studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity
Files
e568ddf82a21e9d069f067c06ff6055446042155
cli/vendor/r-efi/src/lib.rs

198 lines
9.9 KiB
Rust
Raw Blame History

//! UEFI Reference Specification Protocol Constants and Definitions
//!
//! This project provides protocol constants and definitions as defined in the UEFI Reference
//! Specification. The aim is to provide all these constants as C-ABI compatible imports to rust.
//! Safe rust abstractions over the UEFI API are out of scope of this project. That is, the
//! purpose is really just to extract all the bits and pieces from the specification and provide
//! them as rust types and constants.
//!
//! While we strongly recommend using safe abstractions to interact with UEFI systems, this
//! project serves both as base to write those abstractions, but also as last resort if you have
//! to deal with quirks and peculiarities of UEFI systems directly. Therefore, several examples
//! are included, which show how to interact with UEFI systems from rust. These serve both as
//! documentation for anyone interested in how the system works, but also as base for anyone
//! implementing safe abstractions on top.
//!
//! # Target Configuration
//!
//! Rust code can be compiled natively for UEFI systems. However, you are quite unlikely to have a
//! rust compiler running in an UEFI environment. Therefore, you will most likely want to cross
//! compile your rust code for UEFI systems. To do this, you need a target-configuration for UEFI
//! systems. As of rust-1.61, upstream rust includes the following UEFI targets:
//!
//! * `aarch64-unknown-uefi`: A native UEFI target for aarch64 systems (64bit ARM).
//! * `i686-unknown-uefi`: A native UEFI target for i686 systems (32bit Intel x86).
//! * `x86_64-unknown-uefi`: A native UEFI target for x86-64 systems (64bit Intel x86).
//!
//! If none of these targets match your architecture, you have to create the target specification
//! yourself. Feel free to contact the `r-efi` project for help.
//!
//! # Transpose Guidelines
//!
//! The UEFI specification provides C language symbols and definitions of all
//! its protocols and features. Those are integral parts of the specification
//! and UEFI programming is often tightly coupled with the C language. For
//! better compatibility to existing UEFI documentation, all the rust symbols
//! are transposed from C following strict rules, aiming for close similarity
//! to specification. This section gives a rationale on some of the less
//! obvious choices and tries to describe as many of those rules as possible.
//!
//! * `no enums`: Rust enums do not allow random discriminant values. However,
//! many UEFI enumerations use reserved ranges for vendor defined values.
//! These cannot be represented with rust enums in an efficient manner.
//! Hence, any enumerations are turned into rust constants with an
//! accompanying type alias.
//!
//! A detailed discussion can be found in:
//!
//! ```gitlog
//! commit 401a91901e860a5c0cd0f92b75dda0a72cf65322
//! Author: David Rheinsberg <david.rheinsberg@gmail.com>
//! Date: Wed Apr 21 12:07:07 2021 +0200
//!
//! r-efi: convert enums to constants
//! ```
//!
//! * `no incomplete types`: Several structures use incomplete structure types
//! by using an unbound array as last member. While rust can easily
//! represent those within its type-system, such structures become DSTs,
//! hence even raw pointers to them become fat-pointers, and would thus
//! violate the UEFI ABI.
//!
//! Instead, we use const-generics to allow compile-time adjustment of the
//! variable-sized structures, with a default value of 0. This allows
//! computing different sizes of the structures without any runtime overhead.
//!
//! * `nullable callbacks as Option`: Rust has no raw function pointers, but
//! just normal Rust function pointers. Those, however, have no valid null
//! value. The Rust ABI guarantees that `Option<fn ...>` is an C-ABI
//! compatible replacement for nullable function pointers, with `None` being
//! mapped to `NULL`. Hence, whenever UEFI APIs require nullable function
//! pointers, we use `Option<fn ...>`.
//!
//! * `prefer *mut over *const`: Whenever we transpose pointers from the
//! specification into Rust, we default to `*mut`. So far, there is no
//! reason to use `*const`. We prefer `*mut T`, because:
//!
//! * it is invariant over `T`, unlike `*const T`, which is covariant over
//! `T`. This variance is useful when treating the raw pointer like a
//! shared reference (which is also covariant over `T`). However, if the
//! raw pointer can be aliases by mutable pointers somewhere in the UEFI
//! stack, the variance might no longer apply. Using `*mut T` avoids this
//! default covariance, and requires callers to introduce manually if
//! desired.
//! * it cannot be automatically coerced from shared references. This
//! coercion is not necessarily correct, given that `const T *` pointers
//! in C do not share the immutability guarantee of Rust shared
//! references. By using `*mut T` an explicit pointer cast is required,
//! which we definitely want.
//! * it correctly conveys mutability to Miri Stacked Borrows. While Tree
//! Borrows do not distinguish raw pointers, Stacked Borrows do, and they
//! require a pointer to originate from a mutable reference if mutability
//! is desired.
//!
//! Lastly, note that `*mut` and `*const` can be `as`-casted in both
//! directions without violating any Rust guarantees. Any UB concerns always
//! stem from the safety guarantees of the surrounding code, not of the
//! raw-pointer handling.
//!
//! * `default to unsafe fn`: Always use `unsafe fn` for function prototypes.
//! UEFI makes no guarantees about global state, as such any implementation
//! of any UEFI prototype might introduce unsafety. Use `unsafe fn`
//! unconditionally, so the prototypes can be used for externally provided
//! code.
//!
//! # Specification Details
//!
//! This section lists errata of, and general comments on, the UEFI
//! specification relevant to the development of `r-efi`:
//!
//! * The `Unload` function-pointer of the LoadedImageProtocol can be `NULL`,
//! despite the protocol documentation lacking any mention of this. Other
//! parts of the specification refer to images lacking an unload function,
//! but there is no explicit documentation how this manifests in the
//! protocol structure. EDK2 assumes `NULL` indicates a lack of unload
//! function, and an errata has been submitted to the UEFI forum.
//!
//! * The specification mandates an 8-byte alignment for the `GUID` structure
//! However, all widespread implementations (including EDK2) use a 4-byte
//! alignment. An errata has been reported to EDK2 (still pending).
//!
//! # Examples
//!
//! To write free-standing UEFI applications, you need to disable the entry-point provided by rust
//! and instead provide your own. Most target-configurations look for a function called `efi_main`
//! during linking and set it as entry point. If you use the target-configurations provided with
//! upstream rust, they will pick the function called `efi_main` as entry-point.
//!
//! The following example shows a minimal UEFI application, which simply returns success upon
//! invocation. Note that you must provide your own panic-handler when running without `libstd`.
//! In our case, we use a trivial implementation that simply loops forever.
//!
//! ```ignore
//! #![no_main]
//! #![no_std]
//!
//! use r_efi::efi;
//!
//! #[panic_handler]
//! fn panic_handler(_info: &core::panic::PanicInfo) -> ! {
//! loop {}
//! }
//!
//! #[export_name = "efi_main"]
//! pub extern fn main(_h: efi::Handle, _st: *mut efi::SystemTable) -> efi::Status {
//! efi::Status::SUCCESS
//! }
//! ```
// Mark this crate as `no_std`. We have no std::* dependencies (and we better don't have them),
// so no reason to require it. This does not mean that you cannot use std::* with UEFI. You have
// to port it to UEFI first, though.
//
// In case of unit-test compilation, we pull in `std` and drop the `no_std` marker. This allows
// basic unit-tests on the compilation host. For integration tests, we have separate compilation
// units, so they will be unaffected by this.
#![cfg_attr(not(test), no_std)]
// Import the different core modules. We separate them into different modules to make it easier to
// work on them and describe what each part implements. This is different to the reference
// implementation, which uses a flat namespace due to its origins in the C language. For
// compatibility, we provide this flat namespace as well. See the `efi` submodule.
#[macro_use]
pub mod base;
#[macro_use]
pub mod hii;
#[macro_use]
pub mod system;
// Import the protocols. Each protocol is separated into its own module, readily imported by the
// meta `protocols` module. Note that this puts all symbols into their respective protocol
// namespace, thus clearly separating them (unlike the UEFI Specification, which more often than
// not violates its own namespacing).
pub mod protocols;
// Import vendor protocols. They are just like protocols in `protocols`, but
// separated for better namespacing.
pub mod vendor;
/// Flat EFI Namespace
///
/// The EFI namespace re-exports all symbols in a single, flat namespace. This allows mirroring
/// the entire EFI namespace as given in the specification and makes it easier to refer to them
/// with the same names as the reference C implementation.
///
/// Note that the individual protocols are put into submodules. The specification does this in
/// most parts as well (by prefixing all symbols). This is not true in all cases, as the
/// specification suffers from lack of namespaces in the reference C language. However, we decided
/// to namespace the remaining bits as well, for better consistency throughout the API. This
/// should be self-explanatory in nearly all cases.
pub mod efi {
pub use crate::base::*;
pub use crate::system::*;
pub use crate::hii;
pub use crate::protocols;
pub use crate::vendor;
}
Reference in New Issue View Git Blame Copy Permalink