When copying the device we must ensure that the copy does not fall into a
memory area reserved by the same.
So let's change the sequence: first create memory reservations and then
copy the device tree.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The sandbox is using a virtual address space which is neither the physical
address space of the operating system nor the virtual address space in
which Linux aplications live. The addresses used insided the flattened
device tree use this sandbox virtual address space. The EFI subsystem uses
the virtual address space of the operating system and this is where the fdt
is stored.
Fix all incorrect addresses for the fdt in cmd/bootefi.cmd.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
On the sandbox the memory addresses in the device tree refer to the virtual
address space of the sandbox. This implies that the memory reservations for
the fdt also have to be converted to this address space.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The sandbox uses a virtual address space that is neither the physical nor
the virtual address space of the operating system. All address used on the
command line live in this address space. So also the environment variable
${fdtcontroladdr} has to be in this address space.
Commands like bootefi and booti receive the fdt address as parameter.
Without the patch ${fdtcontroladdr} cannot be used as parameter value on
the sandbox.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When allocating EFI memory pages the size in bytes has to be converted to
pages.
Provide a macro efi_size_in_pages() for this conversion.
Use it in the EFI subsystem and correct related comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Enable building the sandbox with CONFIG_EFI_SELFTEST.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This unit test checks the following runtime services:
AllocatePages, FreePages, GetMemoryMap
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Do not use the sandbox's virtual address space for the internal structures
of the memory map. This way we can eliminate a whole lot of unnecessary
conversions.
The only conversion remaining is the one when adding known memory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function can be used from do_bootefi_exec() so that we use mostly the
same code for a normal EFI application and an EFI test.
Rename the function and use it in both places.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is still duplicated code in efi_loader for tests and normal
operation.
Add a new bootefi_run_prepare() function which holds common code used to
set up U-Boot to run EFI code. Make use of this from the existing
bootefi_test_prepare() function, as well as do_bootefi_exec().
Also shorten a few variable names.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The functions in bootefi are very long because they mix high-level code
and control with the low-level implementation. To help with this, create
functions which handle preparing for running the test and cleaning up
afterwards.
Also shorten the awfully long variable names here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present a few error conditions are not checked. Before refactoring
this code, add some basic checks. Note that this code still leaks memory
in the event of error. This will be tackled after the refactor.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
On some systems, not all RAM may be usable within U-Boot. Maybe the
memory maps are incomplete, maybe it's used as workaround for broken
DMA. But whatever the reason may be, a platform can say that it does
not wish to have its RAM accessed above a certain address by defining
board_get_usable_ram_top().
In the efi_loader world, we ignored that hint, mostly because very few
boards actually have real restrictions around this.
So let's honor the board's wish to not access high addresses during
boot time. The best way to do so is by indicating the respective pages
as "allocated by firmware". That way, Operating Systems will still
use the pages after boot, but before boot no allocation will use them.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Baruch Siach <baruch@tkos.co.il>
We should use a logical or when combining logical values.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present this code casts addresses to pointers so cannot be used with
sandbox. Update it to use mapmem instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit 3170db63c4.
It reportedly breaks OpenBSD/armv7 booting and I've already received
complaints from people that it breaks some Linux armv7 systems as well.
We'll have to give this whole caching story a good bit more thought.
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should be consistent in the types that we use to store Unicode strings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
If a memory bank is not EFI_PAGE_SIZE aligned efi_add_known_memory() the
number of memory pages may be incorrectly calculated.
We have to round up the start address and to round down the end address
to determine which complete pages are provided by the memory bank.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The "Devicetree Specification 0.2" does not prescribe that memory
reservations must be EFI page aligned. So let's not make such an
assumption in our code.
Do not carve out the pages for the device tree. This memory area is
already marked as EFI_RUNTIME_SERVICES_DATA.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
In copy_fdt() we allocate EFI pages for the fdt plus extra 12 KiB as
EFI_RUNTIME_SERVICES_DATA. Afterwards in efi_install_fdt() we overwrite
part of this memory allocation by marking it as EFI_BOOT_SERVICES_DATA.
Remove the code marking the fdt as EFI_BOOT_SERVICES_DATA.
Cf. commit 17ff6f02f5 ("efi_loader: store DT in EFI_RUNTIME_SERVICES_DATA
memory")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Using %zu for efi_intn_t (ssize_t) creates a build warning. Anyway %zu is
not supported by efi_st_error(). So let's convert to int.
Our implementation of StriColl() only returns -1, 0, or 1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the max_addr parameter of efi_find_free_memory() is within bounds
of an existing map and fits the reservation, we just return that address
as allocation value.
That breaks however if max_addr is not page aligned. So ensure that it
always comes to us page aligned, simplifying the allocation logic.
Without this, I've seen breakage where we were allocating pages at -1U
(32bit) which fits into a region that spans beyond 0x100000000. In that
case, we would return 0xffffffff as a valid memory allocation, although
we usually do guarantee they are all page aligned.
Fix this by aligning the max address argument always.
Signed-off-by: Alexander Graf <agraf@suse.de>
With RELA absolute relocations, the relocation target contains our link
offset which we need to remove from the equation again. We did this
properly in the relative relocation path, but not in the absolute one.
So let's do this for the absolute one as well. That way, u-boot can have
a TEXT_OFFSET of != 0 and still relocate itself properly.
This fixes a bug where efi_loader did not work on the RISC-V QEMU port.
With this patch, I can successfully run UEFI applications on the RISC-V
QEMU port.
Reported-by: Auer, Lukas <lukas.auer@aisec.fraunhofer.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
When you support distro boot and you support USB, you usually want to
also support booting from USB storage.
Reflect that in the Kconfig, so that we don't have to explicitly add
USB storage support to every defconfig individually.
Reported-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The USB storage driver does not compile when CONFIG_BLK is set,
but DM_USB is not set, as we're missing the DM device links for
CONFIG_BLK enabled code paths.
So far it looks like nobody fell into this trap, because no board
enabled CONFIG_BLK and CONFIG_USB_STORAGE while not enabling
CONFIG_DM_USB, but we should still reflect that dependency properly
in Kconfig so that implicit enabling of CONFIG_USB_STORAGE works.
Signed-off-by: Alexander Graf <agraf@suse.de>
Linker generated arrays may be stored in code sections of memory that are
not writable. So let's allocate setup_ok as an array at runtime.
This avoids an illegal memory access observed in the sandbox.
Reported-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When an operating system started via bootefi tries to reset or power off
this is done by calling the EFI runtime ResetSystem(). On most ARMv8 system
the actual reset relies on PSCI. Depending on whether the PSCI firmware
resides the hypervisor (EL2) or in the secure monitor (EL3) either an HVC
or an SMC command has to be issued.
The current implementation always uses SMC. This results in crashes on
systems where the PSCI firmware is implemented in the hypervisor, e.g.
qemu-arm64_defconfig.
The logic to decide which call is needed based on the device tree is
already implemented in the PSCI firmware driver. During the EFI runtime
the device driver model is not available. But we can minimize code
duplication by merging the EFI runtime reset and poweroff code with
the PSCI firmware driver.
As the same HVC/SMC problem is also evident for the ARMv8 do_poweroff
and reset_misc routines let's move them into the same code module.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
vf610twr_defconfig and vf610twr_nand_defconfig suffer from tight memory
restrictions. Disable CONFIG_EFI_LOADER for these boards.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Factor out efi_set_bootdev() and extract efi_dp_from_name().
This function will be used to set a boot device in efishell command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
As in the case of fs_set_blk_dev(), fs_set_blk_dev_with_part() should
maintain and update fs_dev_part whenever called.
Without this patch, a problem will come up when an efi binary associated
with efi's BOOTxxxx variable is invoked via "bootefi bootmgr".
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Per Microsoft PE Format documentation [1], PointerToSymbolTable and
NumberOfSymbols should be zero for an image in the COFF file header.
Currently the COFF file header is hardcoded on RISC-V and these two
members are not zero.
This updates the hardcoded structure to clear these two members, as
well as setting the flag IMAGE_FILE_LOCAL_SYMS_STRIPPED so that we
can generate compliant *.efi images.
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Per Microsoft PE Format documentation [1], PointerToSymbolTable and
NumberOfSymbols should be zero for an image in the COFF file header.
Currently the COFF file header is hardcoded on ARM and these two
members are not zero.
This updates the hardcoded structure to clear these two members, as
well as setting the flag IMAGE_FILE_LOCAL_SYMS_STRIPPED so that we
can generate compliant *.efi images.
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds characteristics macros as defined by the Microsoft PE
Format documentation [1].
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Per Microsoft PE Format documentation [1], PointerToSymbolTable and
NumberOfSymbols should be zero for an image in the COFF file header.
Currently U-Boot is generating u-boot-app.efi in which these two
members are not zero.
This updates the build rules to tell linker to remove the symbol
table completely so that we can generate compliant *.efi images.
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Per Microsoft PE Format documentation [1], PointerToSymbolTable and
NumberOfSymbols should be zero for an image in the COFF file header.
Currently U-Boot is generating u-boot-payload.efi image in which
these two members are not zero.
This updates the build rules to tell linker to remove the symbol
table completely so that we can generate compliant *.efi images.
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Per Microsoft PE Format documentation [1], PointerToSymbolTable and
NumberOfSymbols should be zero for an image in the COFF file header.
Currently U-Boot is generating *.efi images (eg: helloworld.efi) in
which these two members are not zero.
This updates the build rules to tell linker to remove the symbol
table completely so that we can generate compliant *.efi images.
[1] https://docs.microsoft.com/zh-cn/windows/desktop/Debug/pe-format
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
If UninstallMultipleProtocolInterfaces fails, we sometimes return the wrong
status code. The UEFI spec mandates to always return EFI_INVALID_PARAMETER.
Update unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The UEFI spec defines that a line feed moves the cursor to the next line
and (only) a carriage return moves the cursor to the beginning of the line.
So we should issue CR LF when we want to get to the start of the next line.
Add some comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Rename the component parent of some EFI objects to header. This avoids
misunderstandings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
A pointer to a struct efi_object is a handle. We do not need any handle
member in this structure. Let's eliminate it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
All our handles point to a struct efi_object. So let's define the
efi_handle_t accordingly. This helps us to discover coding errors much
more easily. This becomes evident by the corrections to the usage of
handles in this patch.
Rename variable image_handle to image_obj where applicable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
fix typos
correct the header comment of efi_selftest_variables.c
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the last protocol interface has been uninstalled remove the handle.
Adjust ReinstallProtocol so that it does not remove the handle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow an EFI application to shut down the system.
If EFI_RESET_SHUTDOWN is issued call do_poweroff().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Test the handling of execptions by trying to execute an undefined
instruction. For 32bit ARM we expect \selftest to be listed as loaded
image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should not make anything in lib/efi_selftest if
CONFIG_CMD_BOOTEFI_SELFTEST is not defined.
We can make that test in lib/Makefile
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>