[efi] Raise TPL during driver entry point

As per commit c89a446 ("[efi] Run at TPL_CALLBACK to protect against
UEFI timers") we expect to run at TPL_CALLBACK almost all of the time.
Various code paths rely on this assumption.  Code paths that need to
temporarily lower the TPL (e.g. for entropy gathering) will restore it
to TPL_CALLBACK.

The entropy gathering code will be run during DRBG initialisation,
which happens during the call to startup().  In the case of iPXE
compiled as an EFI application this code will run within the scope of
efi_snp_claim() and so will execute at TPL_CALLBACK as expected.

In the case of iPXE compiled as an EFI driver the code will
incorrectly run at TPL_APPLICATION since there is nothing within the
EFI driver entry point that raises (and restores) the TPL.  The net
effect is that a build that includes the entropy-gathering code
(e.g. a build with HTTPS enabled) will return from the driver entry
point at TPL_CALLBACK, which causes a system lockup.

Fix by raising and restoring the TPL within the EFI driver entry
point.

Debugged-by: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/interface/efi/efidrvprefix.c b/src/interface/efi/efidrvprefix.c
index f9bfa4c..ac7d943 100644
--- a/src/interface/efi/efidrvprefix.c
+++ b/src/interface/efi/efidrvprefix.c
@@ -34,6 +34,8 @@ FILE_LICENCE ( GPL2_OR_LATER );
  */
 EFI_STATUS EFIAPI _efidrv_start ( EFI_HANDLE image_handle,
 				  EFI_SYSTEM_TABLE *systab ) {
+	EFI_BOOT_SERVICES *bs;
+	EFI_TPL saved_tpl;
 	EFI_STATUS efirc;
 
 	/* Initialise stack cookie */
@@ -43,10 +45,17 @@ EFI_STATUS EFIAPI _efidrv_start ( EFI_HANDLE image_handle,
 	if ( ( efirc = efi_init ( image_handle, systab ) ) != 0 )
 		return efirc;
 
+	/* Raise TPL */
+	bs = efi_systab->BootServices;
+	saved_tpl = bs->RaiseTPL ( TPL_CALLBACK );
+
 	/* Initialise iPXE environment */
 	initialise();
 	startup();
 
+	/* Restore TPL */
+	bs->RestoreTPL ( saved_tpl );
+
 	return 0;
 }