[PATCH 7/7] efi: payload: add options for FDT force and initrd direct install

anis chali chalianis1 at gmail.com
Thu Sep 4 15:30:41 PDT 2025 

Hello Ahmad,

> > ---
> >  efi/Kconfig | 17 +++++++++++++++++
> >  1 file changed, 17 insertions(+)
> > 
> diff --git a/efi/Kconfig b/efi/Kconfig
> > index 84f670fd23d3..c3811574920d 100644
> > --- a/efi/Kconfig
> > +++ b/efi/Kconfig
> > @@ -50,4 +50,21 @@ config EFI_PAYLOAD_DEFAULT_PATH
> >  
> >  endif
> >  
> > +config EFI_FDT_FORCE
> > +	bool "Force EFI provided FDT"
> > +	default n
> > 
> 
> n is the default
> 
> +	help
> > +	  with this options we keep the fdt passed by EFI in the
> > +	  system configuration table, EFI has to suppot FDT otherwise
> > +	  an empty fdt will be generated when linux boots by efi.
> > 
> 
> These things should be runtime configurable and not in Kconfig.
> Why can't you take a user-supplied FDT if there is one and otherwise
> fall back to of_get_fixed_tree_for_boot() as fallback?

The reason why I ignore a user supplied fdt is the secure boot, in that case
I only accept a signed fit image fdt or keep the efi supplied fdt which is
already in the configuration tables so we can trust it, it is probably signed
and verified by efi. concerning the of_get_fixed_tree_for_boot, I think we can not
use it at least for now because, maybe I'm wrong but we didn't implement any code
to tell barebox to use efi.dtb, we only implemented code to extract the fdt from
configuration tables and write to /efi.dtb.

> +config EFI_INITRD_INSTALL
> > +	bool "Install the initramfs by barebox"
> > +	default n
> > +	help
> > +	  with this option barebox will install the initrd to the
> > +	  system configuration table, same as what kernel do after
> > +	  calling read file2 boot services, in this case the initrd
> > +	  will be read directly by the kernel as an initramfs.
> > 
> 
> Same thing, why can't we check for data->initrd and use that?
to answer your question, the same reason as for fdt, in case of secure boot
we ignore user supplied initrd. I think booti or bootm do the same thing, in
secure boot mode they ignore overrides.

concerning the EFI_INITRD_INSTALL, it is an option to early install the initrd 
in barebox, instead of exposing a boot service protocol to linux, then linux calls back
to barebox to get the initrd data and after that installing it to the system configuration
data, I added this code in the begining to debug and after that I implemented as what did by grub2, u-boot...etc.

Thank you for your support, 

cheers
Anis C.

More information about the barebox mailing list