Merge pull request #132 from chp-io/mono-force-bootentry

Force UEFI boot order on service start and exit to enforce MicroV boot

.github/workflows/microv.yml

@@ -170,6 +170,7 @@ jobs:
         cp ..\microv\scripts\cmake\config\config.cmake ..
         Add-Content -Path ..\config.cmake -Value "set(ENABLE_BUILD_USERSPACE ON)"
         Add-Content -Path ..\config.cmake -Value "set(ENABLE_BUILD_VMM OFF)"
+        Add-Content -Path ..\config.cmake -Value "set(UVCTL_WINDOWS_SERVICE_FORCE_BOOTENTRY ON)"
         cmake ../microv/deps/hypervisor -DCONFIG=..\config.cmake -G "Visual Studio 16 2019" -A x64
         & msbuild /p:Configuration=Release /p:Platform=x64 /p:TargetVersion=Windows10 hypervisor.sln
       shell: pwsh

scripts/cmake/config/default.cmake

@@ -86,3 +86,10 @@ add_config(
     DEFAULT_VAL OFF
     DESCRIPTION "Don't passthru ethernet devices, when passthru for network devices is enabled"
 )
+
+add_config(
+    CONFIG_NAME UVCTL_WINDOWS_SERVICE_FORCE_BOOTENTRY
+    CONFIG_TYPE BOOL
+    DEFAULT_VAL OFF
+    DESCRIPTION "Force setting MicroV UEFI boot entry"
+)

uvctl/CMakeLists.txt

@@ -47,6 +47,9 @@ target_sources(uvctl PRIVATE
     $<$<BOOL:${WIN32}>:${OS}/service.cpp>
     $<$<BOOL:${XEN_READCONSOLE_ROOTVM}>:${OS}/xen_hypercall.asm>
 )
-target_compile_definitions(uvctl PRIVATE $<$<BOOL:${XEN_READCONSOLE_ROOTVM}>:XEN_READCONSOLE_ROOTVM>)
+target_compile_definitions(uvctl PRIVATE
+    $<$<BOOL:${XEN_READCONSOLE_ROOTVM}>:XEN_READCONSOLE_ROOTVM>
+    $<$<BOOL:${UVCTL_WINDOWS_SERVICE_FORCE_BOOTENTRY}>:UVCTL_WINDOWS_SERVICE_FORCE_BOOTENTRY>
+)
 
 fini_project()

uvctl/main.cpp

@@ -379,6 +379,7 @@ int protected_main(const args_type &args)
 
             CloseHandle(xenbus_fd);
         }
+        service_post_tasks();
 #endif
     }
 

uvctl/windows/service.cpp

@@ -217,6 +217,7 @@ DWORD WINAPI vm_worker(LPVOID param)
  */
 static void set_boot_entry() noexcept
 {
+#ifdef UVCTL_WINDOWS_SERVICE_FORCE_BOOTENTRY
     int res = system(
         "C:\\windows\\system32\\bcdedit.exe /set {bootmgr} path \\EFI\\Boot\\PreLoader.efi");
     if (res != 0) {
@@ -236,13 +237,19 @@ static void set_boot_entry() noexcept
         log_msg("bcdedit: failed to set fwbootmgr bootsequence: exit code %d",
                 res);
     }
+#endif
+}
+
+void service_post_tasks() noexcept
+{
+    set_boot_entry();
 }
 
 void WINAPI service_main(DWORD argc, LPTSTR *argv)
 {
+    set_boot_entry();
     if (!init()) {
         log_msg("%s: init failed\n", __func__);
-        set_boot_entry();
         return;
     }
 
@@ -266,7 +273,6 @@ void WINAPI service_main(DWORD argc, LPTSTR *argv)
                 exit_code);
 
         stop_with_error(exit_code);
-        set_boot_entry();
         return;
     }
 
@@ -287,7 +293,6 @@ void WINAPI service_main(DWORD argc, LPTSTR *argv)
 
         CloseHandle(service_stop_event);
         stop_with_error(exit_code);
-        set_boot_entry();
         return;
     }
 
@@ -318,8 +323,6 @@ void WINAPI service_main(DWORD argc, LPTSTR *argv)
         }
     }
 
-    set_boot_entry();
-
     set_status(SERVICE_ACCEPT_NONE, SERVICE_STOPPED, NO_ERROR);
 
     CloseHandle(service_stop_event);

uvctl/windows/service.h

@@ -24,5 +24,6 @@
 
 void service_start() noexcept;
 void service_wait_for_stop_signal() noexcept;
+void service_post_tasks() noexcept;
 
 #endif