrmerge: 33ubuntu1
   util-linux: 2.38.1-4ubuntu1
   util-linux-extra: 2.38.1-4ubuntu1

efi/testdata/src/grub/Makefile

@@ -35,4 +35,4 @@ $(NAME).so: $(OBJS)
 	$(LD) $(LDFLAGS) $(OBJS) -o $@
 
 %.efi: %.so
-	$(OBJCOPY) -j .text -j .data -j .reloc -j .sbat -jmods --target=efi-app-$(ARCH) $^ $@
+	$(OBJCOPY) -j .text -j .data -j .reloc -j .sbat -j mods --target=efi-app-$(ARCH) $^ $@

efi/testdata/src/grub/elf_ia32_efi.lds

@@ -0,0 +1,86 @@
+OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
+OUTPUT_ARCH(i386)
+ENTRY(_start)
+SECTIONS
+{
+  . = 0;
+  ImageBase = .;
+  /* .hash and/or .gnu.hash MUST come first! */
+  .hash : { *(.hash) }
+  .gnu.hash : { *(.gnu.hash) }
+  . = ALIGN(4096);
+  .text :
+  {
+   _text = .;
+   *(.text)
+   *(.text.*)
+   *(.gnu.linkonce.t.*)
+   . = ALIGN(16);
+  }
+  _etext = .;
+  _text_size = . - _text;
+  . = ALIGN(4096);
+  .sdata :
+  {
+   _data = .;
+   *(.got.plt)
+   *(.got)
+   *(.srodata)
+   *(.sdata)
+   *(.sbss)
+   *(.scommon)
+  }
+  . = ALIGN(4096);
+  .data :
+  {
+   *(.rodata*)
+   *(.data)
+   *(.data1)
+   *(.data.*)
+   *(.sdata)
+   *(.got.plt)
+   *(.got)
+   /* the EFI loader doesn't seem to like a .bss section, so we stick
+      it all into .data: */
+   *(.sbss)
+   *(.scommon)
+   *(.dynbss)
+   *(.bss)
+   *(COMMON)
+  }
+  .note.gnu.build-id : { *(.note.gnu.build-id) }
+
+  . = ALIGN(4096);
+  .dynamic  : { *(.dynamic) }
+  . = ALIGN(4096);
+  .rel :
+  {
+    *(.rel.data)
+    *(.rel.data.*)
+    *(.rel.got)
+    *(.rel.stab)
+    *(.data.rel.ro.local)
+    *(.data.rel.local)
+    *(.data.rel.ro)
+    *(.data.rel*)
+  }
+  _edata = .;
+  _data_size = . - _etext;
+  . = ALIGN(4096);
+  .reloc :		/* This is the PECOFF .reloc section! */
+  {
+    *(.reloc)
+  }
+  . = ALIGN(4096);
+  .dynsym   : { *(.dynsym) }
+  . = ALIGN(4096);
+  .dynstr   : { *(.dynstr) }
+  . = ALIGN(4096);
+  /DISCARD/ :
+  {
+    *(.rel.reloc)
+    *(.eh_frame)
+    *(.note.GNU-stack)
+  }
+  .comment 0 : { *(.comment) }
+}

efi/testdata/src/grub/main_ia32.S

@@ -0,0 +1,13 @@
+/*
+    A simple EFI application that just returns 0 with no dependencies
+    other than the assembler and linker.
+*/
+
+	.text
+	.align 4
+
+	.globl _start
+_start:
+    mov $0, %eax
+.exit:	
+  	ret

efi/testdata/src/grub/mods.S

@@ -1,10 +1,22 @@
+#define GRUB_MODULE_MAGIC 0x676d696d
+
 	.section mods, "a", %progbits
+#if defined(__x86_64__)
 	.balignl 8, 0
 .Lgrub_module_info:
-	.4byte 0x676d696d
+	.4byte GRUB_MODULE_MAGIC
 	.balignl 8, 0
 	.8byte .Lgrub_modules_start - .Lgrub_module_info
 	.8byte .Lgrub_modules_end - .Lgrub_module_info
+#elif defined(__i386__)
+	.balignl 4, 0
+.Lgrub_module_info:
+	.4byte GRUB_MODULE_MAGIC
+	.4byte .Lgrub_modules_start - .Lgrub_module_info
+	.4byte .Lgrub_modules_end - .Lgrub_module_info
+#else
+# error "unrecognized target"
+#endif
 .Lgrub_modules_start:
 #ifdef GRUB_PREFIX
 .Lgrub_prefix_start:

tools/make-efi-testdata/apps.go

@@ -30,7 +30,21 @@ type mockAppData struct {
 	filename  string
 }
 
-func newMockAppData(srcDir, vendorCertDir string, certs map[string][]byte) []mockAppData {
+func newMockAppData386(srcDir, vendorCertDir string, certs map[string][]byte) []mockAppData {
+	return []mockAppData{
+		{
+			path: filepath.Join(srcDir, "grub"),
+			name: "mockgrub",
+			makeExtraArgs: []string{
+				"GRUB_PREFIX=/EFI/ubuntu",
+				"WITH_SBAT=1",
+			},
+			filename: "mockgrub.efi",
+		},
+	}
+}
+
+func newMockAppDataAMD64(srcDir, vendorCertDir string, certs map[string][]byte) []mockAppData {
 	return []mockAppData{
 		{
 			path: filepath.Join(srcDir, "shim"),
@@ -154,7 +168,17 @@ func makeOneMockApp(tmpDir, dstDir string, data *mockAppData, arch string) error
 	args = append(args, data.makeExtraArgs...)
 
 	if runtime.GOARCH != arch {
-		args = append(args, "CROSS_COMPILE="+crossToolchains[arch])
+		if runtime.GOARCH == "amd64" && arch == "386" {
+			args = append(args, "ASFLAGS=-m32")
+			args = append(args, "CFLAGS=-m32")
+			args = append(args, "ARCH=ia32")
+		} else {
+			cross, exists := crossToolchains[arch]
+			if !exists {
+				return fmt.Errorf("unsupported architecture %q", arch)
+			}
+			args = append(args, "CROSS_COMPILE="+cross)
+		}
 	}
 	args = append(args, "-f", filepath.Join(data.path, "Makefile"), efiName)
 
@@ -246,11 +270,16 @@ func makeMockApps(srcDir, dstDir string) error {
 		return xerrors.Errorf("cannot write certificates to tmpdir: %w", err)
 	}
 
-	for _, data := range newMockAppData(srcDir, tmpDir, certs) {
+	for _, data := range newMockAppDataAMD64(srcDir, tmpDir, certs) {
 		if err := makeOneMockApp(tmpDir, dstDir, &data, "amd64"); err != nil {
 			return xerrors.Errorf("cannot create %s: %w", data.name, err)
 		}
 	}
+	for _, data := range newMockAppData386(srcDir, tmpDir, certs) {
+		if err := makeOneMockApp(tmpDir, dstDir, &data, "386"); err != nil {
+			return xerrors.Errorf("cannot create %s: %w", data.name, err)
+		}
+	}
 
 	return nil
 }