Revert "boot: Skip safety countdown when running in a VM"

This reverts commit bafc594.
systemd-ci-incubator · Aug 4, 2022 · 5cc1682 · 5cc1682
1 parent 49d5f89
commit 5cc1682
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 34 deletions.
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
@@ -49,11 +49,6 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) {
 
         unsigned timeout_sec = 15;
         for(;;) {
-                /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
-                 * we can brick there. */
-                if (in_hypervisor())
-                        break;
-
                 PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec);
 
                 uint64_t key;

diff --git a/src/boot/efi/ticks.c b/src/boot/efi/ticks.c
@@ -2,17 +2,35 @@
 
 #include <efi.h>
 #include <efilib.h>
+#if defined(__i386__) || defined(__x86_64__)
+#include <cpuid.h>
+#endif
+#include <stdbool.h>
 
 #include "ticks.h"
-#include "util.h"
+
+#if defined(__i386__) || defined(__x86_64__)
+static bool in_hypervisor(void) {
+        uint32_t eax, ebx, ecx, edx;
+
+        /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero
+         * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful
+         * for keeping time, hence don't attempt to use it.
+         *
+         * This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI
+         * environment. */
+
+        if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0)
+                return false;
+
+        return !!(ecx & 0x80000000U);
+}
+#endif
 
 #ifdef __x86_64__
 static uint64_t ticks_read(void) {
         uint64_t a, d;
 
-        /* The TSC might or might not be virtualized in VMs (and thus might not be accurate or start at zero
-         * at boot), depending on hypervisor and CPU functionality. If it's not virtualized it's not useful
-         * for keeping time, hence don't attempt to use it. */
         if (in_hypervisor())
                 return 0;
 

diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c
@@ -2,9 +2,6 @@
 
 #include <efi.h>
 #include <efilib.h>
-#if defined(__i386__) || defined(__x86_64__)
-#  include <cpuid.h>
-#endif
 
 #include "ticks.h"
 #include "util.h"
@@ -771,17 +768,3 @@ EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DE
         SetDevicePathEndNode(dp);
         return EFI_SUCCESS;
 }
-
-#if defined(__i386__) || defined(__x86_64__)
-bool in_hypervisor(void) {
-        uint32_t eax, ebx, ecx, edx;
-
-        /* This is a dumbed down version of src/basic/virt.c's detect_vm() that safely works in the UEFI
-         * environment. */
-
-        if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0)
-                return false;
-
-        return !!(ecx & 0x80000000U);
-}
-#endif
diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h
@@ -179,11 +179,3 @@ static inline void beep(UINTN beep_count) {}
 
 EFI_STATUS open_volume(EFI_HANDLE device, EFI_FILE **ret_file);
 EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DEVICE_PATH **ret_dp);
-
-#if defined(__i386__) || defined(__x86_64__)
-bool in_hypervisor(void);
-#else
-static inline bool in_hypervisor(void) {
-        return false;
-}
-#endif