altareos/barnacle
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Compare commits

base: altareos:7655b589d679bcad0831bc2a465673553faa7f46
Branches Tags
altareos:master
..
compare: altareos:master
Branches Tags
altareos:master

4 Commits
7655b589d6 ... master

Author SHA1 Message Date
Altareos
bac60befd9 actions
All checks were successful
Build and Push to Gitea / build (push) Successful in 1m0s
Details
2025-07-13 23:28:38 +02:00
Altareos
73c6966fe3 rust edition 2024 2025-07-02 00:53:55 +02:00
Altareos
f6ebf675bc uefi update 2025-07-02 00:51:00 +02:00
Altareos
a59b723f4b major cleanup 2025-07-02 00:27:56 +02:00
10 changed files with 170 additions and 217 deletions
Expand all files Collapse all files

33
.gitea/workflows/build-push.yml Normal file
View File

@ -0,0 +1,33 @@
name: Build and Push to Gitea
on:
push:
branches: [ main, master ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: x86_64-unknown-uefi
override: true
- name: Build release
uses: actions-rs/cargo@v1
with:
command: build
args: --release --target x86_64-unknown-uefi
- name: Push to generic package repository
run: |
curl --user altareos:${{ secrets.PACKAGE_TOKEN }} \
--upload-file target/x86_64-unknown-uefi/release/barnacle.efi \
"https://git.altareos.fr/api/packages/altareos/generic/barnacle/$(cargo pkgid|sed 's@^.*#@@')/barnacle.efi"

90
Cargo.lock generated
View File

@ -1,14 +1,12 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
version = 4
[[package]]
name = "barnacle"
version = "0.2.0"
version = "1.0.1"
dependencies = [
"log",
"uefi",
"uefi-services",
]
[[package]]
@ -19,76 +17,65 @@ checksum = "dc827186963e592360843fb5ba4b973e145841266c1357f7180c43526f2e5b61"
[[package]]
name = "bitflags"
version = "2.4.1"
version = "2.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"
[[package]]
name = "cfg-if"
version = "1.0.0"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"
[[package]]
name = "log"
version = "0.4.20"
version = "0.4.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
[[package]]
name = "proc-macro2"
version = "1.0.69"
version = "1.0.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da"
checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
dependencies = [
"unicode-ident",
]
[[package]]
name = "ptr_meta"
version = "0.2.0"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcada80daa06c42ed5f48c9a043865edea5dc44cbf9ac009fda3b89526e28607"
checksum = "fe9e76f66d3f9606f44e45598d155cb13ecf09f4a28199e48daf8c8fc937ea90"
dependencies = [
"ptr_meta_derive",
]
[[package]]
name = "ptr_meta_derive"
version = "0.2.0"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bca9224df2e20e7c5548aeb5f110a0f3b77ef05f8585139b7148b59056168ed2"
checksum = "ca414edb151b4c8d125c12566ab0d74dc9cdba36fb80eb7b848c15f495fd32d1"
dependencies = [
"proc-macro2",
"quote",
"syn 1.0.109",
"syn",
]
[[package]]
name = "quote"
version = "1.0.33"
version = "1.0.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
dependencies = [
"proc-macro2",
]
[[package]]
name = "syn"
version = "1.0.109"
version = "2.0.104"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "syn"
version = "2.0.39"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40"
dependencies = [
"proc-macro2",
"quote",
@ -97,20 +84,21 @@ dependencies = [
[[package]]
name = "ucs2"
version = "0.3.2"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bad643914094137d475641b6bab89462505316ec2ce70907ad20102d28a79ab8"
checksum = "df79298e11f316400c57ec268f3c2c29ac3c4d4777687955cd3d4f3a35ce7eba"
dependencies = [
"bit_field",
]
[[package]]
name = "uefi"
version = "0.26.0"
version = "0.35.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07ead9f748a4646479b850add36b527113a80e80a7e0f44d7b0334291850dcc5"
checksum = "da7569ceafb898907ff764629bac90ac24ba4203c38c33ef79ee88c74aa35b11"
dependencies = [
"bitflags",
"cfg-if",
"log",
"ptr_meta",
"ucs2",
@ -121,45 +109,33 @@ dependencies = [
[[package]]
name = "uefi-macros"
version = "0.13.0"
version = "0.18.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26a7b1c2c808c3db854a54d5215e3f7e7aaf5dcfbce095598cba6af29895695d"
checksum = "b3dad47b3af8f99116c0f6d4d669c439487d9aaf1c8d9480d686cda6f3a8aa23"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.39",
"syn",
]
[[package]]
name = "uefi-raw"
version = "0.5.0"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "864ac69eadd877bfb34e7814be1928122ed0057d9f975169a56ee496aa7bdfd7"
checksum = "7cad96b8baaf1615d3fdd0f03d04a0b487d857c1b51b19dcbfe05e2e3c447b78"
dependencies = [
"bitflags",
"ptr_meta",
"uguid",
]
[[package]]
name = "uefi-services"
version = "0.23.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a79fcb420624743c895bad0f9480fbc2f64e7c8d8611fb1ada6bdd799942feb4"
dependencies = [
"cfg-if",
"log",
"uefi",
]
[[package]]
name = "uguid"
version = "2.1.0"
version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ef516f0806c5f61da6aa95125d0eb2d91cc95b2df426c06bde8be657282aee5"
checksum = "ab14ea9660d240e7865ce9d54ecdbd1cd9fa5802ae6f4512f093c7907e921533"
[[package]]
name = "unicode-ident"
version = "1.0.12"
version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"

17
Cargo.toml
View File

@ -1,20 +1,9 @@
[package]
name = "barnacle"
version = "0.2.0"
edition = "2021"
[[bin]]
name = "barnacle"
test = false
bench = false
[lib]
test = false
bench = false
version = "1.0.1"
edition = "2024"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
log = "0.4.20"
uefi = "0.26.0"
uefi-services = "0.23.0"
uefi = "0.35.0"

27
src/initrd.rs
View File

@ -1,9 +1,8 @@
use core::{ffi::c_void, mem::MaybeUninit};
use uefi::{
prelude::BootServices,
proto::device_path::{build, DevicePath},
Guid, Identify, Status,
Guid, Identify, Status, boot,
proto::device_path::{DevicePath, build},
};
const LOADFILE2_GUID: Guid = Guid::parse_or_panic("4006c0c1-fcb3-403e-996d-4a6c8724e06d");
@ -20,31 +19,25 @@ pub struct Loader {
pub fn make_loader(pointer: *const c_void, size: usize) -> Loader {
Loader {
_handler: initrd_loadfile2 as *const c_void,
buf: pointer as *const c_void,
size: size as usize,
buf: pointer,
size,
}
}
/// Installs the initrd virtual device
/// Uses a buffer to build the device path
/// Creates a callback to initrd_loadfile2 for the kernel
pub fn install_initrd(
boot_services: &BootServices,
buf: &mut [MaybeUninit<u8>; 256],
mut loader: Loader,
) {
pub fn install_initrd(buf: &mut [MaybeUninit<u8>; 256], mut loader: Loader) {
unsafe {
// Define new virtual device
let initrd_handle = boot_services
.install_protocol_interface(
let initrd_handle = boot::install_protocol_interface(
None,
&DevicePath::GUID,
make_initrd_device_path(buf).as_ffi_ptr() as *mut c_void,
)
.unwrap();
// Install LoadFile2 protocol and callback
boot_services
.install_protocol_interface(
boot::install_protocol_interface(
Some(initrd_handle),
&LOADFILE2_GUID,
core::ptr::addr_of_mut!(loader) as *mut c_void,
@ -54,8 +47,8 @@ pub fn install_initrd(
}
/// Creates a device path for a virtual device with the Linux initrd vendor GUID
pub fn make_initrd_device_path<'a>(buf: &'a mut [MaybeUninit<u8>; 256]) -> &'a DevicePath {
&build::DevicePathBuilder::with_buf(buf)
pub fn make_initrd_device_path(buf: &mut [MaybeUninit<u8>; 256]) -> &DevicePath {
build::DevicePathBuilder::with_buf(buf)
.push(&build::media::Vendor {
vendor_guid: LINUX_INITRD_DEVICE_GUID,
vendor_defined_data: &[],
@ -77,7 +70,7 @@ fn initrd_loadfile2(
) -> Status {
unsafe {
// Invalid buffer or insufficient size
if (*this).size > *size || buf == core::ptr::null_mut() {
if (*this).size > *size || buf.is_null() {
// Update size parameter to specify expected space
*size = (*this).size;
return Status::BUFFER_TOO_SMALL;

19
src/lib.rs
View File

@ -2,8 +2,7 @@
use linux::start_linux;
use pe::get_loader_sections;
use uefi::table::{Boot, SystemTable};
use uefi::{Handle, Status};
use uefi::{Handle, Status, boot};
mod initrd;
mod linux;
@ -11,12 +10,16 @@ mod pe;
mod secureboot;
mod unicode;
pub fn bootloader(image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
uefi_services::init(&mut system_table).unwrap();
let boot_services = system_table.boot_services();
let sections = get_loader_sections(boot_services).unwrap();
start_linux(image_handle, boot_services, sections).unwrap();
#[cfg(not(test))]
#[panic_handler]
pub fn panic(_: &core::panic::PanicInfo) -> ! {
loop {}
}
boot_services.stall(1_000_000_000);
pub fn bootloader(image_handle: Handle) -> Status {
let sections = get_loader_sections(image_handle).unwrap();
start_linux(image_handle, sections).unwrap();
boot::stall(1_000_000_000);
Status::SUCCESS
}

43
src/linux.rs
View File

@ -1,9 +1,6 @@
use core::{ffi::c_void, mem::MaybeUninit, ptr::slice_from_raw_parts};
use uefi::{
prelude::BootServices, proto::loaded_image::LoadedImage, table::boot::LoadImageSource, Handle,
Result,
};
use uefi::{Handle, Result, boot, proto::loaded_image::LoadedImage};
use crate::{
initrd::{install_initrd, make_loader},
@ -15,40 +12,30 @@ use crate::{
/// Sets up linux image and initrd virtual device
/// Reads cmdline
/// Runs kernel
pub fn start_linux(
image_handle: Handle,
boot_services: &BootServices,
sections: BootSections,
) -> Result {
pub fn start_linux(image_handle: Handle, sections: BootSections) -> Result {
// Load kernel as image from memory ignoring secure boot
// Image is already trusted (signed) by being part of this EFI program
let handle = unsafe {
run_in_security_override(boot_services, || {
boot_services
.load_image(
let handle = run_in_security_override(|| {
boot::load_image(
image_handle,
LoadImageSource::FromBuffer {
buffer: &*slice_from_raw_parts::<u8>(
boot::LoadImageSource::FromBuffer {
buffer: unsafe {
&*slice_from_raw_parts::<u8>(
sections.linux.pointer,
sections.linux.size as usize,
),
)
},
file_path: None,
},
)
.unwrap()
})
};
})?;
let mut linux_image = boot_services
.open_protocol_exclusive::<LoadedImage>(handle)
.unwrap();
let mut linux_image = boot::open_protocol_exclusive::<LoadedImage>(handle).unwrap();
// Set cmdline for kernel image (expected as utf16)
let (cmdline_utf16, cmdline_utf16_size) = convert_8_to_16(
boot_services,
sections.cmdline.pointer,
sections.cmdline.size as usize,
);
let (cmdline_utf16, cmdline_utf16_size) =
convert_8_to_16(sections.cmdline.pointer, sections.cmdline.size as usize);
unsafe { linux_image.set_load_options(cmdline_utf16, cmdline_utf16_size as u32) };
// Define loader for virtual initrd device
@ -61,10 +48,10 @@ pub fn start_linux(
// Install virtual initrd device
// Buffer is used to build the device path, also needs to exist here for lifespan reasons
let mut buf = [MaybeUninit::<u8>::uninit(); 256];
install_initrd(boot_services, &mut buf, loader);
install_initrd(&mut buf, loader);
// Run kernel image
boot_services.start_image(handle).unwrap();
boot::start_image(handle).unwrap();
Ok(())
}

9
src/main.rs
View File

@ -3,11 +3,12 @@
use barnacle::bootloader;
use uefi::Status;
use uefi::boot;
use uefi::prelude::entry;
use uefi::table::{Boot, SystemTable};
use uefi::{Handle, Status};
#[entry]
fn main(image_handle: Handle, system_table: SystemTable<Boot>) -> Status {
bootloader(image_handle, system_table)
fn main() -> Status {
let image_handle = boot::image_handle();
bootloader(image_handle)
}

29
src/pe.rs
View File

@ -1,10 +1,9 @@
use uefi::prelude::BootServices;
use uefi::proto::loaded_image::LoadedImage;
use uefi::{Error, Result, Status};
use uefi::{Error, Handle, Result, Status, boot};
const LINUX_SNAME: [u8; 8] = [0x2e, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0, 0];
const CMDLINE_SNAME: [u8; 8] = [0x2e, 0x63, 0x6d, 0x64, 0x6c, 0x69, 0x6e, 0x65];
const INITRD_SNAME: [u8; 8] = [0x2e, 0x69, 0x6e, 0x69, 0x74, 0x72, 0x64, 0];
const LINUX_SNAME: [u8; 8] = *b".linux\0\0";
const CMDLINE_SNAME: [u8; 8] = *b".cmdline";
const INITRD_SNAME: [u8; 8] = *b".initrd\0";
pub struct PESection {
pub name: [u8; 8],
@ -25,10 +24,9 @@ pub struct BootSections {
}
/// Extracts .linux, .initrd, and .cmdline sections from UKI
pub fn get_loader_sections(boot_services: &BootServices) -> Result<BootSections> {
pub fn get_loader_sections(image_handle: Handle) -> Result<BootSections> {
// Obtain current image (UKI) memory location (and size)
let loaded_image =
boot_services.open_protocol_exclusive::<LoadedImage>(boot_services.image_handle())?;
let loaded_image = boot::open_protocol_exclusive::<LoadedImage>(image_handle)?;
let (image_ptr, _image_size) = loaded_image.info();
let mut tmp_sections = TempSections {
@ -52,8 +50,8 @@ pub fn get_loader_sections(boot_services: &BootServices) -> Result<BootSections>
// Section name at 0 bytes offset, 8 bytes long
let mut name = [0; 8];
for j in 0..8 {
name[j] = *section_row_ptr.add(j);
for (j, char) in name.iter_mut().enumerate() {
*char = *section_row_ptr.add(j);
}
// Section VMA at 12 bytes offset, 4 bytes long
@ -68,12 +66,11 @@ pub fn get_loader_sections(boot_services: &BootServices) -> Result<BootSections>
};
// Section identification
if section.name == LINUX_SNAME {
tmp_sections.linux = Some(section);
} else if section.name == CMDLINE_SNAME {
tmp_sections.cmdline = Some(section);
} else if section.name == INITRD_SNAME {
tmp_sections.initrd = Some(section);
match section.name {
LINUX_SNAME => tmp_sections.linux = Some(section),
CMDLINE_SNAME => tmp_sections.cmdline = Some(section),
INITRD_SNAME => tmp_sections.initrd = Some(section),
_ => {}
}
}

52
src/secureboot.rs
View File

@ -1,7 +1,6 @@
use core::ffi::c_void;
use log::info;
use uefi::{prelude::BootServices, proto::unsafe_protocol};
use uefi::{Result, boot, proto::unsafe_protocol};
#[unsafe_protocol("A46423E3-4617-49F1-B9FF-D1BFA9115839")]
struct SecurityArch {
@ -22,60 +21,39 @@ fn security_handler() -> bool {
/// Runs a function with a blind secure boot validator
/// Plagiarized from systemd-stub's "hack"
/// There must be a better way
pub fn run_in_security_override<R, T: Fn() -> R>(boot_services: &BootServices, function: T) -> R {
// Backup storage
pub fn run_in_security_override<R, T: Fn() -> R>(function: T) -> Result<R> {
// Temporary storage for restoration later
let mut df_security1 = None;
let mut df_security1_handler = None;
let mut df_security2 = None;
let mut df_security2_handler = None;
// Obtain SecurityArch protocol and replace handler
boot_services
.get_handle_for_protocol::<SecurityArch>()
.and_then(|h| {
boot_services
.open_protocol_exclusive::<SecurityArch>(h)
.and_then(|mut security| {
boot::get_handle_for_protocol::<SecurityArch>().map(|h| {
boot::open_protocol_exclusive::<SecurityArch>(h).map(|mut security| {
df_security1 = Some(core::ptr::addr_of_mut!(security.handler));
df_security1_handler = Some(security.handler);
security.handler = security_handler as *const c_void;
Ok(())
})
.unwrap_or_else(|_| {
info!("security1 unsupported");
});
Ok(())
})
.unwrap_or_else(|_| {
info!("security1 not found");
});
})??;
// Obtain Security2Arch protocol and replace handler
boot_services
.get_handle_for_protocol::<Security2Arch>()
.and_then(|h| {
boot_services
.open_protocol_exclusive::<Security2Arch>(h)
.and_then(|mut security| {
boot::get_handle_for_protocol::<Security2Arch>().map(|h| {
boot::open_protocol_exclusive::<Security2Arch>(h).map(|mut security| {
df_security2 = Some(core::ptr::addr_of_mut!(security.handler));
df_security2_handler = Some(security.handler);
security.handler = security_handler as *const c_void;
Ok(())
})
.unwrap_or_else(|_| {
info!("security2 unsupported");
});
Ok(())
})
.unwrap_or_else(|_| {
info!("security2 not found");
});
})??;
// Run the parameter function
let x = function();
// Restore default SecurityArch handler
df_security1.and_then(|s1| df_security1_handler.and_then(|s1h| Some(unsafe { *s1 = s1h })));
df_security1.and_then(|s1| df_security1_handler.map(|s1h| unsafe { *s1 = s1h }));
// Restore default SecurityArch2 handler
df_security2.and_then(|s2| df_security2_handler.and_then(|s2h| Some(unsafe { *s2 = s2h })));
df_security2.and_then(|s2| df_security2_handler.map(|s2h| unsafe { *s2 = s2h }));
x
Ok(x)
}

14
src/unicode.rs
View File

@ -1,14 +1,10 @@
use uefi::{prelude::BootServices, table::boot::MemoryType};
use uefi::boot;
/// Converts ascii to basic utf-16
pub fn convert_8_to_16(
boot_services: &BootServices,
text: *const u8,
size: usize,
) -> (*const u8, usize) {
let work_mem = boot_services
.allocate_pool(MemoryType::BOOT_SERVICES_DATA, size * 2)
.unwrap() as *mut u16;
pub fn convert_8_to_16(text: *const u8, size: usize) -> (*const u8, usize) {
let work_mem = boot::allocate_pool(boot::MemoryType::BOOT_SERVICES_DATA, size * 2)
.unwrap()
.as_ptr() as *mut u16;
for i in 0..size {
unsafe {
*work_mem.add(i) = *text.add(i) as u16;