Commit graph

2770 commits

Author SHA1 Message Date
Heinrich Schuchardt
66028930da efi_loader: copy GUID in InstallProtocolInterface()
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-12 12:27:07 +01:00
Yann Droneaud
9b5ad4f5da lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
                     EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
                     EVP_MD_CTX_init() is EVP_MD_CTX_reset()

As there's no need to reset a newly created EVP_MD_CTX, moreover
EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
can be dropped.
As there's no need to reset an EVP_MD_CTX before it's destroyed,
as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
is not needed and can be dropped.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
2022-03-04 15:20:07 -05:00
Masahisa Kojima
3fa9ed9ae3 efi_loader: update the timing of enabling and disabling EFI watchdog
UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

 1) The EFI Image may reset or disable the watchdog timer as needed.
 2) If control is returned to the firmware's boot manager,
    the watchdog timer must be disabled.
 3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
    the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
3e6f810006 efi_loader: test/py: Reset system after capsule update on disk
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;

    In all cases that a capsule is identified for processing the system is
    restarted after capsule processing is completed.

This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
a6aafce494 efi_loader: use efi_update_capsule_firmware() for capsule on disk
Since the efi_update_capsule() represents the UpdateCapsule() runtime
service, it has to handle the capsule flags and update ESRT. However
the capsule-on-disk doesn't need to care about such things.

Thus, the capsule-on-disk should use the efi_capsule_update_firmware()
directly instead of calling efi_update_capsule().

This means the roles of the efi_update_capsule() and capsule-on-disk
are different. We have to keep the efi_update_capsule() for providing
runtime service API at boot time.

Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
bdcc0a9594 efi_loader: fix uefi secure boot with intermediate certs
The general rule of accepting or rejecting an image is
 1. Is the sha256 of the image in dbx
 2. Is the image signed with a certificate that's found in db and
    not in dbx
 3. The image carries a cert which is signed by a cert in db (and
    not in dbx) and the image can be verified against the former
 4. Is the sha256 of the image in db

For example SHIM is signed by "CN=Microsoft Windows UEFI Driver Publisher",
which is issued by "CN=Microsoft Corporation UEFI CA 2011", which in it's
turn is issued by "CN=Microsoft Corporation Third Party Marketplace Root".
The latter is a self-signed CA certificate and with our current implementation
allows shim to execute if we insert it in db.

However it's the CA cert in the middle of the chain which usually ends up
in the system's db.  pkcs7_verify_one() might or might not return the root
certificate for a given chain.  But when verifying executables in UEFI,  the
trust anchor can be in the middle of the chain, as long as that certificate
is present in db.  Currently we only allow this check on self-signed
certificates,  so let's remove that check and allow all certs to try a
match an entry in db.

Open questions:
- Does this break any aspect of variable authentication since
  efi_signature_verify() is used on those as well?

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
54cebe8a3a efi_loader: fix dual signed image certification
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
Moritz Fischer
058fb9f5ff acpi: Move MCFG implementation to common lib
MCFG tables are used on multiple arches. Move to common ACPI lib.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use sizeof(*mcfg) instead of sizeof(*header)
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-09 12:30:13 -07:00
Simon Glass
e2bceb0331 efi: Drop unnecessary calls to blk_find_device()
When we have the block descriptor we can simply access the device. Drop
the unnecessary function call.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Simon Glass
377d39d178 efi: Use device_get_uclass_id() where appropriate
Use this function rather than following the pointers, since it is there
for this purpose.

Add the uclass name to the debug call at the end of dp_fill() since it is
quite useful.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
3c95b323c7 efi_loader: add handle for UART
When loading an EFI binary via the UART we assign a UART device path to it.
But we lack a handle with that device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
915623c0d3 efi_loader: fix text output for Uart() DP nodes
The UEFI specification concerning Uart() device path nodes has been
clarified:

Parity and stop bits can either both use keywords or both use
numbers but numbers and keywords should not be mixed.

Let's go for keywords as this is what EDK II does. For illegal
values fall back to numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b1193fa957 efi_loader: use %zu to print efi_uintn_t in FMP driver
For printing an unsigned value we should use %u and not %d.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
e9df54968f efi_loader: use %zu not %zd to print efi_uintn_t
efi_uintnt_t is an unsigned type. We should avoid showing negative numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
344f26a766 efi_loader: fix device path to text protocol
The printing of a file path node must properly handle:

* odd length of the device path node
* UTF-16 character only partially contained in device path node
* buffer overflow due to very long file path

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
fe14f88050 lib: fix snprintf() for UTF-16 strings
snprintf() must return the required buffer length.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b9b4cecf9b efi_selftest: merge FDT and RISC-V tests
The test for the RISCV_EFI_BOOT_PROTOCOL retrieves the boot hart id via the
protocol and compares it to the value of the boot hart id in the device
tree. The boot hart id is already retrieved from the device tree in the FDT
test.

Merge the two tests to avoid code duplication.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Sunil V L
8efefcec00 efi_selftest: unit test for RISCV_EFI_BOOT_PROTOCOL
Add a test for the RISCV_EFI_BOOT_PROTOCOL.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
2022-02-05 20:20:01 +01:00
Simon Glass
5b9a5b2b96 treewide: Use 16-bit Unicode strings
At present we use wide characters for Unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on the Raspberry Pi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 15:53:28 -05:00
Simon Glass
156ccbc3c4 efi: Use 16-bit unicode strings
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 12:16:01 -05:00
Tom Rini
c7d042f315 Pull request for efi-2022-04-rc1-3
Documentation:
 
 * update Nokia RX-51 documentation and move it to rst
 * describe boot switch settings for HiFive Unmatched board
 
 UEFI:
 
 * fix the checking of images hashes and signatures
 * provide the RISCV_EFI_BOOT_PROTOCOL
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
 GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
 rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
 BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
 FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
 6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
 xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
 x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
 xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
 kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
 LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
 vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
 =+edp
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
2022-01-29 13:50:19 -05:00
Ilias Apalodimas
5ee900c14f efi_loader: hash the image once before checking against db/dbx
We don't have to recalculate the image hash every time we check against a
new db/dbx entry.  So let's add a flag forcing it to run once since we only
support sha256 hashes

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Ilias Apalodimas
4b63431323 efi_loader: correctly handle mixed hashes and signatures in db
A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.

That's problematic in case we find and try to check a signature before
inspecting the sha256 hash.  If the image is unsigned we will reject it
even if the digest matches.

Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
8d4c426532 lib: allow printing RISC-V EFI Boot Protocol GUID
On RISC-V a new UEFI protocol has been introduced. Support printing
its GUID using %pUs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Sunil V L
1ccf87165e efi_loader: Enable RISCV_EFI_BOOT_PROTOCOL support
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.

The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
3dd719d4fb efi_loader: correct function comment style
Replace @return and @param.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Jamin Lin
2a4b0d5890 rsa: adds rsa3072 algorithm
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-28 17:58:41 -05:00
Tom Rini
761a1786e1 acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
 minor tools improvements in preparation for FDT signing
 various minor fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmHyEeYRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYYlgf8C7tQVklXz9ZHhxVrFaPHWwgmBzEZJSrc
 7SWhDX9yBrAYBUk8Q4OMnJz6nXW8Rz5Td9GfBNWcJag1HjJqno4BxkqwGk2tshgj
 GIY0D1cGfKJzB4E6/rK/ETwmX4KVUyEf7S2IdJ0oydkn9t7OwDkUX5WtGXo70E7q
 ZJGYlX5NQCVBRAF9NYDuyVFljrPzAiyT58VCtXY3q63C7PmRYvag8r56ug+8lkk3
 9EbOTcwETqq9SbT1vucyBxwbUmoKhb2BF32jEcIhozowIM3GNsSpkdzQCUnylqfa
 LYI/p0oVTKLfFRBRvQjLgdB/OQP8MLkby8A++Db2OW49mBXhn/5JWA==
 =PdpE
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm

acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
2022-01-27 14:14:47 -05:00
Loic Poulain
334a9b9d6a lib/circbuf: Make circbuf selectable symbol
It is currenly only used from usbtty driver but make it properly
selectable via Kconfig symbol, for future usage.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-01-26 23:23:17 +01:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
c3675583e9 rsa: Add debugging for failure cases
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:37 -07:00
Simon Glass
2d7c738296 acpi: Collect tables in the acpi_item list
At present this list is used to collect items within the DSDT and SSDT
tables. It is useful for it to collect the whole tables as well, so there
is a list of what was created and which write created each one.

Refactor the code accordingly.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
9d2adca8c3 x86: Move acpi_get_rsdp_addr() ACPI tables to the writer
Move this over to use a writer file, moving the code from the x86
implementation.

There is no need to store a separate variable since we can simply access
the ACPI context.

With this, the original monolithic x86 function for writing ACPI tables
is gone.

Note that QEMU has its own implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a7e53b93b1 x86: Move device-specific ACPI tables to a writer function
Move this over to use a writer function, moving the code from the x86
implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
78031ad431 x86: acpi: Update acpi_fill_csrt() to use acpi_ctx
Update this function to the newer style, so we can avoid passing and
returning an address through this function.

Also move this function out of the x86 code so it can be used by other
archs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2022-01-25 11:44:36 -07:00
Simon Glass
85b8161b14 x86: Move CSRT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
d953137526 x86: Move SSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
eacb6d0ba2 x86: Move DSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Disable this table for sandbox since we don't actually compile real ASL
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a53d38f80a x86: Move FACS table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
94ba15a3f1 x86: Move base tables to a writer function
Use the new ACPI writer to write the base tables at the start of the area,
moving this code from the x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
31c27eb830 x86: Use the ACPI table writer
Use the new ACPI writer to write the ACPI tables. At present this is all
done in one monolithic function. Future work will split this out.

Unfortunately the QFW write_acpi_tables() function conflicts with the
'writer' version, so disable that for sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
cc1f8c3988 x86: acpi: Split out context creation from base tables
At present acpi_setup_base_tables() both sets up the ACPI context and
writes out the base tables.

We want to use an ACPI writer to write the base tables, so split this
function into two, with acpi_setup_ctx() doing the context set, and
acpi_setup_base_tables() just doing the base tables.

Disable the writer's write_acpi_tables() function for now, to avoid
build errors. It is enabled in a following patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
6afa63a5a6 acpi: Add a linker list for ACPI tables
At present we call lots of functions to generate the required ACPI tables.
It would be better to standardise these functions and allow them to be
automatically collected and used when needed.

Add a linker list to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
437992d3a9 acpi: Use finer-grained control of ACPI-table generation
Rather than keying everything off ACPIGEN, use the main
GENERATE_ACPI_TABLE option to determine whether the core ACPI code
is included. Make sure these option are not enabled in SPL/TPL since we
never generate tables there.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a9e414dd50 efi: Correct address handling with ACPI tables
The current EFI implementation confuses pointers and addresses. Normally
we can get away with this but in the case of sandbox it causes failures.

Despite the fact that efi_allocate_pages() returns a u64, it is actually
a pointer, not an address. Add special handling to avoid a crash when
running 'bootefi hello'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
47642428ee efi: Correct call to write_acpi_tables()
This must be passed a ulong, not a u64. Fix it to avoid LTO warnings on
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
233f0e35a3 x86: Move the acpi table to generic global_data
Allow this to be used on any arch. Also convert to using macros so that
we can check the CONFIG option in C code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
e1722fcb7d x86: Allow any arch to generate ACPI tables
These have sadly found their way to ARM now. Allow any arch to support
generating ACPI tables.

Disable this for the tools build.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Tom Rini
da158ec5f2 Pull request for efi-2022-04-rc1-2
Documentation:
 
 * describe printf() format codes
 
 UEFI
 
 * enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048
 
 General
 
 * simplify printing short texts for GUIDs
 * provide a unit test for printing GUIDs
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHoLnQACgkQxIHbvCwF
 GsQ25Q/9G5REcgmo9Hjv+2ri3VJJueIGRL1QeXDl84TxUYgYAtHj7zo/YaeacHKB
 RVBsQafU6vIuAq5YRJFKCSWCxjPJVUH9QO5QQz6RE14KoBh6OYUQP2wSf/+p6/sb
 47wfVtyAUEpCEz60eDj5EWrSPpH78BNW7MmKoTZWSgE1APaBTAHw/Uo6tnb52Qsv
 vQ73Q9R4s0hpsylVtmwIZ0udDcaJg3SQf/4glhnHxaUW/oMoRd0DU7Dnbbg2oxfd
 Y03J0zarqAdIjzNvADnUz6Ei2+H1TrzRe9tzhuXRuseZdANrUnzDIe6bdz+RCmkl
 sdBCmBDPoChosiAcaX9FkajaAi5XYpZ5Sitdpp9A8ZdVc0Lzr1XLbfLksJRM7WwM
 jSP/JDAGYzJqL86C4hrx46aERUuXgywf/vSM7UoG5OxbtMa/AqbHuXMOnd4jXGYD
 48fLlyMWlZ7+Kd4v3x9QlwSmM0LLsokn93JEWrJhJqFPzdHYUQifU2vlZmrJHWyS
 BjzCJxu+rCmXBO6wlcAvsF9V/kx5IO3CKIGn24UUt/wjSBu4VDO5oSzVseJxPBIQ
 vBV9qZfwKCk9U/F1VN43xvIKvcO+oK+pEE9FB5trffYGmHfSEmBwOq3LuHlyMpeJ
 L+TrJUsZstFtx0ZBmVB3YuERusb2z+x1osnifGJvUHCLqjCgvl0=
 =GoR6
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-2

Documentation:

* describe printf() format codes

UEFI

* enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048

General

* simplify printing short texts for GUIDs
* provide a unit test for printing GUIDs
2022-01-22 15:43:36 -05:00
Heinrich Schuchardt
185f812c41 doc: replace @return by Return:
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 18:11:34 +01:00