Pull request for efi-2021-07-rc6

Bug fixes: * improve specification compliance of UEFI capsule updates * allow capsule update on-disk without checking OsIndications * provide parameter checks for QueryVariableInfo() -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmDfP5MACgkQxIHbvCwF GsQJuw//SvyMCGjv43qg0UVR/XqTJHTajkDqGvfB6vCOVJLvkQIpIPFqej5ShkOp 4lEqzvCnFqgllzVVR1ADzZDX2lgJU6lfFtfj+V8VYuxF0bi+2xTCi1NMLFYDayGh zHFOZPUzDvfn0r2c7v+qw+VxuEz05nEvWebXpPb4YMppomjvHW4viLQu4y+5u8Y0 XgdEsOiGmj+wd34SeVaDGFb1Dvt+ckm1ZP0DiNql5DKqWZolnarVdQ7X8aZwMo4X 9EIYwTYoSQQU5Kbu4cD4Y4FhpICWbTEcofBD2Ju3oTiZuAfF+wWQchK55F7ZS+ou ykoSM+TWDDxXZf9kacZ1ku/3Dgvemcl23HV3P6QtYXvHUOtqqIlmXHIhcb5JSLFy Sojn8GJoV2NntLsQP3S8MjpY+7iLk17nIDLgiYeZpi/H8CtT91x80dHPcSUrh5ZG UPHxBy3+2qA/LfiFbbu+jVjQA84Jm8OIzzUknNJAO47/aSJjSJeTrDn8uSCLdhGC aBTWFbrweZX2w+XHChhlVIxUp/LDvbax1x9IynUB/ahuwc/XRqwhjow0c+g0Vv0p ddiIIfP4Z6PEOCdA+6Gd3jcAQPryjVA9mWgIKyPQ4J3o2zyqGTosTo4Gxihr934b a6egMaaq/Fpp2EshquFilLBwov6+2qM9U/VeEF5+sxVbPRdt03U= =kbt7 -----END PGP SIGNATURE----- Merge tag 'efi-2021-07-rc6' of https://source.denx.de/u-boot/custodians/u-boot-efi Pull request for efi-2021-07-rc6 Bug fixes: * improve specification compliance of UEFI capsule updates * allow capsule update on-disk without checking OsIndications * provide parameter checks for QueryVariableInfo()
2025-03-16 23:07:00 +00:00 · 2021-07-02 15:04:07 -04:00 · 2021-07-02 15:04:07 -04:00 · 62c7e40a04
commit 62c7e40a04
parent 760d2f9e9e 0fa5020c02
7 changed files with 124 additions and 43 deletions
--- a/configs/xilinx_zynqmp_virt_defconfig
+++ b/configs/xilinx_zynqmp_virt_defconfig
@ -187,5 +187,4 @@ CONFIG_OF_LIBFDT_OVERLAY=y
 CONFIG_EFI_SET_TIME=y
 CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
 CONFIG_EFI_CAPSULE_ON_DISK=y
-CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
 CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@ -972,4 +972,5 @@ efi_status_t efi_esrt_register(void);
 * - error code otherwise.
 */
 efi_status_t efi_esrt_populate(void);
+efi_status_t efi_load_capsule_drivers(void);
 #endif /* _EFI_LOADER_H */
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@ -137,6 +137,16 @@ config EFI_CAPSULE_ON_DISK
 	  under a specific directory on UEFI system partition instead of
 	  via UpdateCapsule API.

+config EFI_IGNORE_OSINDICATIONS
+	bool "Ignore OsIndications for CapsuleUpdate on-disk"
+	depends on EFI_CAPSULE_ON_DISK
+	default n
+	help
+	  There are boards where U-Boot does not support SetVariable at runtime.
+	  Select this option if you want to use the capsule-on-disk feature
+	  without setting the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
+	  flag in variable OsIndications.
+
 config EFI_CAPSULE_ON_DISK_EARLY
 	bool "Initiate capsule-on-disk at U-Boot boottime"
 	depends on EFI_CAPSULE_ON_DISK
@ -161,6 +171,28 @@ config EFI_CAPSULE_FIRMWARE_MANAGEMENT
 	  Select this option if you want to enable capsule-based
 	  firmware update using Firmware Management Protocol.

+config EFI_CAPSULE_FIRMWARE_FIT
+	bool "FMP driver for FIT images"
+	depends on FIT
+	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
+	select UPDATE_FIT
+	select DFU
+	select EFI_CAPSULE_FIRMWARE
+	help
+	  Select this option if you want to enable firmware management protocol
+	  driver for FIT image
+
+config EFI_CAPSULE_FIRMWARE_RAW
+	bool "FMP driver for raw images"
+	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
+	depends on SANDBOX || (!SANDBOX && !EFI_CAPSULE_FIRMWARE_FIT)
+	select DFU_WRITE_ALT
+	select DFU
+	select EFI_CAPSULE_FIRMWARE
+	help
+	  Select this option if you want to enable firmware management protocol
+	  driver for raw image
+
 config EFI_CAPSULE_AUTHENTICATE
 	bool "Update Capsule authentication"
 	depends on EFI_CAPSULE_FIRMWARE
@ -181,29 +213,6 @@ config EFI_CAPSULE_AUTHENTICATE
 	  Select this option if you want to enable capsule
 	  authentication

-config EFI_CAPSULE_FIRMWARE_FIT
-	bool "FMP driver for FIT image"
-	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
-	depends on FIT
-	select UPDATE_FIT
-	select DFU
-	select EFI_CAPSULE_FIRMWARE
-	default n
-	help
-	  Select this option if you want to enable firmware management protocol
-	  driver for FIT image
-
-config EFI_CAPSULE_FIRMWARE_RAW
-	bool "FMP driver for raw image"
-	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
-	select DFU
-	select DFU_WRITE_ALT
-	select EFI_CAPSULE_FIRMWARE
-	default n
-	help
-	  Select this option if you want to enable firmware management protocol
-	  driver for raw image
-
 config EFI_DEVICE_PATH_TO_TEXT
 	bool "Device path to text protocol"
 	default y
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@ -919,13 +919,13 @@ static void efi_capsule_scan_done(void)
 }

 /**
- * arch_efi_load_capsule_drivers - initialize capsule drivers
+ * efi_load_capsule_drivers - initialize capsule drivers
 *
- * Architecture or board specific initialization routine
+ * Generic FMP drivers backed by DFU
 *
 * Return:	status code
 */
-efi_status_t __weak arch_efi_load_capsule_drivers(void)
+efi_status_t __weak efi_load_capsule_drivers(void)
 {
 	__maybe_unused efi_handle_t handle;
 	efi_status_t ret = EFI_SUCCESS;
@ -940,7 +940,7 @@ efi_status_t __weak arch_efi_load_capsule_drivers(void)
 	if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_RAW)) {
 		handle = NULL;
 		ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
-				&efi_root,
+				&handle,
 				&efi_guid_firmware_management_protocol,
 				&efi_fmp_raw, NULL));
 	}
@ -948,6 +948,33 @@ efi_status_t __weak arch_efi_load_capsule_drivers(void)
 	return ret;
 }

+/**
+ * check_run_capsules - Check whether capsule update should run
+ *
+ * The spec says OsIndications must be set in order to run the capsule update
+ * on-disk.  Since U-Boot doesn't support runtime SetVariable, allow capsules to
+ * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected
+ */
+static bool check_run_capsules(void)
+{
+	u64 os_indications;
+	efi_uintn_t size;
+	efi_status_t ret;
+
+	if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS))
+		return true;
+
+	size = sizeof(os_indications);
+	ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
+				   NULL, &size, &os_indications, NULL);
+	if (ret == EFI_SUCCESS &&
+	    (os_indications
+	      & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
+		return true;
+
+	return false;
+}
+
 /**
 * efi_launch_capsule - launch capsules
 *
@ -958,29 +985,17 @@ efi_status_t __weak arch_efi_load_capsule_drivers(void)
 */
 efi_status_t efi_launch_capsules(void)
 {
-	u64 os_indications;
-	efi_uintn_t size;
 	struct efi_capsule_header *capsule = NULL;
 	u16 **files;
 	unsigned int nfiles, index, i;
 	u16 variable_name16[12];
 	efi_status_t ret;

-	size = sizeof(os_indications);
-	ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
-				   NULL, &size, &os_indications, NULL);
-	if (ret != EFI_SUCCESS ||
-	    !(os_indications
-	      & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED))
+	if (!check_run_capsules())
 		return EFI_SUCCESS;

 	index = get_last_capsule();

-	/* Load capsule drivers */
-	ret = arch_efi_load_capsule_drivers();
-	if (ret != EFI_SUCCESS)
-		return ret;
-
 	/*
 	 * Find capsules on disk.
 	 * All the capsules are collected at the beginning because
--- a/lib/efi_loader/efi_console.c
+++ b/lib/efi_loader/efi_console.c
@ -342,7 +342,7 @@ static void query_console_size(void)
 	int rows = 25, cols = 80;
 	int ret = -ENODEV;

-	if IS_ENABLED(CONFIG_DM_VIDEO)
+	if (IS_ENABLED(CONFIG_DM_VIDEO))
 		ret = query_vidconsole(&rows, &cols);
 	if (ret)
 		ret = query_console_serial(&rows, &cols);
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@ -5,9 +5,12 @@
 *  Copyright (c) 2016-2018 Alexander Graf et al.
 */

+#define LOG_CATEGORY LOGC_EFI
+
 #include <common.h>
 #include <efi_loader.h>
 #include <efi_variable.h>
+#include <log.h>

 #define OBJ_LIST_NOT_INITIALIZED 1

@ -171,6 +174,37 @@ static efi_status_t efi_init_os_indications(void)
 				    &os_indications_supported, false);
 }

+
+/**
+ * efi_clear_os_indications() - clear OsIndications
+ *
+ * Clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
+ */
+static efi_status_t efi_clear_os_indications(void)
+{
+	efi_uintn_t size;
+	u64 os_indications;
+	efi_status_t ret;
+
+	size = sizeof(os_indications);
+	ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
+				   NULL, &size, &os_indications, NULL);
+	if (ret != EFI_SUCCESS)
+		os_indications = 0;
+	else
+		os_indications &=
+			~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED;
+	ret = efi_set_variable_int(L"OsIndications", &efi_global_variable_guid,
+				   EFI_VARIABLE_NON_VOLATILE |
+				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
+				   EFI_VARIABLE_RUNTIME_ACCESS,
+				   sizeof(os_indications), &os_indications,
+				   false);
+	if (ret != EFI_SUCCESS)
+		log_err("Setting %ls failed\n", L"OsIndications");
+	return ret;
+}
+
 /**
 * efi_init_obj_list() - Initialize and populate EFI object list
 *
@ -178,7 +212,7 @@ static efi_status_t efi_init_os_indications(void)
 */
 efi_status_t efi_init_obj_list(void)
 {
-	efi_status_t ret = EFI_SUCCESS;
+	efi_status_t r, ret = EFI_SUCCESS;

 	/* Initialize once only */
 	if (efi_obj_list_initialized != OBJ_LIST_NOT_INITIALIZED)
@ -254,6 +288,12 @@ efi_status_t efi_init_obj_list(void)
 	if (ret != EFI_SUCCESS)
 		goto out;

+	if (IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_SUPPORT)) {
+		ret = efi_load_capsule_drivers();
+		if (ret != EFI_SUCCESS)
+			goto out;
+	}
+
 #if defined(CONFIG_LCD) || defined(CONFIG_DM_VIDEO)
 	ret = efi_gop_register();
 	if (ret != EFI_SUCCESS)
@ -291,7 +331,11 @@ efi_status_t efi_init_obj_list(void)
 	if (IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK) &&
 	    !IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK_EARLY))
 		ret = efi_launch_capsules();
+
 out:
+	r = efi_clear_os_indications();
+	if (ret == EFI_SUCCESS)
+		ret = r;
 	efi_obj_list_initialized = ret;
 	return ret;
 }
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@ -163,6 +163,19 @@ efi_status_t EFIAPI efi_query_variable_info(
 	EFI_ENTRY("%x %p %p %p", attributes, maximum_variable_storage_size,
 		  remaining_variable_storage_size, maximum_variable_size);

+	if (!maximum_variable_storage_size ||
+	    !remaining_variable_storage_size ||
+	    !maximum_variable_size ||
+	    !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS))
+		return EFI_EXIT(EFI_INVALID_PARAMETER);
+
+	if ((attributes & ~(u32)EFI_VARIABLE_MASK) ||
+	    (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) ||
+	    (attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) ||
+	    (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT) &&
+	     (attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)))
+		return EFI_EXIT(EFI_UNSUPPORTED);
+
 	ret = efi_query_variable_info_int(attributes,
 					  maximum_variable_storage_size,
 					  remaining_variable_storage_size,