Commit graph

69610 commits

Author SHA1 Message Date
Heinrich Schuchardt
0e9d2d7bc2 efi_loader: resequence functions in efi_boottime.c
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
861072b2a8 efi_loader: remove EFI_HII_CONFIG_ROUTING_PROTOCOL
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
470fa190f3 efi_loader: don't set EFI_RT_SUPPORTED_UPDATE_CAPSULE
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.

Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.

Fixes: 2bc27ca8a0 ("efi_loader: define UpdateCapsule api")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
3d20d212cf fs: fat: deletion of long file names
Long file names are stored in multiple directory entries. When deleting a
file we must delete all of them.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:00 +01:00
Heinrich Schuchardt
89735b44c4 fs: fat: first dentry of long name in FAT iterator
A long name is split over multiple directory entries. When deleting a file
with a long name we need the first directory entry to be able to delete the
whole chain.

Add the necessary fields to the FAT iterator:

* cluster of first directory entry
* address of first directory entry
* remaining entries in cluster

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:00 +01:00
Heinrich Schuchardt
4a593dd0c5 fs: fat: use constant DELETED_FLAG
When deleting a directory entry 0xe5 is written to name[0].

We have a constant for this value and should use it consistently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
1e51c8d64a fs: fat: search file should not allocate cluster
Searching for a file is not a write operation. So it should not lead to the
allocation of a new cluster to the directory.

If we reuse deleted entries, we might not even use the new cluster and due
to not flushing it the directory could be corrupted.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
3049a5106c fs: fat: reuse deleted directory entries
When creating new directory entries try to reuse entries marked as deleted.

In fill_dir_slot() do not allocate new clusters as this has already been
done in fat_find_empty_dentries().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
32a5f887c4 fs: fat: fat_find_empty_dentries()
Provide a function to find a series of empty directory entries.

The current directory is scanned for deleted entries.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
569b0e1938 fs: fat: flush new directory cluster
When handling long file names directory entries may be split over multiple
clusters. We must make sure that new clusters are zero filled on disk.

When allocating a new cluster for a directory flush it.

The flushing should be executed before updating the FAT. This way if
flushing fails, we still have a valid directory structure.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
7557c84855 fs: fat: set start cluster for root directory
When iterating over a child directory we set itr->start_clust.
Do the same when over the root directory.

When looking for deleted directory entries or existing short names we will
have to iterate over directories a second and third time. With this patch
we do not need any special logic for the root directory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
27ed690382 fs: fat: dentry iterator for fill_dir_slot()
For reusing deleted directory entries we have to adjust the function called
to step to the next directory entry.

This patch alone is not enough to actually reuse deleted directory entries
as the fill_dir_slot() is still called with first never used directory
entry.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
3a331aee56 fs: fat: generate unique short names
File names must be unique within their directory. So before assigning a
short name we must check that it is unique.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
57b745e238 fs: fat: call set_name() only once
In set_name() we select the short name. Once this is correctly implemented
this will be a performance intensive operation because we need to check
that the name does not exist yet. So set_name should only be called once.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
a343249bef fs: fat: pass shortname to fill_dir_slot
Currently we pass the short name via the directory iterator.
Pass it explicitly as a parameter.

This removes the requirement to set the short name in the iterator before
writing the long name.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:59 +01:00
Heinrich Schuchardt
28cef9ca2e fs: fat: create correct short names
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:

* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A     ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
  concluding '\0'.

The solution for the following bug is split of into a separate patch:

* Short file names must be unique.

This patch only provides the loop over possible short file names.

Fixes: c30a15e590 ("FAT: Add FAT write feature")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:58 +01:00
Heinrich Schuchardt
d236e825a2 fs: fat: export fat_next_cluster()
Rename function next_cluster() to fat_next_cluster() and export it.

When creating a new directory entries we should reuse deleted entries.
This requires re-scanning the directory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:58 +01:00
Heinrich Schuchardt
c5924118c0 fs: fat: correct first cluster for '..'
The FAT specification [1] requires that for a '..' directory entry pointing
to the root directory the fields DIR_FstClusHi and DIR_FstClusLo are 0.

[1] Microsoft FAT Specification, Microsoft Corporation, August 30 2005

Fixes: 31a18d570d ("fs: fat: support mkdir")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
2020-12-10 09:14:58 +01:00
Alexandru Gagniuc
03f1f78a9b spl: fit: Prefer a malloc()'d buffer for loading images
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.

One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.

Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
    _________________
   |    FIT Image    |
   |                 |
  /===================\                        /=====================\
  ||      DRAM       ||                        |        DRAM         |
  ||                 ||                        |                     |
  ||_________________||  SYS_TEXT_BASE         | ___________________ |
  |                   |                        ||     FIT Image     ||
  |                   |                        ||                   ||
  | _________________ |  SYS_SPL_MALLOC_START  || _________________ ||
  ||  malloc() data  ||                        |||  malloc() data  |||
  ||_________________||                        |||_________________|||
  |                   |                        ||___________________||
  |                   |                        |                     |

        Figure I                                       Figure II

One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.

          /======================\
          |        DRAM          |
          |                      |
          |                      |   CONFIG_SYS_TEXT_BASE
          |                      |
          |                      |
          | ____________________ |   CONFIG_SYS_SPL_MALLOC_START
          ||   malloc() data    ||
          ||                    ||
          || __________________ ||
          |||    FIT Image     |||
          |||                  |||
          |||                  |||

                 Figure III

The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
    * Bounds checking of the buffer region
    * Guarantees the buffer does not conflict with other memory

The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.

The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2020-12-07 17:40:34 -05:00
Tom Rini
cd833de059 Merge branch '2020-12-07-bootm-and-spl-atf-improvements' into next
- Series to improve "bootm" by allowing variable evaluation within the
  cmdline we would be passing.  This will help with Chrome OS but can be
  useful elsewhere.
- Improve ATF (TF-A) support within SPL.
2020-12-07 17:16:23 -05:00
Simon Glass
51bb33846a bootm: Support string substitution in bootargs
In some cases it is necessary to pass parameters to Linux so that it will
boot correctly. For example, the rootdev parameter is often used to
specify the root device. However the root device may change depending on
whence U-Boot loads the kernel. At present it is necessary to build up
the command line by adding device strings to it one by one.

It is often more convenient to provide a template for bootargs, with
U-Boot doing the substitution from other environment variables.

Add a way to substitute strings in the bootargs variable. This allows
things like "rootdev=${rootdev}" to be used in bootargs, with the
${rootdev} substitution providing the UUID of the root device.

For example, to substitute the GUID of the kernel partition:

  setenv bootargs "console=/dev/ttyS0 rootdev=${uuid}/PARTNROFF=1
		kern_guid=${uuid}"
  part uuid mmc 2:2 uuid
  bootm

This is particularly useful when the command line from another place. For
example, Chrome OS stores the command line next to the kernel itself. It
depends on the kernel version being used as well as the hardware features,
so it is extremely difficult to devise a U-Boot script that works on all
boards and kernel versions. With this feature, the command line can be
read from disk and used directly, with a few substitutions set up.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 19:48:29 -05:00
Simon Glass
1a62d64c7d cli: Support macro processing with a fixed-size buffer
At present cli_simple_process_macros() requires that the caller provide
an output buffer that is exactly CONFIG_SYS_CBSIZE bytes in length. This
makes sense since it is designed to be used from the command line. But we
also want to use it for bootargs substitution.

Update the function to allow the caller to specify the buffer size. Also
return an error if the buffer is exhausted. The caller can ignore that if
preferred.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:10:01 -05:00
Simon Glass
488d89afb8 x86: zimage: Add silent-console processing
At present zimage does its own command-line processing and does not
support the 'silent console' feature. There doesn't seem to be any good
reason for this.

Add support for silent console to zimage.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:10:00 -05:00
Simon Glass
4448fe8e4e bootm: Allow updating the bootargs in a buffer
At present we only support updating the 'bootargs' environment
variable. Add another function to update a buffer instead. This will
allow zimage to use this feature.

Also add a lot more tests to cover various cases.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
b3c01678fd bootm: Update bootm_process_cmdline_env() to use flags
At present only one transformation is supported: making the Linux console
silent. To prepare for adding more, convert the boolean parameter into a
flag value.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
b6386f3841 bootm: Split out bootargs environment reading / writing
At present bootm_process_cmdline_env() reads the 'bootargs' variable and
then writes it back afterwards. This is painful for tests, which would
rather use a simple buffer.

It is also useful for zimage to use a buffer, since it does not actually
put the Linux command line in the bootargs variable.

Refactor the existing code into two pieces. One handles reading and
writing the environment variable, as well as allocating a buffer for use
by the rest of the code, which now operates on a buffer.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
6cd92b1a7c bootm: Use size rather than length for CONSOLE_ARG
Use the size (including terminator) for in this function, rather than
the length. This is arguably easier to follow, with the coming
refactor.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
d9477a0a4d bootm: Add a bool parameter to bootm_process_cmdline_env()
This function will soon do more than just handle the 'silent linux'
feature. As a first step, update it to take a boolean parameter,
indicating whether or not the processing is required.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
4dcb81545a bootm: Rename fixup_silent_linux()
We want to add more processing to this function. Before doing so, rename
it to bootm_process_cmdline_env(), which is more generic.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
4ae42643d0 bootm: Update fixup_silent_linux() to return an error
At present this function fails silently on error. Update it to produce
an error code. Report this error to the user and abort the boot, since it
likely will prevent a successful start.

No tests are added at this stage, since additional refactoring is taking
place in subsequent patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
f158ba15ee bootm: Add tests for fixup_silent_linux()
This function currently has no tests. Export it so that we can implement
a simple test on sandbox. Use IS_ENABLED() to remove the unused code,
instead #ifdef.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-04 16:09:26 -05:00
Simon Glass
96434a76fd env: Allow returning errors from hdelete_r()
At present this function returns 1 on success and 0 on failure. But in
the latter case it provides no indication of what went wrong.

If an attempt is made to delete a non-existent variable, the caller may
want to ignore this error. This happens when setting a non-existent
variable to "", for example.

Update the function to return 0 on success and a useful error code on
failure. Add a function comment too.

Make sure that env_set() does not return an error if it is deleting a
variable that doesn't exist. We could update env_set() to return useful
error numbers also, but that is beyond the scope of this change.

Signed-off-by: Simon Glass <sjg@chromium.org>

wip
2020-12-04 16:09:06 -05:00
Michael Walle
4c450daf7d board: sl28: add OP-TEE Trusted OS support (bl32)
Add support to load the OP-TEE Trusted OS by the SPL.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:06 -05:00
Michael Walle
e057760f38 board: sl28: add ATF support (bl31)
Add support to load the bl31 part of the ARM Trusted Firmware by the
SPL.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:06 -05:00
Michael Walle
ea22783f40 board: sl28: remove u-boot from loadable DT node
It is not needed. Remove it.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:06 -05:00
Michael Walle
8084e918bc armv8: layerscape: don't initialize GIC in SPL
The BL31 expects the GIC to be uninitialized. Thus, if we are loading
the BL31 by the SPL we must not initialize it. If u-boot is loaded by
the SPL directly, it will initialize the GIC again (in the same
lowlevel_init()).

This was tested on a custom board with SPL loading the BL31 and jumping
to u-boot as BL33 as well as loading u-boot directly by the SPL. In case
the ATF BL1/BL2 is used, this patch won't change anything, because no
SPL is used at all.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:06 -05:00
Michael Walle
7b866825cd spl: atf: add support for LOAD_IMAGE_V2
Newer platforms use the LOAD_IMAGE_V2 parameter passing method. Add
support for it.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:06 -05:00
Michael Walle
553825c109 spl: atf: remove helper structure from common header
bl2_to_bl31_params_mem is just an implementation detail of the SPL ATF
support and is not needed anywhere else. Move it from the header to the
actual module.

Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Michal Simek <michal.simek@xilinx.com>
2020-12-04 16:09:05 -05:00
Michael Walle
d2cb0c8f75 spl: atf: provide a bl2_plat_get_bl31_params_default()
Move the actual implementation of the bl2_plat_get_bl31_params() to its
own function. The weak function will just call the default
implementation. This has the advantage that board code can still call
the original implementation if it just want to modify minor things.

Signed-off-by: Michael Walle <michael@walle.cc>
2020-12-04 16:09:05 -05:00
Michael Walle
37c218a06e spl: atf: move storage for bl31_params into function
There is no need to have the storage available globally. This is also a
preparation for LOAD_IMAGE_V2 support. That will introduce a similar
generator function which also has its own storage.

Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Michal Simek <michal.simek@xilinx.com>
2020-12-04 16:09:05 -05:00
Michael Walle
59b07a257c treewide: use CONFIG_IS_ENABLED() for ARMV8_SEC_FIRMWARE_SUPPORT
There is SPL_ARMV8_SEC_FIRMWARE_SUPPORT and ARMV8_SEC_FIRMWARE_SUPPORT.
Thus use CONFIG_IS_ENABLED() instead of the simple #ifdef.

Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Michal Simek <michal.simek@xilinx.com>
2020-12-04 16:09:05 -05:00
Tom Rini
5157ea5261 Pull request for UEFI sub-system for next
This pull request adds:
 
 * eventlog support for TCG2_PROTOCOL
 * UEFI capusule updates
 
 It replace printf by log in efi_uclass.c
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl/JSfkACgkQxIHbvCwF
 GsTKdQ//bCWxe24Qm8h1OeyfNYmHroPWtIHJuDqaPLzoWIF2JkhGE7U1o7IC9ISZ
 m/UV/y4TpsGr47an5XSs3CaPaaRABsMcg3vF8wL8yjj8ll4Jj1ubm6wUzZjPncjJ
 WnFvY4GXettStOiU2l9DZHheQnwbjEsfv9UcLCMHn2facNzkVpg2sQDq2yrXCacT
 z6cG2MrYtUI09zuJzL+wAbn1SZ0OQ5pIWA/6vnxO66CTuaaC90pfZbYGE3NPAjSZ
 Ck6naS8nuaGrIFzxexDZPaibuRE1mpMbg0qveH4NZJHPyVHssiv04T3p2oWizJpi
 OWfrwFuTgA7d2AmV1Hr3f7e5vbdj8mB1mTk6Q+8NnOziSWIf1kj3grfkmV4Pvw55
 jj/zg9gOsDWXqUZ4EOLSEpN7WOEqlZ/CVexxbEq+We+P3w6Wc19BSya8dtr04NRa
 n+h27OW1msboiYSZvuwpYvLo2uQJV+60KMbMgxpHKS5/2PrbRihXhzHUD8Wl7Uyb
 6lUN6L5wFNDExHGAqG0hGR0v/X6Gb60klLPFjcxbVH9ckJSU93FoHtYsvrdPhs19
 /kpZ/TPap0A6VxXWnbmKFSPg/CtAGW96utK2bpmORaEcfrlLDMQuHNnajU41FFYQ
 2AGKpmWm5fmyO1XmhoZl39XMgHEr9ZnY7iHdYrNEt8fvJ+6zGgg=
 =1uwi
 -----END PGP SIGNATURE-----

Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next

Pull request for UEFI sub-system for next

This pull request adds:

* eventlog support for TCG2_PROTOCOL
* UEFI capusule updates

It replace printf by log in efi_uclass.c
2020-12-03 16:21:51 -05:00
AKASHI Takahiro
3616b4f4b9 sandbox: enable capsule update for testing
Add more configuration options to allow for efi capsule update
on sandbox.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
4926e7d29a test/py: efi_capsule: test for raw image capsule
The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a raw image capsule,
CONFIG_EFI_CAPSULE_RAW.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
450596f2ac test/py: efi_capsule: test for FIT image capsule
The test can run on sandbox build and it attempts to execute a firmware
update via a capsule-on-disk, using a FIT image capsule,
CONFIG_EFI_CAPSULE_FIT.

To run this test successfully, you need configure U-Boot specifically;
See test_capsule_firmware.py for requirements, and hence it won't run
on Travis CI, at least, for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
fab430be2f tools: add mkeficapsule command for UEFI capsule update
This is a utility mainly for test purpose.
  mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
7f35cedfd9 cmd: add "efidebug capsule" command
"efidebug capsule" is more or less a debugging utility.
  efidebug capsule update: invoke UpdateCapsule against data on memory
  efidebug capsule show: show a capsule header
  efidebug capsule result: dump a capsule result variable

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
bb7e71d33c efi_loader: add firmware management protocol for raw image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a binary image in a capsule file and
apply the data using dfu backend storage drivers via dfu_write_by_alt()
interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
f27c201485 efi_loader: add firmware management protocol for FIT image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a common FIT image firmware in a capsule
file and apply the data using dfu backend storage drivers via
update_fit() interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Fit image is a common file format for firmware update on U-Boot, and
this protocol works neatly just as a wrapper for one.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
8d99026f06 efi_loader: capsule: support firmware update
A capsule tagged with the guid, EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID,
is handled as a firmware update object.
What efi_update_capsule() basically does is to load any firmware management
protocol (or fmp) drivers contained in a capsule, find out an appropriate
fmp driver and then invoke its set_image() interface against each binary
in a capsule.
In this commit, however, loading drivers is not supported.

The result of applying a capsule is set to be stored in "CapsuleXXXX"
variable, but its implementation is deferred to a fmp driver.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00