diff --git a/Application/Bootstrap/Bootstrap.c b/Application/Bootstrap/Bootstrap.c
index 34bd84ba..89ddad70 100644
--- a/Application/Bootstrap/Bootstrap.c
+++ b/Application/Bootstrap/Bootstrap.c
@@ -94,7 +94,8 @@ LoadOpenCore (
STATIC
VOID
StartOpenCore (
- IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem
+ IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem,
+ IN EFI_HANDLE LoadHandle
)
{
EFI_STATUS Status;
@@ -112,7 +113,17 @@ StartOpenCore (
return;
}
- Bootstrap->ReRun (Bootstrap, FileSystem);
+ if (Bootstrap->Revision != OC_BOOTSTRAP_PROTOCOL_REVISION) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "BS: Unsupported bootstrap protocol %u vs %u\n",
+ Bootstrap->Revision,
+ OC_BOOTSTRAP_PROTOCOL_REVISION
+ ));
+ return;
+ }
+
+ Bootstrap->ReRun (Bootstrap, FileSystem, LoadHandle);
}
EFI_STATUS
@@ -168,7 +179,7 @@ UefiMain (
//
DEBUG ((DEBUG_INFO, "BS: Trying to start loaded OpenCore image...\n"));
- StartOpenCore (FileSystem);
+ StartOpenCore (FileSystem, LoadedImage->FilePath);
DEBUG ((DEBUG_INFO, "BS: Trying to load OpenCore image...\n"));
Status = LoadOpenCore (FileSystem, ImageHandle, &OcImageHandle);
@@ -177,7 +188,7 @@ UefiMain (
return EFI_NOT_FOUND;
}
- StartOpenCore (FileSystem);
+ StartOpenCore (FileSystem, LoadedImage->FilePath);
DEBUG ((DEBUG_ERROR, "BS: Failed to start OpenCore image...\n"));
return EFI_NOT_FOUND;
diff --git a/Docs/Configuration.pdf b/Docs/Configuration.pdf
index bc94d68e..f7d0fdea 100644
Binary files a/Docs/Configuration.pdf and b/Docs/Configuration.pdf differ
diff --git a/Docs/Configuration.tex b/Docs/Configuration.tex
index 0187c6d8..a0ce3cce 100644
--- a/Docs/Configuration.tex
+++ b/Docs/Configuration.tex
@@ -485,7 +485,7 @@ Add \texttt{.clang\_complete} file with similar content to your UDK root:
-Wno-missing-field-initializers
-Wno-tautological-compare
-Wno-sign-compare
--Wno-varargs
+-Wno-varargs
-Wno-unused-const-variable
\end{lstlisting}
@@ -1165,6 +1165,13 @@ behaviour that does not go to any other sections
\textbf{Description}: Apply debug configuration described in
\hyperref[miscdebugprops]{Debug Properties} section below.
+\item
+ \texttt{Security}\\
+ \textbf{Type}: \texttt{plist\ dict}\\
+ \textbf{Description}: Apply security configuration described in
+ \hyperref[miscsecurityprops]{Security Properties} section below.
+
+
\end{enumerate}
\subsection{Debug Properties}\label{miscdebugprops}
@@ -1179,37 +1186,72 @@ behaviour that does not go to any other sections
every printed line of visible logging output like console,
Data Hub, or serial port.
+\item
+ \texttt{DisplayLevel}\\
+ \textbf{Type}: \texttt{plist\ integer}, 64 bit\\
+ \textbf{Default value}: \texttt{0}\\
+ \textbf{Description}: EDK II debug level bitmask (sum) showed onscreen.
+ Unless \texttt{Target} enables console (onscreen) printing,
+ onscreen debug output will not be visible. The following levels
+ are supported (discover more in
+ \href{https://github.com/tianocore/edk2/blob/UDK2018/MdePkg/Include/Library/DebugLib.h}{DebugLib.h}):
+
+ \begin{itemize}
+ \tightlist
+ \item \texttt{0x00000002} --- \texttt{DEBUG\_WARN} in \texttt{DEBUG},
+ \texttt{NOOPT}, \texttt{RELEASE}.
+ \item \texttt{0x00000040} --- \texttt{DEBUG\_INFO} in \texttt{DEBUG},
+ \texttt{NOOPT}.
+ \item \texttt{0x00400000} --- \texttt{DEBUG\_VERBOSE} in custom builds.
+ \item \texttt{0x80000000} --- \texttt{DEBUG\_ERROR} in \texttt{DEBUG},
+ \texttt{NOOPT}, \texttt{RELEASE}.
+ \end{itemize}
+
+\item
+ \texttt{ExposeBootPath}\\
+ \textbf{Type}: \texttt{plist\ boolean}\\
+ \textbf{Default value}: \texttt{false}\\
+ \textbf{Description}: Expose printable booter path to OpenCore.efi or its booter
+ (depending on the load order) as an UEFI variable.
+
+ To obtain booter path use the following command in macOS:
+\begin{lstlisting}[label=nvrampath, style=ocbash]
+nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-path
+\end{lstlisting}
+
+
\item
\texttt{Target}\\
\textbf{Type}: \texttt{plist\ integer}\\
\textbf{Default value}: \texttt{0}\\
\textbf{Description}: A bitmask (sum) of enabled logging targets.
By default all the logging output is hidden, so this option is
- required to be set when debugging is necessary. The following
- logging targets are supported:
+ required to be set when debugging is necessary.
+
+ The following logging targets are supported:
\begin{itemize}
\tightlist
- \item \texttt{ 1} --- Enable logging, otherwise all log is discarded.
- \item \texttt{ 2} --- Enable basic console (onscreen) logging.
- \item \texttt{ 4} --- Enable logging to Data Hub.
- \item \texttt{ 8} --- Enable serial port logging.
- \item \texttt{16} --- Enable UEFI variable logging.
- \item \texttt{32} --- Enable non-volatile UEFI variable logging.
- \item \texttt{64} --- Enable logging to file.
+ \item \texttt{0x01} --- Enable logging, otherwise all log is discarded.
+ \item \texttt{0x02} --- Enable basic console (onscreen) logging.
+ \item \texttt{0x04} --- Enable logging to Data Hub.
+ \item \texttt{0x08} --- Enable serial port logging.
+ \item \texttt{0x10} --- Enable UEFI variable logging.
+ \item \texttt{0x20} --- Enable non-volatile UEFI variable logging.
+ \item \texttt{0x40} --- Enable logging to file.
\end{itemize}
- \emph{Note}: Console logging prints less than all the other variants.
+ Console logging prints less than all the other variants.
Depending on the build type (\texttt{RELEASE}, \texttt{DEBUG}, or
\texttt{NOOPT}) different amount of logging may be read (from least to most).
- \emph{Note}: To obtain Data Hub log use the following command
+ To obtain Data Hub log use the following command
in macOS:
\begin{lstlisting}[label=dhublog, style=ocbash]
ioreg -lw0 -p IODeviceTree | grep boot-log | sort | sed 's/.*<\(.*\)>.*/\1/' | xxd -r -p
\end{lstlisting}
- \emph{Note}: UEFI variable log may get truncated on some firmwares.
+ UEFI variable log may get truncated on some firmwares.
Using non-volatile flag will write the log to NVRAM flash after every
printed line. To obtain UEFI variable log use the following command
in macOS:
@@ -1222,6 +1264,18 @@ nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:boot-log | \
\end{enumerate}
+\subsection{Security Properties}\label{miscsecurityprops}
+
+\begin{enumerate}
+\item
+ \texttt{HaltLevel}\\
+ \textbf{Type}: \texttt{plist\ integer}, 64 bit\\
+ \textbf{Default value}: \texttt{0x80000000} (\texttt{DEBUG\_ERROR})\\
+ \textbf{Description}: EDK II debug level bitmask (sum) causing CPU to
+ halt (stop execution) after obtaining a message of \texttt{HaltLevel}.
+ Possible values match \texttt{DisplayLevel} values.
+\end{enumerate}
+
\section{NVRAM}\label{nvram}
\subsection{Introduction}\label{nvramintro}
diff --git a/Docs/Sample.plist b/Docs/Sample.plist
index 8cbd0e7e..0ed22304 100755
--- a/Docs/Sample.plist
+++ b/Docs/Sample.plist
@@ -435,9 +435,18 @@
Delay
0
+ DisplayLevel
+ 2147483650
+ ExposeBootPath
+
Target
7
+ Security
+
+ HaltLevel
+ 2147483648
+
NVRAM
@@ -534,7 +543,7 @@
BIOSVersion
142.0.0.0.0
BIOSReleaseDate
- 02/14/19
+ 02/14/2019
SystemManufacturer
SystemProductName
diff --git a/Include/OpenCore.h b/Include/OpenCore.h
index feef31aa..a51ed33a 100644
--- a/Include/OpenCore.h
+++ b/Include/OpenCore.h
@@ -31,6 +31,8 @@
#define OPEN_CORE_KEXT_PATH L"Kexts\\"
+#define OPEN_CORE_NVRAM_ATTR (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
+
/**
Load ACPI compatibility support like custom tables.
diff --git a/Include/Protocol/OcBootstrap.h b/Include/Protocol/OcBootstrap.h
index 7906e77b..04e36321 100644
--- a/Include/Protocol/OcBootstrap.h
+++ b/Include/Protocol/OcBootstrap.h
@@ -28,7 +28,7 @@
///
/// OC_BOOTSTRAP_PROTOCOL revision
///
-#define OC_BOOTSTRAP_PROTOCOL_REVISION 1
+#define OC_BOOTSTRAP_PROTOCOL_REVISION 2
///
/// Forward declaration of OC_BOOTSTRAP_PROTOCOL structure.
@@ -40,12 +40,14 @@ typedef struct OC_BOOTSTRAP_PROTOCOL_ OC_BOOTSTRAP_PROTOCOL;
@param[in] This This protocol.
@param[in] FileSystem File system to bootstrap in.
+ @param[in] LoadPath EFI device path to loaded image.
**/
typedef
VOID
(EFIAPI *OC_BOOTSTRAP_RERUN) (
IN OC_BOOTSTRAP_PROTOCOL *This,
- IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem
+ IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem,
+ IN EFI_DEVICE_PATH_PROTOCOL *LoadPath OPTIONAL
);
///
diff --git a/Platform/OpenCore/OpenCore.c b/Platform/OpenCore/OpenCore.c
index 2c16f763..f3ebf9a0 100644
--- a/Platform/OpenCore/OpenCore.c
+++ b/Platform/OpenCore/OpenCore.c
@@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include
#include
+#include
+
#include
#include
#include
@@ -28,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include
#include
#include
+#include
#include
#include
#include
@@ -142,14 +145,57 @@ OcStartImage (
STATIC
VOID
-OcMain (
- IN OC_STORAGE_CONTEXT *Storage
+OcStoreLoadPath (
+ IN EFI_DEVICE_PATH_PROTOCOL *LoadPath OPTIONAL
)
{
- EFI_STATUS Status;
- CHAR8 *Config;
- UINT32 ConfigSize;
- OC_CPU_INFO CpuInfo;
+ EFI_STATUS Status;
+ CHAR16 *DevicePath;
+ CHAR8 OutPath[256];
+
+ if (LoadPath != NULL) {
+ DevicePath = ConvertDevicePathToText (LoadPath, FALSE, FALSE);
+ if (DevicePath != NULL) {
+ AsciiSPrint (OutPath, sizeof (OutPath), "%s", DevicePath);
+ FreePool (DevicePath);
+ } else {
+ LoadPath = NULL;
+ }
+ }
+
+ if (LoadPath == NULL) {
+ AsciiSPrint (OutPath, sizeof (OutPath), "Unknown");
+ }
+
+ Status = gRT->SetVariable (
+ OC_LOG_VARIABLE_PATH,
+ &gOcLogVariableGuid,
+ OPEN_CORE_NVRAM_ATTR,
+ AsciiStrSize (OutPath),
+ OutPath
+ );
+
+ DEBUG ((
+ EFI_ERROR (Status) ? DEBUG_WARN : DEBUG_INFO,
+ "OC: Setting NVRAM %g:%a = %a - %r\n",
+ &gOcLogVariableGuid,
+ OC_LOG_VARIABLE_PATH,
+ OutPath,
+ Status
+ ));
+}
+
+STATIC
+VOID
+OcMain (
+ IN OC_STORAGE_CONTEXT *Storage,
+ IN EFI_DEVICE_PATH_PROTOCOL *LoadPath OPTIONAL
+ )
+{
+ EFI_STATUS Status;
+ CHAR8 *Config;
+ UINT32 ConfigSize;
+ OC_CPU_INFO CpuInfo;
Config = OcStorageReadFileUnicode (
Storage,
@@ -172,9 +218,15 @@ OcMain (
OcConfigureLogProtocol (
mOpenCoreConfiguration.Misc.Debug.Target,
- mOpenCoreConfiguration.Misc.Debug.Delay
+ mOpenCoreConfiguration.Misc.Debug.Delay,
+ (UINTN) mOpenCoreConfiguration.Misc.Debug.DisplayLevel,
+ (UINTN) mOpenCoreConfiguration.Misc.Security.HaltLevel
);
+ if (mOpenCoreConfiguration.Misc.Debug.ExposeBootPath) {
+ OcStoreLoadPath (LoadPath);
+ }
+
OcCpuScanProcessor (&CpuInfo);
OcLoadUefiSupport (Storage, &mOpenCoreConfiguration, &CpuInfo);
OcLoadPlatformSupport (&mOpenCoreConfiguration, &CpuInfo);
@@ -206,7 +258,8 @@ VOID
EFIAPI
OcBootstrapRerun (
IN OC_BOOTSTRAP_PROTOCOL *This,
- IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem
+ IN EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *FileSystem,
+ IN EFI_DEVICE_PATH_PROTOCOL *LoadPath OPTIONAL
)
{
EFI_STATUS Status;
@@ -229,7 +282,7 @@ OcBootstrapRerun (
return;
}
- OcMain (&mOpenCoreStorage);
+ OcMain (&mOpenCoreStorage, LoadPath);
OcStorageFree (&mOpenCoreStorage);
}
@@ -317,7 +370,7 @@ UefiMain (
// Return success in either case to let rerun work afterwards.
//
if (FileSystem != NULL) {
- mOpenCoreBootStrap.ReRun (&mOpenCoreBootStrap, FileSystem);
+ mOpenCoreBootStrap.ReRun (&mOpenCoreBootStrap, FileSystem, LoadedImage->FilePath);
DEBUG ((DEBUG_ERROR, "OC: Failed to boot\n"));
} else {
DEBUG ((DEBUG_ERROR, "OC: Failed to locate file system\n"));
diff --git a/Platform/OpenCore/OpenCore.inf b/Platform/OpenCore/OpenCore.inf
index 4c8f4dda..b2a3d2e1 100644
--- a/Platform/OpenCore/OpenCore.inf
+++ b/Platform/OpenCore/OpenCore.inf
@@ -51,6 +51,9 @@
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+[Guids]
+ gOcLogVariableGuid
+
[Protocols]
gEfiDevicePathProtocolGuid ## CONSUMES
gEfiDevicePathProtocolGuid ## CONSUMES
diff --git a/Platform/OpenCore/OpenCoreNvram.c b/Platform/OpenCore/OpenCoreNvram.c
index 424ab461..cda725b3 100644
--- a/Platform/OpenCore/OpenCoreNvram.c
+++ b/Platform/OpenCore/OpenCoreNvram.c
@@ -23,10 +23,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include
#include
-STATIC
-CONST UINT32
-mDefaultAttributes = EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS;
-
VOID
OcLoadNvramSupport (
IN OC_GLOBAL_CONFIG *Config
@@ -131,7 +127,7 @@ OcLoadNvramSupport (
Status = gRT->SetVariable (
UnicodeVariableName,
&VariableGuid,
- mDefaultAttributes,
+ OPEN_CORE_NVRAM_ATTR,
VariableSize,
VariableData
);