Added restricted boot in boot option

This patch added restricted boot flag support. When restricted boot flag is set, the OsLoader will only try the current boot option selected without falling through all other boot options. Also it will not allow to get into Shell. This is for the usage to run some critical applications such as bootloader Setup. Signed-off-by: Maurice Ma <maurice.ma@intel.com>
2020-09-01 08:10:01 -07:00 · 2020-09-01 08:10:01 -07:00 · 7779f127af
parent febbb749ff
commit 7779f127af
2 changed files with 24 additions and 13 deletions
--- a/BootloaderCommonPkg/Include/Guid/OsBootOptionGuid.h
+++ b/BootloaderCommonPkg/Include/Guid/OsBootOptionGuid.h
@ -1,7 +1,7 @@
 /** @file
  This file defines the hob structure for the OS boot configuration.

-  Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017 - 2020, Intel Corporation. All rights reserved.<BR>
  SPDX-License-Identifier: BSD-2-Clause-Patent

 **/
@ -167,7 +167,8 @@ typedef struct {
  UINT8          ResetReason;
  UINT8          BootOptionReset:1;
  UINT8          BootToShell:1;
-  UINT8          CurrentBoot:6;
+  UINT8          RestrictedBoot:1;
+  UINT8          CurrentBoot:5;
  UINT8          OsBootOptionCount;
  OS_BOOT_OPTION OsBootOption[0];
 } OS_BOOT_OPTION_LIST;
--- a/PayloadPkg/OsLoader/OsLoader.c
+++ b/PayloadPkg/OsLoader/OsLoader.c
@ -1219,11 +1219,15 @@ PayloadMain (
      BootShell    = TRUE;
    }
  } else {
-    if (OsBootOptionList->BootToShell != 0) {
-      BootShell    = TRUE;
-    } else if (DebugCodeEnabled ()) {
-      ShellTimeout = (UINTN)PcdGet16 (PcdPlatformBootTimeOut);
-      BootShell    = TRUE;
+    if (OsBootOptionList->RestrictedBoot != 0) {
+      BootShell    = FALSE;
+    } else {
+      if (OsBootOptionList->BootToShell != 0) {
+        BootShell    = TRUE;
+      } else if (DebugCodeEnabled ()) {
+        ShellTimeout = (UINTN)PcdGet16 (PcdPlatformBootTimeOut);
+        BootShell    = TRUE;
+      }
    }
  }

@ -1266,15 +1270,21 @@ PayloadMain (
        MediaInitialize (0, DevDeinit);
      }

-      // Move to next boot option
-      CurrIdx = GetNextBootOption (OsBootOptionList, CurrIdx);
-      if (CurrIdx >= OsBootOptionList->OsBootOptionCount) {
-        CurrIdx = 0;
+      if (OsBootOptionList->RestrictedBoot != 0) {
+        // Restricted boot should not try other boot option
+        break;
+      } else {
+        // Move to next boot option
+        CurrIdx = GetNextBootOption (OsBootOptionList, CurrIdx);
+        if (CurrIdx >= OsBootOptionList->OsBootOptionCount) {
+          CurrIdx = 0;
+        }
+        BootIdx++;
      }
-      BootIdx++;
    }

-    if (DebugCodeEnabled ()) {
+    if (DebugCodeEnabled () && (OsBootOptionList->RestrictedBoot == 0)) {
+      // Restricted boot should not fall back to shell
      RunShell (0);
    } else {
      break;