From 40c2db9d6734b2fd7a56b489c2e072a89ffa270d Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 28 Jan 2026 13:31:07 +0000 Subject: [PATCH] [build] Mark direct kernel loading as forbidden for UEFI Secure Boot Our long-standing policy for EFI platforms is that we support invoking binary executables only via the LoadImage() and StartImage() boot services calls, so that all security policy decisions are delegated to the platform firmware. Most binary executable formats that we support are BIOS-only and cannot in any case be linked in to an EFI executable. The only cross-platform format is the generic Linux kernel image format as used for RISC-V (and potentially also for AArch64). Mark all files associated with direct loading of a kernel binary as explicitly forbidden for UEFI Secure Boot. Signed-off-by: Michael Brown --- src/arch/arm64/include/bits/lkrn.h | 1 + src/arch/riscv/include/bits/lkrn.h | 1 + src/image/lkrn.c | 1 + src/include/bits/lkrn.h | 1 + src/include/ipxe/lkrn.h | 1 + 5 files changed, 5 insertions(+) diff --git a/src/arch/arm64/include/bits/lkrn.h b/src/arch/arm64/include/bits/lkrn.h index 943464e9b..bcc6d1eed 100644 --- a/src/arch/arm64/include/bits/lkrn.h +++ b/src/arch/arm64/include/bits/lkrn.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( FORBIDDEN ); /** Header magic value */ #define LKRN_MAGIC_ARCH LKRN_MAGIC_AARCH64 diff --git a/src/arch/riscv/include/bits/lkrn.h b/src/arch/riscv/include/bits/lkrn.h index d26108647..18d3bf956 100644 --- a/src/arch/riscv/include/bits/lkrn.h +++ b/src/arch/riscv/include/bits/lkrn.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( FORBIDDEN ); #include diff --git a/src/image/lkrn.c b/src/image/lkrn.c index a2044cb82..206bb57e5 100644 --- a/src/image/lkrn.c +++ b/src/image/lkrn.c @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( FORBIDDEN ); #include #include diff --git a/src/include/bits/lkrn.h b/src/include/bits/lkrn.h index 58aee73a2..609ee2c82 100644 --- a/src/include/bits/lkrn.h +++ b/src/include/bits/lkrn.h @@ -11,6 +11,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( FORBIDDEN ); #define LKRN_MAGIC_ARCH 0 diff --git a/src/include/ipxe/lkrn.h b/src/include/ipxe/lkrn.h index 88b4d0485..3749a37d7 100644 --- a/src/include/ipxe/lkrn.h +++ b/src/include/ipxe/lkrn.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( FORBIDDEN ); #include