Commit graph

201 commits

Author SHA1 Message Date
Heinrich Schuchardt
f9ad240e65 efi_loader: make efi_protocol_open() non-static
Provide efi_protocol_open() as library function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:33 +01:00
Heinrich Schuchardt
b6f11098c9 efi_loader: move EFI_LOAD_FILE2_PROTOCOL_GUID
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.

Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
AKASHI Takahiro
bb7e71d33c efi_loader: add firmware management protocol for raw image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a binary image in a capsule file and
apply the data using dfu backend storage drivers via dfu_write_by_alt()
interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
f27c201485 efi_loader: add firmware management protocol for FIT image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a common FIT image firmware in a capsule
file and apply the data using dfu backend storage drivers via
update_fit() interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Fit image is a common file format for firmware update on U-Boot, and
this protocol works neatly just as a wrapper for one.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
8d99026f06 efi_loader: capsule: support firmware update
A capsule tagged with the guid, EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID,
is handled as a firmware update object.
What efi_update_capsule() basically does is to load any firmware management
protocol (or fmp) drivers contained in a capsule, find out an appropriate
fmp driver and then invoke its set_image() interface against each binary
in a capsule.
In this commit, however, loading drivers is not supported.

The result of applying a capsule is set to be stored in "CapsuleXXXX"
variable, but its implementation is deferred to a fmp driver.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
c74cd8bd08 efi_loader: capsule: add capsule_on_disk support
Capsule data can be loaded into the system either via UpdateCapsule
runtime service or files on a file system (of boot device).
The latter case is called "capsules on disk", and actual updates will
take place at the next boot time.

In this commit, we will support capsule on disk mechanism.

Please note that U-Boot itself has no notion of "boot device" and
all the capsule files to be executed will be detected only if they
are located in a specific directory, \EFI\UpdateCapsule, on a device
that is identified as a boot device by "BootXXXX" variables.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:49 +01:00
AKASHI Takahiro
2bc27ca8a0 efi_loader: define UpdateCapsule api
In this commit, skeleton functions for capsule-related API's are
added under CONFIG_EFI_UPDATE_CAPSULE configuration.
Detailed implementation for a specific capsule type will be added
in the succeeding patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:49 +01:00
Ilias Apalodimas
c1c021052c efi_loader: Add basic EFI_TCG2_PROTOCOL support
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.

This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Heinrich Schuchardt
fccd3d9c42 efi_selftest: keep devices in ExitBootServices()
When calling ExitBootServices during out unit tests we should not detach
devices as we need console output for runtime tests.

Fixes: 529441ca89 ("efi_loader: Disable devices before handing over control")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
AKASHI Takahiro
077153e085 efi_loader: add efi_create_indexed_name()
This function will be used from several places in UEFI subsystem
to generate some specific form of utf-16 variable name.
For example, L"Capsule0001"

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Move function to separate module.
Use char * as argument instead of u16 *.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30 14:27:43 +01:00
Heinrich Schuchardt
b59c13d42f efi_loader: installation of EFI_RNG_PROTOCOL
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.

Only install the EFI_RNG_PROTOCOL if we have a RNG device.

Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-27 16:10:45 +02:00
Heinrich Schuchardt
5cad4a3093 efi_loader: efi_dp_check_length()
We need to check that device paths provided via UEFI variables are not
malformed.

Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
AKASHI Takahiro
52956e535e efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 12:28:25 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
0ad64007fe efi_loader: set load options in boot manager
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
1064d04920 efi_loader: factor out efi_set_load_options()
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
b0dd8cb407 efi_loader: new function efi_memcpy_runtime()
Provide a memcpy() function that we can use at UEFI runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
a44d2a2399 efi_loader: export efi_convert_pointer()
We need ConvertPointer() to adjust pointers when implementing  runtime
services within U-Boot.

After ExitBootServices() gd is not available anymore. So we should not use
EFI_ENTRY() and EFI_EXIT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
AKASHI Takahiro
7926dfb579 efi_loader: image_loader: add digest-based verification for signed image
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.

With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
11bafb2596 efi_loader: image_loader: verification for all signatures should pass
A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
Heinrich Schuchardt
15b1bf10d1 efi_loader: export initialization state
Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:56 +02:00
Heinrich Schuchardt
0e69bcfb27 efi_loader: validate load option
For passing the optional data of the load option to the loaded imaged
protocol we need its size.

efi_deserialize_load_option() is changed to return the size of the optional
data.

As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.

Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.

Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
19ecced71c efi_loader: device path for virtio block devices
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.

This avoids creation of two handles with the same device path indicating
our root node.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
e6f6f9e648 common: Drop part.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Michael Walle
714497e327 efi_loader: round the memory area in efi_add_memory_map()
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-17 21:59:53 +02:00
AKASHI Takahiro
41fd506842 efi_loader: disk: add efi_disk_is_system_part()
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
d9f3307a82 efi_loader: remove CONFIG_EFI_SECURE_BOOT in efi_loader.h
The guard doesn't make any difference, so remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Heinrich Schuchardt
11078bb262 efi_loader: identify EFI system partition
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
AKASHI Takahiro
4540dabdca efi_loader: image_loader: support image authentication
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
767f6eeb01 efi_loader: variable: support variable authentication
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
be6296d05b efi_loader: add signature database parser
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
593e17d673 efi_loader: add signature verification functions
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Heinrich Schuchardt
7a4e717b9c efi_loader: definition of GetNextVariableName()
'vendor' is both an input and an output parameter. So it cannot be
constant.

Fixes: 0bda81bfdc ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 18:38:02 +01:00
AKASHI Takahiro
b51ec63978 efi_loader: export a couple of protocol related functions
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-03-17 08:29:52 +01:00
Ilias Apalodimas
ec80b4735a efi_loader: Implement FileLoad2 for initramfs loading
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.

The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.

[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-28 19:37:14 +01:00
Sughosh Ganu
33c37d9784 efi_rng_protocol: Install the efi_rng_protocol on the root node
Install the EFI_RNG_PROTOCOL implementation for it's subsequent use by
the kernel for features like kaslr.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:22 +01:00
Sughosh Ganu
61e42d9465 efi_loader: Add guidcpy function
Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
f64f223256 efi_loader: export efi_install_fdt()
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().

Export the efi_install_fdt() function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
f9ceb6ac14 efi_loader: carve out efi_run_image()
Provide public function efi_run_imager() which can be used to run an UEFI
image from memory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
7a597259d2 efi_loader: pass address to efi_install_fdt()
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.

If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
246e601846 efi_loader: remove unused function efi_dp_from_dev()
Function efi_dp_from_dev() is not used anywhere. Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-11-19 12:10:22 +01:00
Simon Glass
fdeb6f7dc6 efi: Move inline functions to unconditional part of header
At present these two functions are defined in efi_loader.h but only if
CONFIG_EFI_LOADER is enabled. But these are functions that are useful to
other code, such as that which deals with Intel Handoff Blocks (HOBs).

Move these to the top of the function.

Possibly ascii2unicode() should not be an inline function, since this
might impact code size.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2019-10-08 13:54:12 +08:00
AKASHI Takahiro
23ad52fff4 efi_loader: device_path: support Sandbox's "host" devices
Sandbox's "host" devices are currently described as UCLASS_ROOT udevice
with DEV_IF_HOST block device. As the current implementation of
efi_device_path doesn't support such a type, any "host" device
on sandbox cannot be seen as a distinct object.

For example,
  => host bind 0 /foo/disk.img

  => efi devices
  Scanning disk host0...
  Found 1 disks
  Device           Device Path
  ================ ====================
  0000000015c19970 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
  0000000015c19d70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)

  => efi dh
  Handle           Protocols
  ================ ====================
  0000000015c19970 Device Path, Device Path To Text, Device Path Utilities, Unicode Collation 2, HII String, HII Database, HII Config Routing
  0000000015c19ba0 Driver Binding
  0000000015c19c10 Simple Text Output
  0000000015c19c80 Simple Text Input, Simple Text Input Ex
  0000000015c19d70 Block IO, Device Path, Simple File System

As you can see here, efi_root (0x0000000015c19970) and host0 device
(0x0000000015c19d70) have the same representation of device path.

This is not only inconvenient, but also confusing since two different
efi objects are associated with the same device path and
efi_dp_find_obj() will possibly return a wrong result.

Solution:
Each "host" device should be given an additional device path node
of "vendor device path" to make it distinguishable.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-09-20 20:09:18 +02:00
Heinrich Schuchardt
87c4840610 efi_loader: eliminate inline function ascii2unicode()
ascii2unicode() can only convert characters 0x00-0x7f from UTF-8 to UTF-16.
Use utf8_utf16_strcpy() instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-09-09 15:21:08 +02:00
Park, Aiden
b5b9eff26d efi_loader: Extract adding a conventional memory in separate routine
Adding a conventional memory region to the memory map may require ram_top
limitation and it can be also commonly used. Extract adding a conventional
memory to the memory map in a separate routine for generic use.

Signed-off-by: Aiden Park <aiden.park@intel.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-09-05 23:18:51 +02:00
Heinrich Schuchardt
ade317a281 efi_loader: avoid alignment error
In packed structures GUIDs are not aligned. Avoid a build error with
GCC 9.1 by using const void * as argument for guidcmp().

Reported-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16 22:17:22 +00:00
Bryan O'Donoghue
b225c92fd0 efi_loader: Change return type of efi_add_memory_map()
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.

This patch does the following:

- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio()  to new efi_add_memory_map()

Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16 22:17:17 +00:00
Heinrich Schuchardt
7f95104d91 efi_loader: detach runtime in ExitBootServices()
Linux can be called with a command line parameter efi=novamap, cf.
commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be
omitted"). In this case SetVirtualAddressMap() is not called after
ExitBootServices().

OpenBSD 32bit does not call SetVirtualAddressMap() either.

Runtime services must be set to an implementation supported at runtime
in ExitBootServices().

Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Suggested-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-06 21:25:32 +02:00
Heinrich Schuchardt
29018abb09 efi_loader: let the variable driver patch out the runtime
Our variable services are only provided at boottime. Therefore when
leaving boottime the variable function are replaced by dummy functions
returning EFI_UNSUPPORTED. Move this patching of the runtime table to the
variable services implementation. Executed it in ExitBootServices().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-06 21:25:32 +02:00