Commit graph

3141 commits

Author SHA1 Message Date
Heinrich Schuchardt
bb8bb3033e efi_loader: CloseProtocol in tcg2_measure_gpt_data
The CloseProtocol() boot service requires a handle as first argument.
Passing the protocol interface is incorrect.

CloseProtocol() only has an effect if called with a non-zero value for
agent_handle. HandleProtocol() uses an opaque agent_handle when invoking
OpenProtocol() (currently NULL). Therefore HandleProtocol() should be
avoided.

* Replace the LocateHandle() call by efi_search_protocol().
* Remove the CloseProtocol() call.
* Remove a superfluous goto.

Fixes: ce3dbc5d08 ("efi_loader: add UEFI GPT measurement")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-10 16:34:25 +02:00
Heinrich Schuchardt
fcdf531dbc efi_driver: fix efi_uc_stop()
We must always call EFI_EXIT() when returning from an EFIAPI function.

Fixes: 05ef48a248 ("efi_driver: EFI block driver")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-10 16:34:25 +02:00
Heinrich Schuchardt
2eeb7feefc efi_loader: printf code in efi_disk_get_device_name()
part is unsigned. So it must be printed with %u.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-10 16:34:25 +02:00
Ilias Apalodimas
05c4c9e21a efi_loader: define internal implementations of install/uninstallmultiple
A following patch is cleaning up the core EFI code trying to remove
sequences of efi_create_handle, efi_add_protocol.

Although this works fine there's a problem with the latter since it is
usually combined with efi_delete_handle() which blindly removes all
protocols on a handle and deletes the handle.  We should try to adhere to
the EFI spec which only deletes a handle if the last instance of a protocol
has been removed.  Another problem is that efi_delete_handle() never checks
for opened protocols,  but the EFI spec defines that the caller is
responsible for ensuring that there are no references to a protocol
interface that is going to be removed.

So let's fix this by replacing all callsites of
efi_create_handle(), efi_add_protocol() , efi_delete_handle() with
Install/UninstallMultipleProtocol.

In order to do that redefine functions that can be used by the U-Boot
proper internally and add '_ext' variants that will be used from the
EFI API

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-10-06 22:54:58 +02:00
Heinrich Schuchardt
f05911a126 efi_driver: move event registration to driver
Move the registration of events for the addition and removal of block
devices to the block device driver. Here we can add a reference to the
EFI Driver Binding protocol as context.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:58 +02:00
Heinrich Schuchardt
564e55c7f4 efi_selftest: rename event_notify
A function event_notify() exists. We should not use the same name for and
EFI event. Rename events in unit tests.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-06 22:54:58 +02:00
Heinrich Schuchardt
8f8fe1d458 efi_driver: add init function to EFI block driver
For handling added and removed block devices we need to register events
which has to be done when the driver is installed.

This patch only creates an empty init function that will be filled with
code later on. The function needs to be called before any EFI block devices
are used. Move the efi_driver_init() call to early init.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:58 +02:00
Heinrich Schuchardt
ec4f675f9e efi_driver: provide driver binding protocol to bind function
DisconnectController() is based on the open protocol information created
when the driver opens a protocol with BY_CHILD_CONTROLLER or BY_DRIVER.

To create an open protocol information it is required to supply the handle
of the driver as agent handle. This information is available as field
DriverBindingHandle in the driver binding protocol.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
939f204c5a efi_driver: reformat efi_block_device.c
* use Sphinx documentation style
* correct indentation

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
a6d4f704ad efi_driver: carve out function to create block device
* Carve out function efi_bl_create_block_device() from efi_bl_bind().
* Add a check for U-Boot devices to efi_bl_bind().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
8b1641680d efi_driver: simplify efi_uc_stop(), call efi_free_pool()
We have exported efi_free_pool(). There is no need to use EFI_CALL().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
43a5891c66 efi_driver: fix error handling
If creating the block device fails,

* delete all created objects and references
* close the protocol interface on the controller

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
16b27b67c5 efi_loader: function to unlink udevice and handle
When deleting a device or a handle we must remove the link between the two
to avoid dangling references.

Provide function efi_unlink_dev() for this purpose.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Heinrich Schuchardt
01caf28778 efi_loader: efi_dp_part_node check dp_alloc return value
dp_alloc() may return NULL. This needs to be caught.

Fixes: 98d48bdf41 ("efi_loader: provide a function to create a partition node")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-10-06 22:54:57 +02:00
Paul Barker
39434a9b25 efi: Add string conversion helper
Signed-off-by: Paul Barker <paul.barker@sancloud.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-10-06 22:54:57 +02:00
Tom Rini
2d45913534 Merge branch 'next' 2022-10-03 15:39:46 -04:00
Simon Glass
ee88ba71ac dm: core: Provide a way to reset the device tree
At present there is only one device tree used by the ofnode functions,
except for some esoteric use of live tree. In preparation for supporting
more than one, add a way to reset the list of device trees.

For now this does nothing.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 22:43:43 -04:00
Heinrich Schuchardt
8d805929b1 efi_loader: fix efi_initrd_deregister()
Don't try to delete a non-existent handle.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-30 02:03:23 +02:00
Heinrich Schuchardt
0dfc4c84d8 efi_selftest: prefix test functions with efi_st_
An upcoming patch set creates a global function flush(). To make debugging
easier we should not use the same name for a static function.

Rename static functions in the LoadImage() unit test adding an efi_st_
prefix.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-30 02:03:23 +02:00
Simon Glass
8909066199 dm: core: Drop ofnode_is_available()
This function is also available as ofnode_is_enabled(), so use that
instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:11:31 -04:00
Simon Glass
f46ec93ed5 dm: core: Avoid creating a name property when unflattening
The current implementation creates a 'name' value for every node. This
is not needed for the latest device tree format, which includes a name in
the node header.

Adjust the code to point the name at the node header instead.

Also simplify ofnode_get_name(), now that we can rely on it to set the
name correctly. Update the comment to make it clear what name the root
node has.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:11:14 -04:00
Simon Glass
d9d7c20b73 treewide: Drop bootm_headers_t typedef
This is not needed and we should avoid typedefs. Use the struct instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:07:57 -04:00
Simon Glass
8149b1500d blk: Rename if_type to uclass_id
Use the word 'uclass' instead of 'if_type' to complete the conversion.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-25 08:30:05 -06:00
Heinrich Schuchardt
ca0f827dc7 efi_selftest: prefix test functions with efi_st_
An upcoming patch set creates a global function flush(). To make debugging
easier we should not use the same name for a static function.

Rename static functions in the LoadImage() unit test adding an efi_st_
prefix.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-24 10:47:01 -04:00
Pali Rohár
d179018e4c display_options: print_size: Fix order overflow
Function print_size() round size to the nearst value with one decimal
fraction number. But in special cases also unit order may overflow.

For example value 1073689396 is printed as "1024 MiB" and value 1073741824
as "1 GiB".

Fix this issue by detecting order overflow and increasing unit order.
With this change also value 1073689396 is printed as "1 GiB".

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-23 15:13:18 -04:00
Tom Rini
e9a1ff9724 Merge branch 'master' into next
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-09-19 16:07:12 -04:00
Stefan Roese
29caf9305b cyclic: Use schedule() instead of WATCHDOG_RESET()
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
2022-09-18 10:26:33 +02:00
Simon Glass
e33a5c6be5 blk: Switch over to using uclass IDs
We currently have an if_type (interface type) and a uclass id. These are
closely related and we don't need to have both.

Drop the if_type values and use the uclass ones instead.

Maintain the existing, subtle, one-way conversion between UCLASS_USB and
UCLASS_MASS_STORAGE for now, and add a comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:16 -04:00
Simon Glass
adbfe8edc3 efi: Correct assumption about if_type
efi_set_blk_dev_to_system_partition() assumes that 0 is an invalid
if_type. This is true now but is about to be false. Fix this bug to avoid
a test failure.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:16 -04:00
Simon Glass
ca28baf17c blk: Select SPL_LEGACY_BLOCK automatically
Selecting this option can be handled in the Kconfig option itself, as it
is with BLK. Update this an drop the various 'select' clauses.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:16 -04:00
Simon Glass
7f8967c2b8 blk: Rename HAVE_BLOCK_DEVICE
This option is fact really related to SPL. For U-Boot proper we always use
driver model for block devices, so CONFIG_BLK is enabled if block devices
are in use.

It is only for SPL that we have two cases:

- SPL_BLK is enabled, in which case we use driver model and blk-uclass.c
- SPL_BLK is not enabled, in which case (if we need block devices) we must
  use blk_legacy.c

Rename the symbol to SPL_LEGACY_BLOCK to make this clear. This is
different enough from BLK and SPL_BLK that there should be no confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:16 -04:00
Heinrich Schuchardt
0cd933bb4b lib: rsa: fix padding_pss_verify
Check the that the hash length is shorter than the message length. This
avoids:

    ./tools/../lib/rsa/rsa-verify.c:275:11: warning:
    ‘*db’ may be used uninitialized [-Wmaybe-uninitialized]
      275 |         db[0] &= 0xff >> leftmost_bits;

Fixes: 061daa0b61 ("rsa: add support of padding pss")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-15 09:57:11 -04:00
Masahisa Kojima
c416f1c0bc bootmenu: add removable media entries
UEFI specification requires booting from removal media using
a architecture-specific default image name such as BOOTAA64.EFI.
This commit adds the removable media entries into bootmenu,
so that user can select the removable media and boot with
default image.

The bootmenu automatically enumerates the possible bootable
media devices supporting EFI_SIMPLE_FILE_SYSTEM_PROTOCOL,
add it as new UEFI boot option(BOOT####) and update BootOrder
variable. This automatically generated UEFI boot option
has the dedicated guid in the optional_data to distinguish it from
the UEFI boot option user adds manually. This optional_data is
removed when the efi bootmgr loads the selected UEFI boot option.

This commit also provides the BOOT#### variable maintenance feature.
Depending on the system hardware setup, some devices
may not exist at a later system boot, so bootmenu checks the
available device in each bootmenu invocation and automatically
removes the BOOT#### variable corrensponding to the non-existent
media device.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2022-09-14 08:43:32 +02:00
Masahisa Kojima
87d791423a eficonfig: menu-driven addition of UEFI boot option
This commit add the "eficonfig" command.
The "eficonfig" command implements the menu-driven UEFI boot option
maintenance feature. This commit implements the addition of
new boot option. User can select the block device volume having
efi_simple_file_system_protocol and select the file corresponding
to the Boot#### variable. User can also enter the description and
optional_data of the BOOT#### variable in utf8.

This commit adds "include/efi_config.h", it contains the common
definition to be used from other menus such as UEFI Secure Boot
key management.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2022-09-14 08:43:31 +02:00
Heinrich Schuchardt
8cf8ad3533 efi_driver: don't bind internal block devices
UEFI block devices can either mirror U-Boot's internal devices or be
provided by an EFI application like iPXE.

When ConnectController() is invoked for the EFI_BLOCK_IO_PROTOCOL
interface for such an application provided device we create a virtual
U-Boot block device of type "efi_blk".

Currently we do not call ConnectController() when handles for U-Boot's
internal block devices are created. If an EFI application calls
ConnectController() for a handle relating to an internal block device,
we erroneously create an extra "efi_blk" block device.

E.g. the UEFI shell has a command 'connect -r' which calls
ConnectController() for all handles with device path protocol.

In the Supported() method of our EFI_DRIVER_BINDING_PROTOCOL return
EFI_UNSUPPORTED when dealing with an U-Boot internal device.

Reported-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: commit 05ef48a248 ("efi_driver: EFI block driver")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Etienne Carriere
7932548939 lib: efi_loader: don't delete invalid handles
Change efi_delete_handle() to not free EFI handles twice.

This change tries to resolved an issue seen since U-Boot v2022.07
in which ExitBootService() attempts to release some EFI handles twice.

The issue was seen booting a EFI shell that invokes 'connect -r' and
then boots a Linux kernel. Execution of connect command makes EFI
subsystem to bind a block device for each root block devices EFI handles.
However these EFI device handles are already bound to a driver and we
can have 2 registered devices relating to the same EFI handler. On
ExitBootService(), the loop removing the devices makes these EFI handles
to be released twice which corrupts memory.

This patch prevents the memory release operation caused by the issue but
but does not resolve the underlying problem.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

Add log message.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
1e30e377a6 efi_selftest: unit test for EFI Conformance Profile Table
Add a new unit test to test the integrity of the
EFI Conformance Profile Table.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
b33f246c0b efi_selftest: export efi_st_get_config_table()
We can use efi_st_get_config_table() in multiple unit tests.
Export the function.

Export system-table and boot-services.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-09 16:07:54 +02:00
Tom Rini
427aa3c9b7 TPM fixes and state reporting
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmMTcr0ACgkQgS8AYozs
 +qJXaA/8DeQlC30LtlYGiZ567Xp5QST+z8sqHblfHGSCVwzHwq7Sgbs6lqw39eF0
 caiaQfUx2fhT668tB1cR0d3vw3Mz/yrLm4Fj4Rozr4d9EEB4LFJ162OVlnDUHP2t
 +x6dJfKrOe/yXzjHu33OCoggWkZSA4t14ZCqLIqnFRQBhc0IaxHY8llx3FWFhT21
 lwx2zEbOQ+hYAQ8T925RWUdwHPj2zkR0dl06GyLAzak7RiWRJxUieV2Cn925sr0b
 VOAqugzCp+W+or+z1zHK7VHbbB9HVueN5KbvhyK8kHOKu+afgp9eGZIxlxhrgqol
 5zi9FuJkeUZBNzXJzwH5JpwaRIGiCtr5+3wOgTlIzMAsaaSOyTkoh+5UpijaGnmC
 RBwSVMAqQTOqVLLWuJxEl/qIulWGjsBQU0qst1NrH2zSXbALOz+U/VkdrFouBp4u
 /Go7ttyq6HxgJSs8evy7iH27at5U+m5MM/s+n08Vs5eEMwF+YFZs1cjGEmMgA+zb
 JrwLFjOr1lOiWM8W+jYJ7gdZuCjB4A1q6/wmeHB9t9ii2N4IlY0sxwf3MWczUQCj
 0i0M7zBJlRVdM5xQu2KkE1u7JM+fcRl2XpZ3/RWgMfIJz+zDiCKtWicUm1M33IKZ
 IxovEs/QjDV5411d8dDYUVG+/GoodV2x6lO0lmxny+iM5uAZ8Ho=
 =c18c
 -----END PGP SIGNATURE-----

Merge tag 'tpm-03092022' of https://source.denx.de/u-boot/custodians/u-boot-tpm

TPM fixes and state reporting
2022-09-03 14:55:37 -04:00
Simon Glass
5208ed187c tpm: Allow committing non-volatile data
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.

Add definitions for the rest of the Cr50 commands while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:59:05 +03:00
Simon Glass
4c57ec76b7 tpm: Implement state command for Cr50
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:59:05 +03:00
Simon Glass
1c32eee38b tpm: Correct the define-space command in TPMv2
The message format is incorrect. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:54:04 +03:00
Simon Glass
a0f3804a42 tpm: Correct the permissions command in TPMv1
The offset here is incorrect. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:54:02 +03:00
Simon Glass
a557d258c6 tpm: Require a digest source when extending the PCR
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 16:53:58 +03:00
Heinrich Schuchardt
fbc04c0dab efi_loader: fix display of NVMe EUI-64
UEFI specification 2.9A requires to display the EUI-64 "in hexadecimal
format with byte 7 first (i.e., on the left) and byte 0 last".

This is in contrast to what the NVMe specification wants.
But it is what EDK II has been implementing.

Here is an example with the patch applied:

    qemu-system-aarch64 -machine virt -cpu cortex-a72 -nographic \
    -bios denx/u-boot.bin \
    -device nvme,id=nvme1,serial=9ff81223 \
    -device nvme-ns,bus=nvme1,drive=nvme1n0,eui64=0x123456789ABCDEF0 \
    -drive file=arm64.img,if=none,format=raw,id=nvme1n0

    => nvme scan
    => efidebug devices
    Device Path
    ====================
    /VenHw(…)/NVMe(0x1,f0-de-bc-9a-78-56-34-12)

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-03 10:49:17 +02:00
Jose Marinho
648a8dcb39 efi: ECPT add EBBRv2.0 conformance profile
Display the EBBRv2.0 conformance in the ECPT table.

The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.

Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-03 10:13:26 +02:00
Jose Marinho
6b92c17352 efi: Create ECPT table
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
	https://bugzilla.tianocore.org/show_bug.cgi?id=3591

The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.

The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-03 09:35:48 +02:00
Heinrich Schuchardt
2b7a6e013f efi_selftest: on sandbox use host specific assembly
The selftest checking the handling of exceptions in UEFI binaries is using
assembly to provide an undefined instruction. On the sandbox the correct
form of the instruction depends on the host architecture.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 08:16:09 +02:00
Heinrich Schuchardt
e053a144ca efi_loader: support CTRL+\ - CTRL+_
In the extended text input protocol support input of control letters
0x1c - 0x1f.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 08:16:09 +02:00
Heinrich Schuchardt
0b7b56d7d7 efi_loader: compliance Simple Text Input Ex Protocol
We cannot expect the buffers passed to the input protocols to be zero
filled. If only modifier keys are pressed, we have to return EFI_NOT_READY
but we still have to fill the key structure.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-03 08:16:09 +02:00
Heinrich Schuchardt
a641e36fdb efi_loader: printing UEFI revision in helloworld.efi
We need to support multiple digits in the parts of the UEFI verision
number. E.g.

    EFI_SPECIFICATION_VERSION = (123 << 16) | 456

must be printed as

    123.45.6

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-03 08:16:09 +02:00
Heinrich Schuchardt
d5391bf02b efi_loader: ensure all block devices are probed
Only probed block devices are available in the UEFI sub-system. Multiple
block devices may be involved in the boot process. So we have to make sure
that all block devices are probed. Another reason is that we store UEFI
variables on the ESP which may be on any block device.

On the sandbox before the patch:

=> efidebug devices
No EFI system partition
Device           Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)

After the patch:

=> efidebug devices
No EFI system partition
Device           Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0)
000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)
000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1)
000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1)
000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2)
000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)

Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-01 07:21:25 +02:00
Michael Walle
616278bd2c time: move the CONFIG_SYS_TIMER_RATE handling to the compiler
CONFIG_SYS_TIMER_RATE might be a dynamic value, i.e. a function call
instead of a static value, thus it has to be evaluated at runtime. If it
is a static value, the compiler should be able to optimize the unused
branches out.

This will be needed for kirkwoods dynamic CONFIG_SYS_TCLK setting.

Cc: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-08-23 12:38:30 +02:00
AKASHI Takahiro
ab31c8a158 efi_loader: disk: remove unused field
The field, ifname, in efi_disk_obj is set but never used anywhere.
Just remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-20 08:38:12 +02:00
Masahisa Kojima
ee57666294 efi_loader: move udevice pointer into struct efi_object
This is a preparation patch to provide the unified method
to access udevice pointer associated with the EFI handle
by adding udevice pointer into struct efi_object.
The patch also introduces a helper function efi_link_dev()
to link the udevice and EFI handle.

The EFI handles of both EFI block io driver implemented in
lib/efi_loader/efi_disk.c and EFI block io driver implemented
as EFI payload can access the udevice pointer in the struct efi_object.
We can use this udevice pointer to get the U-Boot friendly
block device name(e.g. mmc 0:1, nvme 0:1) through EFI handle.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-13 11:09:49 +02:00
Heinrich Schuchardt
e7496e57a0 efi_loader: fix efi_convert_device_path_to_text()
Ensure that the string we convert to UTF-16 is NUL terminated even
if the device path only contains end nodes.

Fixes: bd3d75bb0c ("efi_loader: multi part device paths to text")
Addresses-Coverity: 350434 ("Uninitialized scalar variable")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-13 11:09:49 +02:00
Tom Rini
40ed7be4af Convert CONFIG_SYS_FDT_PAD to Kconfig
This converts the following to Kconfig:
   CONFIG_SYS_FDT_PAD

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-12 16:10:50 -04:00
Simon Glass
bc06aa035d bootstd: Allow bootmeths to be marked as global
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.

Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:17:10 -04:00
Simon Glass
331048471d dm: core: Introduce support for multiple trees
At present ofnode only works with a single device tree, for the most part.
This is the control FDT used by U-Boot.

When booting an OS we may obtain a different device tree and want to
modify it. Add some initial support for this into the ofnode API.

Note that we don't permit aliases in this other device tree, since the
of_access implementation maintains a list of aliases collected at
start-up. Also, we don't need aliases to do fixups in the other FDT. So
make sure that flat tree and live tree processing are consistent in this
area.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:14:23 -04:00
Simon Glass
cafe8712e8 video: Renname vbe.h to vesa.h
We want to use VBE to mean Verfiied Boot for Embedded in U-Boot. Rename
the existing VBE (Vesa BIOS extensions) to allow this.

Verified Boot for Embedded is documented doc/develop/vbe.rst

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:14:23 -04:00
Pali Rohár
3ff4675d73 lz4: Fix compile warning comparison of distinct pointer types
In file included from include/linux/bitops.h:22,
                 from include/log.h:15,
                 from include/linux/printk.h:4,
                 from include/common.h:20,
                 from lib/lz4_wrapper.c:6:
lib/lz4_wrapper.c: In function ‘ulz4fn’:
include/linux/kernel.h:184:17: warning: comparison of distinct pointer types lacks a cast
  (void) (&_min1 == &_min2);  \
                 ^~
lib/lz4_wrapper.c:104:18: note: in expansion of macro ‘min’
    size_t size = min((ptrdiff_t)block_size, end - out);
                  ^~~

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-08-10 13:46:55 -04:00
Simon Glass
4e4bf9449b common: Drop display_options.h from common header
Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-10 13:46:55 -04:00
Patrice Chotard
5e2548c1d6 lmb: Fix LMB_MEMORY_REGIONS flag usage
This patch is fixing a broken boot observed on stm32mp157c-dk2 board.

IS_ENABLED macro should be used to check if a compilation flag is set
to "y" or "m".
LMB_MEMORY_REGIONS is set to a numerical value, IS_ENABLED macro is not
suitable in this case.

Fixes: 7c1860fce4 ("lmb: Fix lmb property's defination under struct lmb")
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-08-10 13:38:30 -04:00
Sughosh Ganu
e67ffb5aa5 tpm: rng: Add driver model interface for TPM RNG device
The TPM device has a builtin random number generator(RNG)
functionality. Expose the RNG functions of the TPM device to the
driver model so that they can be used by the EFI_RNG_PROTOCOL if the
protocol is installed.

Also change the function arguments and return type of the random
number functions to comply with the driver model api.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Ilias Apalodimas
5d98329196 efi_loader: initialize the RNG protocol after the TCC2
Due to U-Boot's lazy binding the RNG presented by the TCG is not available
until the EFI_TCG2 protocol has been initialized.  Since the TPM has a
built-in RNG device we can use for the OS randomization, move the RNG
protocol installation after the TCG.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Simon Glass
5e5937822a tpm: Export the TPM-version functions
These functions should really be available outside the TPM code, so that
other callers can find out which version the TPM is. Rename them to have
a tpm_ prefix() and add them to the header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Tom Rini
7277c4bddc minor dm- and fdt-related fixes
start of test for fdt command
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmLgRtERHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYXFwgAlALOMj3bwwsIAXNa5j/hPb3j/ecIqXgn
 ocyxN+U5eSb2Ju5Jc9QmSeUMnGrii9+PW9j0JApdHrbUgBI2Sx+zwqMTIfA+BS05
 4xXZgk5jOT+we2489FjgFcplv+dIuVlsB/Zo6zTbZyjkobfilYsZEGYHJ/CYNaIH
 n7EmZeby1cXL7DMCxT39d3hD43XSX8cqQ1IIiF9DgtHQYs2Ff8dFcbWArSdgLX3o
 Eob2Qj/GjScg87zjZcsgZajWJMHUfMeD5ZiKN2fR0T/wOdO1WtzFoF2Mt8KZcW1j
 BD1shgBCMSSl5EgRG1BQZw4Sa92W2IBlbJ9tfIh8qnWOzEBzOs/M6w==
 =lsO4
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26jul22' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm.git

minor dm- and fdt-related fixes
start of test for fdt command
2022-07-27 06:59:55 -04:00
Simon Glass
281996110c addrmap: Support on sandbox
Update this feature so that it works on sandbox, using a basic identity
mapping. This allows us to run the 'ut addrmap' test.

Also fix up the test to use the correct macros to access the linker
list, so that the 'ut addrmap' command actually works.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-07-26 02:30:56 -06:00
Ashok Reddy Soma
7c1860fce4 lmb: Fix lmb property's defination under struct lmb
Under struct lmb {} the lmb property's should be defined only if
CONFIG_LMB_MEMORY_REGIONS is defined.

Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/c24a2b1d6f5db4eb65393f6a77fae129b30b6233.1657183534.git.michal.simek@amd.com
2022-07-26 08:23:54 +02:00
Heinrich Schuchardt
2eb328ea61 efi_loader: remove support for CONFIG_LCD
There is no board left using CONFIG_LCD without CONFIG_DM_VIDEO.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-18 17:21:49 +02:00
Masahisa Kojima
9897350c52 efi_loader: expose END device path node
This commit exposes the END device path node.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-13 20:07:07 +02:00
Tom Rini
36b661dc91 Merge branch 'next' 2022-07-11 14:58:57 -04:00
Tom Rini
b340199f82 spl: Ensure all SPL symbols in Kconfig have some SPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-07-07 09:29:08 -04:00
AKASHI Takahiro
634f6b2fb1 efi_loader: image_loader: add a missing digest verification for signed PE image
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.

Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b72d09fa7d efi_loader: image_loader: replace EFI_PRINT with log macros
Now We are migrating from EFI_PRINT() to log macro's.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b330140659 efi_loader: signature: export efi_hash_regions()
This function is used to calculate a message digest as part of
authentication process in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b124efc09f lib: crypto: add mscode_parser
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.

This parser is used in image authentication to parse the field and
retrieve a message digest.

Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
Paul Barbieri
7a85f32413 EFI: Fix ReadBlocks API reading incorrect sector for UCLASS_PARTITION devices
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.

Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.

This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.

Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-02 14:19:12 +02:00
Tom Rini
82e0b51ccb Convert CONFIG_ENV_MIN_ENTRIES et al to Kconfig
This converts the following to Kconfig:
   CONFIG_ENV_MIN_ENTRIES
   CONFIG_ENV_MAX_ENTRIES

Cc: Michal Simek <michal.simek@amd.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:11:48 -04:00
Tom Rini
dc2d27ae72 arm: samsung: Remove dead LCD code
Since bb5930d5c9 ("exynos: video: Convert several boards to driver
model for video") there have been no callers of any of the exynos_lcd_*
family of functions.  Remove these from the boards, and then remove
unused logo and related code as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Minkyu Kang <mk7.kang@samsung.com>
2022-06-28 17:03:32 -04:00
Tom Rini
13ce351b9a vpl: Ensure all VPL symbols in Kconfig have some VPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a VPL
specific option has at least a direct dependency on VPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:03:31 -04:00
Tom Rini
8bea4bf7d3 tpl: Ensure all TPL symbols in Kconfig have some TPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a TPL
specific option has at least a direct dependency on TPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:03:31 -04:00
Loic Poulain
915047048f lib: sha256: Add support for hardware specific sha256_process
Mark sha256_process as weak to allow hardware specific implementation.
Add parameter for supporting multiple blocks processing.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-06-27 13:36:28 -04:00
Loic Poulain
8201b8066a lib: sha1: Add support for hardware specific sha1_process
Mark sha1_process as weak to allow hardware specific implementation.
Add parameter to support for multiple blocks processing.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-06-27 13:36:27 -04:00
Rui Miguel Silva
bfef72e4dd cmd: load: add load command for memory mapped
cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.

So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.

ex: loadm $kernel_addr $kernel_addr_r $kernel_size

with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-06-22 11:35:47 -04:00
Tom Rini
52af0101be Merge branch 'master' into next
Merge in v2022.07-rc5.
2022-06-20 14:40:59 -04:00
Heinrich Schuchardt
68edbed454 efi_loader: initialize console size late
If CONFIG_VIDEO_DM=n we query the display size from the serial console.
Especially when using a remote console the response can be so late that
it interferes with autoboot.

Only query the console size when running an EFI binary.

Add debug output showing the determined console size.

Reported-by: Fabio Estevam <festevam@gmail.com>
Fixes: a57ad20d07 ("efi_loader: split efi_init_obj_list() into two stages")
Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Fabio Estevam <festevam@denx.de>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
2022-06-19 15:53:09 +02:00
Heinrich Schuchardt
72fa9cd59e efi_loader: create boot options without file path
Allow the efidebug command to create boot options without file path, e.g.

    efidebug boot add -b 0001 'short dev only' host 0:1 ''
    efidebug boot add -B 0002 'long dev only' host 0:1 ''

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-12 13:02:34 +02:00
Heinrich Schuchardt
178667b34b efi_loader: allow booting from short dev only DP
Allow booting from a short form device-path without file path, e.g.

    /HD(1,GPT,5ef79931-a1aa-4c70-9d67-611e8f69eafd,0x800,0x1000)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-12 09:17:54 +02:00
Sughosh Ganu
556a12654a EFI: FMP: Use a common GetImageInfo function for FIT and raw images
The GetImageInfo function definitions for the FIT images and raw
images are the same. Use a common function for the both the Firmware
Management Protocol(FMP) instances for raw and FIT images.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-12 09:17:54 +02:00
Sughosh Ganu
119fafdefb EFI: Do not consider OsIndications variable if CONFIG_EFI_IGNORE_OSINDICATIONS is enabled
The EFI_IGNORE_OSINDICATIONS config symbol was introduced as a
mechanism to have capsule updates work even on platforms where the
SetVariable runtime service was not supported. The current logic
requires the OsIndications variable to have been set to a 64 bit value
even when the EFI_IGNORE_OSINDICATIONS config is enabled. Return an
error code on not being able to read the variable only when
EFI_IGNORE_OSINDICATIONS is not enabled.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-12 09:17:54 +02:00
Rasmus Villemoes
26f981f295 fdtdec: drop needlessly convoluted CONFIG_PHANDLE_CHECK_SEQ
Asking if the alias we found actually points at the device tree node
we passed in (in the guise of its offset from blob) can be done simply
by asking if the fdt_path_offset() of the alias' path is identical to
offset.

In fact, the current method suffers from the possibility of false
negatives: dtc does not necessarily emit a phandle property for a node
just because it is referenced in /aliases; it only emits a phandle
property for a node if it is referenced in <angle brackets>
somewhere. So if both the node we passed in and the alias node we're
considering don't have phandles, fdt_get_phandle() returns 0 for both.

Since the proper check is so simple, there's no reason to hide that
behind a config option (and if one really wanted that, it should be
called something else because there's no need to involve phandle in
the check).

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Acked-by: Aswath Govindraju <a-govindraju@ti.com>
2022-06-06 18:01:21 -04:00
Tom Rini
2e2e784de0 zlib: Port fix for CVE-2018-25032 to U-Boot
While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.

Link: 5c44459c3b
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-06 17:47:17 -04:00
Vincent Stehlé
8645aefc8b efi: test/py: authenticate fit capsules
Add support for the authentication of UEFI capsules containing FIT images.

The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.

The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.

This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-04 08:43:55 +02:00
Sughosh Ganu
6a463bc1c9 EFI: Populate descriptor_count value only when image_info_size is not zero
The GetImageInfo function of the Firmware Mangement Protocol(FMP) gets
called initially to query the size of the image descriptor array that
would have to be allocated. During this call, the rest of the function
arguments, specifically pointers might be passed as NULL. Do not
populate the descriptor_count value before it is known that the call
to GetImageInfo has been made with the allocated buffer for the image
descriptors.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-04 08:43:55 +02:00
Vincent Stehlé
7751d2ef86 efi: fix documentation warnings
This fixes the following warnings:

  ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version' not described in 'efi_firmware_fit_get_image_info'
  ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_fit_get_image_info'
  ./lib/efi_loader/efi_firmware.c:369: warning: bad line: firmware image
  ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version' not described in 'efi_firmware_raw_get_image_info'
  ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_raw_get_image_info'

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28 10:59:27 +02:00
AKASHI Takahiro
57ad624103 efi_loader: bootmgr: fix a problem in loading an image from a short-path
Booting from a short-form device path which starts with the first element
being a File Path Media Device Path failed because it doesn't contain
any valid device with simple file system protocol and efi_dp_find_obj()
in efi_load_image_from_path() will return NULL.
For instance,
/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(0,0)/\helloworld.efi
-> shortened version: /\helloworld.efi

With this patch applied, all the media devices with simple file system
protocol are enumerated and the boot manager attempts to boot temporarily
generated device paths one-by-one.

This new implementation is still a bit incompatible with the UEFI
specification in terms of:
* not creating real boot options
* not try
  "If a device does not support the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, but
  supports the EFI_BLOCK_IO_PROTOCOL protocol, then the EFI Boot Service
  ConnectController must be called for this device with DriverImageHandle
  and RemainingDevicePath set to NULL and the Recursive flag is set to TRUE."
(See section 3.1.2 "Load Option Processing".)

But it still gives us a closer and better solution than the current.

Fixes: commit 9cdf470274 ("efi_loader: support booting via short-form device-path")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28 10:59:27 +02:00
AKASHI Takahiro
05f391e2fc efi_loader: disk: add efi_disk_is_removable()
This helper function will be used to determine if the device is
removable media, initially for handling a short-path loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-05-28 10:59:27 +02:00
Ilias Apalodimas
b436cc6a57 efi_loader: add sha384/512 on certificate revocation
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-05-07 23:17:26 +02:00
Jan Kiszka
6ae494831d efi_loader: Select EVENT as well
Fixes

WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
  Depends on [n]: EVENT [=n]
  Selected by [y]:
  - EFI_LOADER [=y] && OF_LIBFDT [=y] && ...

and the succeeding build breakage.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-07 23:17:26 +02:00
Jan Kiszka
90c52423be lib/date: Make rtc_mktime and mktime64 Y2038-ready
We currently overflow due to wrong types used internally in rtc_mktime,
on all platforms, and we return a too small type on 32-bit.

One consumer that directly benefits from this is mktime64. Many others
may still store the result in a wrong type.

While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
714209832d).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-05-05 15:06:02 -04:00
AKASHI Takahiro
4e65ca00f3 efi_loader: bootmgr: add booting from removable media
Under the current implementation, booting from removable media using
a architecture-specific default image name, say BOOTAA64.EFI, is
supported only in distro_bootcmd script. See the commit 74522c898b
("efi_loader: Add distro boot script for removable media").

This is, however, half-baked implementation because
1) UEFI specification requires this feature to be implemented as part
   of Boot Manager's responsibility:

  3 - Boot Manager
  3.5.1 Boot via the Simple File Protocol
  When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will
  start with a device path that points to the device that implements the
  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next
  part of the FilePath may point to the file name, including
  subdirectories, which contain the bootable image. If the file name is
  a null device path, the file name must be generated from the rules
  defined below.
  ...
  3.5.1.1 Removable Media Boot Behavior
  To generate a file name when none is present in the FilePath, the
  firmware must append a default file name in the form
  \EFI\BOOT\BOOT{machine type short-name}.EFI ...

2) So (1) entails the hehavior that the user's preference of boot media
   order should be determined by Boot#### and BootOrder variables.

With this patch, the semantics mentioned above is fully implemented.
For example, if you want to boot the system from USB and SCSI in this
order,
* define Boot0001 which contains only a device path to the USB device
  (without any file path/name)
* define Boot0002 which contains only a device path to the SCSI device,
and
* set BootOrder to Boot0001:Boot0002

To avoid build error for sandbox, default file name "BOOTSANDBOX.efi"
is defined even if it is out of scope of UEFI specification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
On sandbox use binary name corresponding to host architecture.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
AKASHI Takahiro
d8465ffc01 efi_loader: export efi_locate_device_handle()
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Masahisa Kojima
eca08ce94c lib/charset: add u16_strlcat() function
Provide u16 string version of strlcat().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
d30924f16b lib: fix selection of CONFIG_CHARSET
lib/charset.c is not optional for
EFI_APP || EFI_LOADER || UFS || UT_UNICODE.
These must select CONFIG_CHARSET.

Fixes: 726cd9836d ("efi: Make unicode printf available to the app")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
c900a42eb0 efi_selftest: error handling in efi_selftest_tcg2
If memory allocation fails, write an error message.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
0db8221f32 efi_selftest: clean up unaligned unit test
* fix typo %s/give/given/
* don't use void * in pointer arithmetic

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
1b2c3e543c efi_selftest: buildefi_selftest_unaligned.c
The unit test has not been built since CPU_V7 was rename CPU_V7A.

Fixes: acf1500138 ("arm: v7: Kconfig: Rename CPU_V7 as CPU_V7A")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
5c1037d578 efi_loader: reset colors before clearing screen
When resetting the text console the colors have to be set before clearing
the screen. Otherwise the background color may be wrong.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Simon Glass
747093dd40 vpl: Add Kconfig options for VPL
Add VPL versions of commonly used Kconfig options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-05-02 09:58:13 -04:00
AKASHI Takahiro
6c640422ba efi_loader: disk: allow blk devices even without UCLASS_PARTITION
While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is
seen optional under the current implementation.
So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices.

Fixes: commit d97e98c887 ("efi_loader: disk: use udevice instead of blk_desc")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Mark Kettenis <kettenis@openbsd.org>
2022-04-29 14:25:40 +02:00
Heinrich Schuchardt
8da26f5156 efi_loader: simplify efi_add_conventional_memory_map()
Remove redundant constraint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
4f419960bf efi_loader: simplify try_load_entry()
Use function efi_create_indexed_name() to create the BootXXXX variable
name.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
dd1086ac6b efi: fix devpath_is_partition()
If the path consists only of an end node, it does not refer to a partition.
Avoid returning a random value from the stack in this case.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
7ea79e511d efi_loader: don't call log with __func__ as parameter
The log functions print file name, line number, and function name if
selected via the log command or customizing. Don't print the function
name twice.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:23:30 +02:00
Tom Rini
11232139e3 nds32: Remove the architecture
As removal of nds32 has been ack'd for the Linux kernel, remove support
here as well.

Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-04-25 16:04:05 -04:00
Tom Rini
8cfac237b9 Merge branch '2022-04-25-initial-implementation-of-stdboot'
To quote the author:
The bootflow feature provide a built-in way for U-Boot to automatically
boot an Operating System without custom scripting and other customisation.
This is called 'standard boot' since it provides a standard way for
U-Boot to boot a distro, without scripting.

It introduces the following concepts:

   - bootdev - a device which can hold a distro
   - bootmeth - a method to scan a bootdev to find bootflows (owned by
                U-Boot)
   - bootflow - a description of how to boot (owned by the distro)

This series provides an implementation of these, enabled to scan for
bootflows from MMC, USB and Ethernet. It supports the existing distro
boot as well as the EFI loader flow (bootefi/bootmgr). It works
similiarly to the existing script-based approach, but is native to
U-Boot.

With this we can boot on a Raspberry Pi 3 with just one command:

   bootflow scan -lb

which means to scan, listing (-l) each bootflow and trying to boot each
one (-b). The final patch shows this.

With a standard way to identify boot devices, booting become easier. It
also should be possible to support U-Boot scripts, for backwards
compatibility only.

...

The design is described in these two documents:

https://drive.google.com/file/d/1ggW0KJpUOR__vBkj3l61L2dav4ZkNC12/view?usp=sharing

https://drive.google.com/file/d/1kTrflO9vvGlKp-ZH_jlgb9TY3WYG6FF9/view?usp=sharing
2022-04-25 16:02:27 -04:00
Simon Glass
8565efd509 lib: Add a way to find the postiion of a trailing number
At present it is not possible to find out which part of the string is the
number part and which is before it. Add a new variant which provides this
feature, so we can separate the two in the caller.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Simon Glass
d667a0d8f4 lib: Fix a few bugs in trailing_strtoln()
At present this has a minor bug in that it reads the byte before the
start of the string, if it is empty. Also it doesn't handle a
non-numeric prefix which is only one character long.

Fix these bugs with a reworked implementation. Add a test for the second
case. The first one is hard to test.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Tom Rini
46a06ed82a Pull request for efi-2022-07-rc1-3
Documentation:
 
 * Document image size parameter of bootefi command
 
 UEFI:
 
 * avoid building partition support in SPL/TPL where not required
 * improve integration of EFI subsystem and driver model
 * restore ability to boot arbitrary blob
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJka8UACgkQxIHbvCwF
 GsQXVw/+OuG4lYgiBZUUOFtu7CZZTrEnMGszRhXmwEzTMNq2NBNRP1lRJFhyyU50
 ElS/I7wZwhFtEnsL5H4mf3Ww7BQLELecg/Q7bnDYhPNg4JWUWUSCGOVUkNRs5O1h
 3f6HBkdbvDVvITgopqEj1v4sNwSJCr8sFJQPe0o7i9FAb0+dbO/Er3Z6afp9vcsQ
 C6iiNq4zTaGm0YUZf1wOCJMngijvkJ+z+McAFCCAwH0zbT7GfNpmGNr8iviYPWJM
 tKzkvO73+LhGR6fgRl9XewbV0Mlkd2q54nfZrP+7tTycIrj0G/OUOyPnOUaJk485
 keouzcIVSzZGjeQtsZ9Rrw8EounuMJ/pRyGNsoWIyeY98gqJxtVYnrlNm/TvFs6F
 vALsqq0LsRkVmM/ut8eleV/U8Q6n6IYL4xtAH0tm4Jf4mrW1zt8IgWQnNOlHqg9J
 RjOAF0y38KUAoC7RzGjU+RJcWPoYuKGxEWEdGvIu3qP9blwaZ7UKRxqWilOgbypf
 pxbp9YsnT8pqY9cs6mzSZHPjJFSMVocaRzD521kgShS4cxOJHpZHU4wzd5hS4BFr
 BIMCSPPyuRmn3E2DDqncEtL4C7OoPV+LLXVyrF2neiWwjMd/4rGAoYnDwjRkD7dP
 uSFsNt9N3Mqpjwl/iMI5Kd+mOJ77TWnf9fKrEft4BIXexopzAms=
 =a5qc
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-07-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-07-rc1-3

Documentation:

* Document image size parameter of bootefi command

UEFI:

* avoid building partition support in SPL/TPL where not required
* improve integration of EFI subsystem and driver model
* restore ability to boot arbitrary blob
2022-04-23 18:42:00 -04:00
AKASHI Takahiro
d97e98c887 efi_loader: disk: use udevice instead of blk_desc
In most of all cases, we can avoid using blk_desc which is expected
to be private to udevice(UCLASS_BLK), that is, the data should not
be manipulated outside the device driver unless really needed.

Now efi_disk's internally use dev_read/write() interfaces
if CONFIG_PARTITIONS is enabled.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a3cb34e9b7 efi_loader: disk: not delete BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
b406eb04c3 efi_loader: disk: a helper function to delete efi_disk objects
This function is expected to be called, in particular from dm's pre_remove
hook, when associated block devices no longer exist.

Add efi_disk_remove() function.
This function removes an efi_disk object for a raw disk device (UCLASS_BLK)
and related objects for its partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "remove"
interface every time a raw disk device is to be disconnected.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
3c809dfed7 efi_loader: disk: not create BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a9bf024b29 efi_loader: disk: a helper function to create efi_disk objects from udevice
Add efi_disk_probe() function.
This function creates an efi_disk object for a raw disk device (UCLASS_BLK)
and additional objects for related partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "probe"
interface every time one raw disk device is detected and activated.
We assume that partition devices (UCLASS_PARTITION) have been created
when this function is invoked.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a57ad20d07 efi_loader: split efi_init_obj_list() into two stages
In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated
in order to support dynamic enumeration of efi_disk objects.

This can, however, be problematic particularly in case of file-based
variable storage (efi_variable.c, default).
Non-volatile variables are to be restored from EFI system partition
by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list()
is called in board_init_r(), we don't know yet what disk devices
we have since none of device probing commands (say, scsi rescan) has not
been executed at that stage.

So in this commit, a preparatory change is made; efi_init_obj_list() is
broken into the two functions;
   * efi_init_early(), and
   * new efi_init_obj_list()

Only efi_init_early() will be called in board_init_r(), which allows
us to execute any of device probing commands, either though "preboot"
variable or normal command line, before calling efi_init_obj_list() which
is to be invoked at the first execution of an efi-related command
(or at efi_launch_capsules()) as used to be.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
38f255b960 efi_loader: disk: compile efi_disk when CONFIG_BLK
Now we can build efi_loader with block device support (CONFIG_BLK) and
without CONFIG_PARTITIONS.
So change Makefile.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:34 +02:00
AKASHI Takahiro
7a06fd7579 efi_loader: PARTITION_UUIDS should be optional
In the current implementation, partition table support (either GPT or DOS)
is not mandatory. So CONFIG_PARTITION_UUIDS should not be enabled
(selected) unconditionally.

Fixes: commit 17f8cda505 ("efi_loader: set partition GUID in device path for SIG_TYPE_GUID")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-23 22:05:34 +02:00
Andrew Abbott
0de71bb580 fdt: Fix TPL SEPARATE_BSS check when locating DTB
Commit 690af71850 changed this condition
from an explicit

IS_ENABLED(CONFIG_SPL_SEPARATE_BSS)

to

CONFIG_IS_ENABLED(SEPARATE_BSS)

The documentation for CONFIG_IS_ENABLED() in include/linux/kconfig.h
implies that we will get the correct behaviour, but the actual behaviour
differs such that this condition is now always false.

This stopped TPL being able to load the device tree blob at least on the
ROCKPro64 board (RK3399 SoC), since the wrong device tree location was
chosen.

The issues causing this behaviour with CONFIG_IS_ENABLED() are:

1. The documentation implies that CONFIG_SPL_BUILD =>
   CONFIG_SPL_<option> is considered before the TPL equivalent.

   Actually, the TPL options have higher priority - see definition of
   _CONFIG_PREFIX.

2. The documentation implies a fallthrough, eg. if CONFIG_SPL_BUILD is
   defined but the CONFIG_SPL_<option> is not, then it will proceed to
   check if CONFIG_TPL_BUILD

   Actually, if CONFIG_TPL_BUILD is defined, then it stops there
   and CONFIG_SPL_BUILD is not considered - see definition of
   _CONFIG_PREFIX.

   During TPL build, at least for the ROCKPro64, both CONFIG_TPL_BUILD
   and CONFIG_SPL_BUILD are defined, but because of the above, only TPL
   options are considered. Since there is no CONFIG_TPL_SEPARATE_BSS,
   this fails.

Fixes: 690af71850 ("fdt: Correct condition for SEPARATE_BSS")
Signed-off-by: Andrew Abbott <andrew@mirx.dev>
2022-04-22 15:44:10 -04:00
Pali Rohár
1a47e6d47c crc16: Move standard CRC-16 implementation from ubifs to lib
This implementation provides standard CRC-16 algorithm with polynomial
x^16 + x^15 + x^2 + 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
bb3d71b7ef crc16-ccitt: Rename file with CRC-16-CCITT implementation to crc16-ccitt.c
U-Boot CRC-16 implementation uses polynomial x^16 + x^12 + x^5 + 1 which is
not standard CRC-16 algorithm, but it is known as CRC-16-CCITT. Rename file
crc16.c to crc16-ccitt.c to reduce confusion.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Heinrich Schuchardt
8bf5f9af3b efi_loader: simplify efi_serialize_load_option()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
b27d8e4037 efi_loader: EFI_HII_STRING_PROTOCOL.GetString()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
967407defe lib: simplify u16_strdup()
Use u16_strsize() instead of duplicating it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Heinrich Schuchardt
0121282d1a lib: convert u16_strlen() into a macro
The function u16_strlen() can be implemented as call to u16_strnlen().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Sughosh Ganu
9736287173 FMP: Remove GUIDs for FIT and raw images
The capsule update code has been modified for getting the image GUID
values from the platform code. With this, each image now has a unique
GUID value. With this change, there is no longer a need for defining
GUIDs for FIT and raw images. Remove these GUID values.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
a9e6f01a94 efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled
Currently, there are a bunch of boards which enable the UEFI capsule
update feature. The actual update of the firmware images is done
through the dfu framework which uses the dfu_alt_info environment
variable for getting information on the update, like device, partition
number/address etc. The dfu framework allows the variable to be set
through the set_dfu_alt_info function defined by the platform, or if
the function is not defined, it gets the variable from the
environment. Using the value set in the environment is not very
robust, since the variable can be modified from the u-boot command
line and this can cause an incorrect update.

To prevent this from happening, define the set_dfu_alt_info function
when the capsule update feature is enabled. A weak function is defined
which sets the dfu_alt_info environment variable by getting the string
for the variable from the platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
7cf06f09cc capsule: Put a check for image index before the update
The current capsule update code compares the image GUID value in the
capsule header with the image GUID value obtained from the
GetImageInfo function of the Firmware Management Protocol(FMP). This
comparison is done to ascertain if the FMP's SetImage function can be
called for the update. Make this checking more robust by comparing the
image_index value passed through the capsule with that returned by the
FMP's GetImageInfo function. This protects against the scenario of the
firmware being updated in a wrong partition/location on the storage
device if an incorrect value has been passed through the capsule,
since the image_index is used to determine the location of the update
on the storage device.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
1ea06bc929 capsule: FMP: Populate the image descriptor array from platform data
Currently, the image descriptor array that has been passed to the
GetImageInfo function of the Firmware Management Protocol(FMP) gets
populated through the data stored with the dfu framework. The
dfu data is not restricted to contain information only of the images
updatable through the capsule update mechanism, but it also contains
information on other images. The image descriptor array is also parsed
by the ESRT generation code, and thus the ESRT table contains entries
for other images that are not being handled by the FMP for the capsule
updates. Fix this by populating the image descriptor array from the
structure initialised in the board file.

The other issue fixed is assignment of a separate GUID for all images
in the image descriptor array. The UEFI specification mandates that
all entries in the ESRT table should have a unique GUID value as part
of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all
images are assigned a single GUID value, either an FIT GUID or a raw
image GUID. This is fixed by obtaining the GUID values from the
efi_fw_images array defined per platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Dhananjay Phadke
e146a2c12f lib/crypto: support sha384/sha512 in x509/pkcs7
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-11 11:39:19 -04:00
SESA644425
81eff51047 lib: rsa: Update function padding_pss_verify (any-salt)
Modify function to support any salt length instead of max
length only. Function now detects salt length by parsing
the content of db buffer. Note that it works with (but is
not limited to) zero-length, digest-length and max-length

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
fb7330545e lib: rsa: Leverage existing data buffer instead of systematic copy
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to reduce memory
consumption of function by replacing memory copies of parts of
const buffer by pointers to the original buffer (masked_db and
h are subparts of msg buffer which is declared const, salt is a
subpart of db which is a working buffer, unmodified after being
filled). New pointers scope is limited to the function where
they are declared (not returned to caller by any mean), zeroing
risk of memory fault related to the change.

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
c755aa8a1d lib: rsa: Fix const-correctness of rsassa_pss functions
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to update
const-correctness in targeted functions to comply with
coding-rules and avoid const-cast

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
Masami Hiramatsu
7660cfee0f efi_loader: Use sysreset instead of reset command
Use sysreset_walk_halt() directly from reset-after-capsule-on-disk
feature to reboot (cold reset) machine instead of using reset command
interface, since this is not a command.
Note that this will make CONFIG_EFI_CAPSULE_ON_DISK depending on
the CONFIG_SYSRESET.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-09 21:06:31 +02:00
Masami Hiramatsu
39bdf11580 efi_loader: Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK=n
Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK
is disabled because the caller (efi_init_obj_list()) expects it only
relays on EFI_HAVE_CAPSULE_SUPPORT.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-09 21:06:31 +02:00
Tom Saeger
f2288a26ab efi_loader: optional persistence of variables
Since be66b89da3 ("efi_loader: configuration of variables store")
the choice of EFI_VARIABLE_FILE_STORE or EFI_MM_COMM_TEE
is mutually-exclusive, however efi_var_to_file also allows
for "neither". Provide an additional Kconfig option.

Signed-off-by: Tom Saeger <tom.saeger@oracle.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-09 21:06:31 +02:00
Simon Glass
b7463f198d Make ASYMMETRIC_KEY_TYPE depend on FIT_SIGNATURE
Add this dependency to avoid a build error if FIT_SIGNATURE is not
enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:03:17 -04:00
Simon Glass
ccfc9d7841 lzma: Tidy up the function prototype
This should use a const pointer for the input stream. Fix this and also
add a proper comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
423cf0acda fdt: sandbox: Avoid looking for an appended device tree
We don't use an appended tree for sandbox and the required symbols are
not present. Add a condition to avoid a build error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
690af71850 fdt: Correct condition for SEPARATE_BSS
This may have different settings for SPL and TPL. Correct the condition.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
99aca9efe1 abuf: Correct a corner case with abuf_realloc()
If the buffer is empty and not allocated, then abuf_realloc() tries to
copy invalid data. This happens because an incorrect change to use
memdup() was added after the original code was written.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Tom Rini
01f1ab67f3 Merge branch 'next'
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-04-04 10:48:44 -04:00
Philippe Reynes
f6bacf1d48 lib: rsa: allow rsa verify with pkey in SPL
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
e44ec9f709 lib: crypto: allow to build crypyo in SPL
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
fd210fee1d lib: allow to build asn1 decoder and oid registry in SPL
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
7d44a98517 lib: Kconfig: enhance the help of OID_REGISTRY
Enhance the help for the config OID_REGISTRY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
a0e71d9614 lib: Kconfig: enhance help for ASN1
Enhance the help for configs ASN1_COMPILER
and ASN1_decoder.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Andy Shevchenko
b6370aca37 efi_loader: initrddump: Actually use the custom CFLAGS
It seems a copy'n'paste typo when tool had been introduced.
It has never had the 'exit' suffix in the file name. Hence,
the custom CFLAGS never been applied and, for example, BFD
linker complains:

  LD      lib/efi_loader/initrddump_efi.so
  ld.bfd: lib/efi_loader/initrddump.o: warning: relocation in read-only section `.text.efi_main'
  ld.bfd: warning: creating DT_TEXTREL in a shared object

Remove wrong 'exit' suffix from the custom CFLAGS variable.

Fixes: 65ab48d69d ("efi_selftest: provide initrddump test tool")
Fixes: 9c045a49a9 ("efi_loader: move dtbdump.c, initrddump.c to lib/efi_loader")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-31 19:06:17 +02:00
Simon Glass
1fa43cad86 video: Drop references to CONFIG_VIDEO et al
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.

Also drop the prototype for video_get_info_str() which is no-longer used.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jason Liu <jason.hui.liu@nxp.com>
2022-03-28 20:17:07 +02:00
Tom Rini
34d2b7f203 Prepare v2022.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmJBxXQACgkQFHw5/5Y0
 tywKKAv+L+sCmqfJ4Zy2cdzWkGZI3NZMWi8yzUUU37RH5I+3Blht+z6dMslm9gCB
 7/PwS5y7WH3l3wEdeXcw4FUCgNh3D8YyfCcVCsQ0Qxig49xwWz8Jn6t+haOWD6eW
 uXim+gSG+ceWTBrKf3InzXN5fHPIcF66r+k3opwAwIYKpT8p8CgM4ewshBCAsc6t
 6qSLf+A64JNv/y2DTS+sPDY68tnplbyRvrNb6YEazOF6b6SnSE2j+EH8RkIZ+2yT
 cTUhQ2o9JJIKnaG9MTqHB+XVe80oPB7bTWInFo2JxGn98XeS7CTCcnDZhLqWrvHF
 gBfcpEcVE2blVbg/Vo2x4rnU1dop44ch6pE9k5SPFJcPdlzdwFHHgGyfGi9LtD4K
 JAvaIQdz6ZEOQqShpCxcbL/g2/uoRaXFqC7E8IE+WdFMXGBQoZpqaoBMoefnyplk
 xrzqaQye38JgZDX0ku4cm4SMArAfr4sVHcdDlSlzY3y2KQ8Ead25irRvq7GoQ2Ad
 Odo9taQF
 =9g2Y
 -----END PGP SIGNATURE-----

Merge tag 'v2022.04-rc5' into next

Prepare v2022.04-rc5
2022-03-28 12:36:49 -04:00
Heinrich Schuchardt
24cf707ed7 efi_loader: initrddump: drain input before prompt
Up to now the initrddump.efi application has drained the input after
showing the prompt. This works for humans but leads to problems when
automating testing. If the input is drained, this should be done before
showing the prompt.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
ae794fae09 efi_loader: nocolor command line attr for initrddump.efi
initrddump.efi uses colored output and clear the screen. This is not
helpful for integration into Python tests. Allow specifying 'nocolor' in
the load option data to suppress color output and clearing the screen.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
df96deeed6 efi_loader: typo devie-path
%s/devie-path/device-path/

Reported-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
9c045a49a9 efi_loader: move dtbdump.c, initrddump.c to lib/efi_loader
The tools dtbdump.efi and initrddump.efi are useful for Python testing even
if CONFIG_EFI_SELFTEST=n.

Don't clear the screen as it is incompatible with Python testing.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 17:01:00 +01:00
Heinrich Schuchardt
b78631d54f efi_loader: remove efi_disk_is_system_part()
The block IO protocol may be installed on any handle. We should make
no assumption about the structure the handle points to.

efi_disk_is_system_part() makes an illegal widening cast from a handle
to a struct efi_disk_obj. Remove the function.

Fixes: Fixes: 41fd506842 ("efi_loader: disk: add efi_disk_is_system_part()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
9cdf470274 efi_loader: support booting via short-form device-path
The boot manager must support loading from boot options using a short-form
device-path, e.g. one where the first element is a hard drive media path.

See '3.1.2 Load Options Processing' in UEFI specification version 2.9.

Fixes: 0e074d1239 ("efi_loader: carve out efi_load_image_from_file()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
e46ef1db9e efi_loader: efi_dp_find_obj() add protocol check
Let function efi_dp_find_obj() additionally check if a given protocol is
installed on the handle relating to the device-path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
c409593d08 efi_loader: fix efi_dp_find_obj()
efi_dp_find_obj() should not return any handle with a partially matching
device path but the handle with the maximum matching device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
8399488672 efi_loader: export efi_dp_shorten()
Rename function shorten_path() to efi_dp_shorten() and export it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Ilias Apalodimas
ff6af6eede efi_loader: Set variable attributes when EFI_BUFFER_TOO_SMALL is returned
Starting UEFI Spec 2.8 we must fill in the variable attributes when
GetVariable() returns EFI_BUFFER_TOO_SMALL and Attributes is non-NULL.

This code was written with 2.7 in mind so let's move the code around a
bit and fill in the attributes EFI_BUFFER_TOO_SMALL is returned

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Huang Jianan
26c7fdadcb lib/lz4: update LZ4 decompressor module
Update the LZ4 compression module based on LZ4 v1.8.3 in order to
use the newest LZ4_decompress_safe_partial() which can now decode
exactly the nb of bytes requested.

Signed-off-by: Huang Jianan <jnhuang95@gmail.com>
2022-03-15 16:19:29 -04:00
Heinrich Schuchardt
66028930da efi_loader: copy GUID in InstallProtocolInterface()
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-12 12:27:07 +01:00
Yann Droneaud
9b5ad4f5da lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
                     EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
                     EVP_MD_CTX_init() is EVP_MD_CTX_reset()

As there's no need to reset a newly created EVP_MD_CTX, moreover
EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
can be dropped.
As there's no need to reset an EVP_MD_CTX before it's destroyed,
as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
is not needed and can be dropped.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
2022-03-04 15:20:07 -05:00
Masahisa Kojima
3fa9ed9ae3 efi_loader: update the timing of enabling and disabling EFI watchdog
UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

 1) The EFI Image may reset or disable the watchdog timer as needed.
 2) If control is returned to the firmware's boot manager,
    the watchdog timer must be disabled.
 3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
    the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
3e6f810006 efi_loader: test/py: Reset system after capsule update on disk
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;

    In all cases that a capsule is identified for processing the system is
    restarted after capsule processing is completed.

This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
a6aafce494 efi_loader: use efi_update_capsule_firmware() for capsule on disk
Since the efi_update_capsule() represents the UpdateCapsule() runtime
service, it has to handle the capsule flags and update ESRT. However
the capsule-on-disk doesn't need to care about such things.

Thus, the capsule-on-disk should use the efi_capsule_update_firmware()
directly instead of calling efi_update_capsule().

This means the roles of the efi_update_capsule() and capsule-on-disk
are different. We have to keep the efi_update_capsule() for providing
runtime service API at boot time.

Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
bdcc0a9594 efi_loader: fix uefi secure boot with intermediate certs
The general rule of accepting or rejecting an image is
 1. Is the sha256 of the image in dbx
 2. Is the image signed with a certificate that's found in db and
    not in dbx
 3. The image carries a cert which is signed by a cert in db (and
    not in dbx) and the image can be verified against the former
 4. Is the sha256 of the image in db

For example SHIM is signed by "CN=Microsoft Windows UEFI Driver Publisher",
which is issued by "CN=Microsoft Corporation UEFI CA 2011", which in it's
turn is issued by "CN=Microsoft Corporation Third Party Marketplace Root".
The latter is a self-signed CA certificate and with our current implementation
allows shim to execute if we insert it in db.

However it's the CA cert in the middle of the chain which usually ends up
in the system's db.  pkcs7_verify_one() might or might not return the root
certificate for a given chain.  But when verifying executables in UEFI,  the
trust anchor can be in the middle of the chain, as long as that certificate
is present in db.  Currently we only allow this check on self-signed
certificates,  so let's remove that check and allow all certs to try a
match an entry in db.

Open questions:
- Does this break any aspect of variable authentication since
  efi_signature_verify() is used on those as well?

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
54cebe8a3a efi_loader: fix dual signed image certification
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
Moritz Fischer
058fb9f5ff acpi: Move MCFG implementation to common lib
MCFG tables are used on multiple arches. Move to common ACPI lib.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use sizeof(*mcfg) instead of sizeof(*header)
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-09 12:30:13 -07:00
Simon Glass
e2bceb0331 efi: Drop unnecessary calls to blk_find_device()
When we have the block descriptor we can simply access the device. Drop
the unnecessary function call.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Simon Glass
377d39d178 efi: Use device_get_uclass_id() where appropriate
Use this function rather than following the pointers, since it is there
for this purpose.

Add the uclass name to the debug call at the end of dp_fill() since it is
quite useful.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
3c95b323c7 efi_loader: add handle for UART
When loading an EFI binary via the UART we assign a UART device path to it.
But we lack a handle with that device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
915623c0d3 efi_loader: fix text output for Uart() DP nodes
The UEFI specification concerning Uart() device path nodes has been
clarified:

Parity and stop bits can either both use keywords or both use
numbers but numbers and keywords should not be mixed.

Let's go for keywords as this is what EDK II does. For illegal
values fall back to numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b1193fa957 efi_loader: use %zu to print efi_uintn_t in FMP driver
For printing an unsigned value we should use %u and not %d.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
e9df54968f efi_loader: use %zu not %zd to print efi_uintn_t
efi_uintnt_t is an unsigned type. We should avoid showing negative numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
344f26a766 efi_loader: fix device path to text protocol
The printing of a file path node must properly handle:

* odd length of the device path node
* UTF-16 character only partially contained in device path node
* buffer overflow due to very long file path

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
fe14f88050 lib: fix snprintf() for UTF-16 strings
snprintf() must return the required buffer length.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b9b4cecf9b efi_selftest: merge FDT and RISC-V tests
The test for the RISCV_EFI_BOOT_PROTOCOL retrieves the boot hart id via the
protocol and compares it to the value of the boot hart id in the device
tree. The boot hart id is already retrieved from the device tree in the FDT
test.

Merge the two tests to avoid code duplication.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Sunil V L
8efefcec00 efi_selftest: unit test for RISCV_EFI_BOOT_PROTOCOL
Add a test for the RISCV_EFI_BOOT_PROTOCOL.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
2022-02-05 20:20:01 +01:00
Simon Glass
5b9a5b2b96 treewide: Use 16-bit Unicode strings
At present we use wide characters for Unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on the Raspberry Pi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 15:53:28 -05:00
Simon Glass
156ccbc3c4 efi: Use 16-bit unicode strings
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 12:16:01 -05:00
Tom Rini
c7d042f315 Pull request for efi-2022-04-rc1-3
Documentation:
 
 * update Nokia RX-51 documentation and move it to rst
 * describe boot switch settings for HiFive Unmatched board
 
 UEFI:
 
 * fix the checking of images hashes and signatures
 * provide the RISCV_EFI_BOOT_PROTOCOL
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
 GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
 rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
 BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
 FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
 6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
 xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
 x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
 xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
 kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
 LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
 vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
 =+edp
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
2022-01-29 13:50:19 -05:00
Ilias Apalodimas
5ee900c14f efi_loader: hash the image once before checking against db/dbx
We don't have to recalculate the image hash every time we check against a
new db/dbx entry.  So let's add a flag forcing it to run once since we only
support sha256 hashes

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Ilias Apalodimas
4b63431323 efi_loader: correctly handle mixed hashes and signatures in db
A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.

That's problematic in case we find and try to check a signature before
inspecting the sha256 hash.  If the image is unsigned we will reject it
even if the digest matches.

Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
8d4c426532 lib: allow printing RISC-V EFI Boot Protocol GUID
On RISC-V a new UEFI protocol has been introduced. Support printing
its GUID using %pUs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Sunil V L
1ccf87165e efi_loader: Enable RISCV_EFI_BOOT_PROTOCOL support
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.

The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
3dd719d4fb efi_loader: correct function comment style
Replace @return and @param.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Jamin Lin
2a4b0d5890 rsa: adds rsa3072 algorithm
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-28 17:58:41 -05:00
Tom Rini
761a1786e1 acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
 minor tools improvements in preparation for FDT signing
 various minor fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmHyEeYRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYYlgf8C7tQVklXz9ZHhxVrFaPHWwgmBzEZJSrc
 7SWhDX9yBrAYBUk8Q4OMnJz6nXW8Rz5Td9GfBNWcJag1HjJqno4BxkqwGk2tshgj
 GIY0D1cGfKJzB4E6/rK/ETwmX4KVUyEf7S2IdJ0oydkn9t7OwDkUX5WtGXo70E7q
 ZJGYlX5NQCVBRAF9NYDuyVFljrPzAiyT58VCtXY3q63C7PmRYvag8r56ug+8lkk3
 9EbOTcwETqq9SbT1vucyBxwbUmoKhb2BF32jEcIhozowIM3GNsSpkdzQCUnylqfa
 LYI/p0oVTKLfFRBRvQjLgdB/OQP8MLkby8A++Db2OW49mBXhn/5JWA==
 =PdpE
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm

acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
2022-01-27 14:14:47 -05:00
Loic Poulain
334a9b9d6a lib/circbuf: Make circbuf selectable symbol
It is currenly only used from usbtty driver but make it properly
selectable via Kconfig symbol, for future usage.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-01-26 23:23:17 +01:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
c3675583e9 rsa: Add debugging for failure cases
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:37 -07:00
Simon Glass
2d7c738296 acpi: Collect tables in the acpi_item list
At present this list is used to collect items within the DSDT and SSDT
tables. It is useful for it to collect the whole tables as well, so there
is a list of what was created and which write created each one.

Refactor the code accordingly.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
9d2adca8c3 x86: Move acpi_get_rsdp_addr() ACPI tables to the writer
Move this over to use a writer file, moving the code from the x86
implementation.

There is no need to store a separate variable since we can simply access
the ACPI context.

With this, the original monolithic x86 function for writing ACPI tables
is gone.

Note that QEMU has its own implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a7e53b93b1 x86: Move device-specific ACPI tables to a writer function
Move this over to use a writer function, moving the code from the x86
implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
78031ad431 x86: acpi: Update acpi_fill_csrt() to use acpi_ctx
Update this function to the newer style, so we can avoid passing and
returning an address through this function.

Also move this function out of the x86 code so it can be used by other
archs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2022-01-25 11:44:36 -07:00
Simon Glass
85b8161b14 x86: Move CSRT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
d953137526 x86: Move SSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
eacb6d0ba2 x86: Move DSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Disable this table for sandbox since we don't actually compile real ASL
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a53d38f80a x86: Move FACS table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
94ba15a3f1 x86: Move base tables to a writer function
Use the new ACPI writer to write the base tables at the start of the area,
moving this code from the x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
31c27eb830 x86: Use the ACPI table writer
Use the new ACPI writer to write the ACPI tables. At present this is all
done in one monolithic function. Future work will split this out.

Unfortunately the QFW write_acpi_tables() function conflicts with the
'writer' version, so disable that for sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
cc1f8c3988 x86: acpi: Split out context creation from base tables
At present acpi_setup_base_tables() both sets up the ACPI context and
writes out the base tables.

We want to use an ACPI writer to write the base tables, so split this
function into two, with acpi_setup_ctx() doing the context set, and
acpi_setup_base_tables() just doing the base tables.

Disable the writer's write_acpi_tables() function for now, to avoid
build errors. It is enabled in a following patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
6afa63a5a6 acpi: Add a linker list for ACPI tables
At present we call lots of functions to generate the required ACPI tables.
It would be better to standardise these functions and allow them to be
automatically collected and used when needed.

Add a linker list to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
437992d3a9 acpi: Use finer-grained control of ACPI-table generation
Rather than keying everything off ACPIGEN, use the main
GENERATE_ACPI_TABLE option to determine whether the core ACPI code
is included. Make sure these option are not enabled in SPL/TPL since we
never generate tables there.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a9e414dd50 efi: Correct address handling with ACPI tables
The current EFI implementation confuses pointers and addresses. Normally
we can get away with this but in the case of sandbox it causes failures.

Despite the fact that efi_allocate_pages() returns a u64, it is actually
a pointer, not an address. Add special handling to avoid a crash when
running 'bootefi hello'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
47642428ee efi: Correct call to write_acpi_tables()
This must be passed a ulong, not a u64. Fix it to avoid LTO warnings on
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
233f0e35a3 x86: Move the acpi table to generic global_data
Allow this to be used on any arch. Also convert to using macros so that
we can check the CONFIG option in C code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
e1722fcb7d x86: Allow any arch to generate ACPI tables
These have sadly found their way to ARM now. Allow any arch to support
generating ACPI tables.

Disable this for the tools build.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Tom Rini
da158ec5f2 Pull request for efi-2022-04-rc1-2
Documentation:
 
 * describe printf() format codes
 
 UEFI
 
 * enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048
 
 General
 
 * simplify printing short texts for GUIDs
 * provide a unit test for printing GUIDs
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHoLnQACgkQxIHbvCwF
 GsQ25Q/9G5REcgmo9Hjv+2ri3VJJueIGRL1QeXDl84TxUYgYAtHj7zo/YaeacHKB
 RVBsQafU6vIuAq5YRJFKCSWCxjPJVUH9QO5QQz6RE14KoBh6OYUQP2wSf/+p6/sb
 47wfVtyAUEpCEz60eDj5EWrSPpH78BNW7MmKoTZWSgE1APaBTAHw/Uo6tnb52Qsv
 vQ73Q9R4s0hpsylVtmwIZ0udDcaJg3SQf/4glhnHxaUW/oMoRd0DU7Dnbbg2oxfd
 Y03J0zarqAdIjzNvADnUz6Ei2+H1TrzRe9tzhuXRuseZdANrUnzDIe6bdz+RCmkl
 sdBCmBDPoChosiAcaX9FkajaAi5XYpZ5Sitdpp9A8ZdVc0Lzr1XLbfLksJRM7WwM
 jSP/JDAGYzJqL86C4hrx46aERUuXgywf/vSM7UoG5OxbtMa/AqbHuXMOnd4jXGYD
 48fLlyMWlZ7+Kd4v3x9QlwSmM0LLsokn93JEWrJhJqFPzdHYUQifU2vlZmrJHWyS
 BjzCJxu+rCmXBO6wlcAvsF9V/kx5IO3CKIGn24UUt/wjSBu4VDO5oSzVseJxPBIQ
 vBV9qZfwKCk9U/F1VN43xvIKvcO+oK+pEE9FB5trffYGmHfSEmBwOq3LuHlyMpeJ
 L+TrJUsZstFtx0ZBmVB3YuERusb2z+x1osnifGJvUHCLqjCgvl0=
 =GoR6
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-2

Documentation:

* describe printf() format codes

UEFI

* enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048

General

* simplify printing short texts for GUIDs
* provide a unit test for printing GUIDs
2022-01-22 15:43:36 -05:00
Heinrich Schuchardt
185f812c41 doc: replace @return by Return:
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 18:11:34 +01:00
Ilias Apalodimas
8699af63b8 lib/crypto: Enable more algorithms in cert verification
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption.  But the limitation is artificial since U-Boot supports
a wider range of algorithms.

The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of <checksum>,<crypto>.  So let's remove the size
checking and create the needed string on the fly in order to support
more hash/signing combinations.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
38040a63a3 efi_loader: printing TCG2 protocol GUID
We support the TCG2 protocol. Allow command efidebug to print it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
7884a0986d efi_selftest: implement printing GUIDs
The ESRT test may try to print a GUID if an error occurs.
Implement the %pU print code.

Correct the ESRT test to use %pU instead of %pUl to avoid the output
of character 'l'.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
983a5a2e72 cmd: printenv: simplify printing GUIDs
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
ce00a7401a efi_loader: use %pUs for printing GUIDs
For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide
readable debug output.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
3adae64220 cmd: efidebug: simplify printing GUIDs
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
0487238120 lib: printf code %pUs for GUID text representation
In different places text representations are used for GUIDs, e.g.

* command efidebug
* command part list for GPT partitions

To allow reducing code duplication introduce a new printf code %pUs.
It will call uuid_guid_get_str() to get a text representation. If none is
found it will fallback to %pUl and print a hexadecimal representation.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
c1528f324c lib: compile uuid_guid_get_str if CONFIG_LIB_UUID=y
Currently uuid_guid_get_str() is only built if
CONFIG_PARTITION_TYPE_GUID=y.

To make it usable for other GUIDs compile it if CONFIG_LIB_UUID=y.
The linker will take care of removing it if it is unused.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Qu Wenruo
7c3fd5c25d lib: add BLAKE2 hash support
The code is cross-ported from BLAKE2 reference implementation
(https://github.com/BLAKE2/BLAKE2).

With minimal change to remove unused macros/features.

Currently there is only one user inside U-boot (btrfs), and since it
only utilize BLAKE2B, all other favors are all removed.

Signed-off-by: Qu Wenruo <wqu@suse.com>
[trini: Rename ROUND to R to avoid clash with <linux/bitops.h>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-18 08:31:02 -05:00
Tom Rini
d71dbe657c Pull request for efi-2022-04-rc1
Documentation:
 
 * Fix building HTML documentation of readthedocs.io
 * Add ARM Juno board documentation
 * Build requirements for Alpine Linux
 * Include DM headers in API documentation
 
 UEFI:
 
 * Fix section alignment of EFI binaries
 * Fix header length of RISC-V EFI binaries allowing to run them on EDK II
 * Remove kaslr-seed from device tree if the EFI_RNG_PROTOCOL is provided
 
 Other:
 
 * Let 'part list' show all 128 GPT partitions
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHiqKYACgkQxIHbvCwF
 GsTrMA//XQRIS9f8pD3/FsSfVfmtxkCLG9axEe/lRQp7l7109v+m832CJV5Em7pX
 GtRGOSUdj930v1q9fZ/nUx9/IJjf/lnB0eEcMcVai2NVgyuRohGAzX9JWsVLbdOE
 MicDX7D/VZ+86lPxLRJbq61jMj7Dnj+atonJQ3Bc1eBLutUaBOr6aenA99TyLavU
 +guuQmQLpJz6VbyZIYxr7/CZVaVkXS0jmcfEoDHD8BrsBe3pZvNuUC4D9KIFWnLo
 pQYYNuIWiVCPGE/iMbUZGjJfgHnD3qW1DWOfmeWPTysALnTSxx0m8FJrOqlxZk6R
 HkEhcr/RkI2JT89C+07qsXkfvJ7YBg3r6bSNtng4i8VwSm384ffF9Y+cfoBv1285
 7wo+Vbh6LuOlp0OAo3bjAuhW7gpnUkkGoc4sXv7wr560mGOtJAPrp0T1ku17ZANd
 GP0T4TgvL15PAFbK+Yg6NxF+l26Lb5EkvC5bGFlM/5ceafD/B7qA2m8KG9+cR2/t
 UFAyI0FB3yWp1TLfdCRXR4YEHDl3nWjs8GuwdwTPFXLWFPkf73DX/r+ZAnZAY+M+
 FTGJuMZUp71aiqeAs7CHw4ePZMQCt0Hjs9kYbAMekoUncpMCFXwXmp1KxLkHBM+X
 +i6WPflTL/sOSO+3M8fcUeZI7IWerOHZqCu/RTb9W0n3Ee+odBc=
 =NZ+6
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1

Documentation:

* Fix building HTML documentation of readthedocs.io
* Add ARM Juno board documentation
* Build requirements for Alpine Linux
* Include DM headers in API documentation

UEFI:

* Fix section alignment of EFI binaries
* Fix header length of RISC-V EFI binaries allowing to run them on EDK II
* Remove kaslr-seed from device tree if the EFI_RNG_PROTOCOL is provided

Other:

* Let 'part list' show all 128 GPT partitions
2022-01-15 07:39:09 -05:00
Simon Glass
25a326b006 efi: Support the efi command in the app
At present the 'efi' command only works in the EFI payload. Update it to
work in the app too, so the memory map can be examined.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-15 10:57:22 +01:00
Simon Glass
866e2ac5aa efi: Move exit_boot_services into a function
At present this code is inline in the app and stub. But they do the same
thing. The difference is that the stub does it immediately and the app
doesn't want to do it until the end (when it boots a kernel) or not at
all, if returning to UEFI.

Move it into a function so it can be called as needed.

Add a comment showing how to store the memory map so that it can be
accessed within the app if needed, for debugging purposes only. The map
can change without notice.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-15 10:57:22 +01:00
Heinrich Schuchardt
717b33cb9b efidebug: avoid 'dfu_alt_info not defined' message
If variable dfu_alt_info is not defined duplicate messages are displayed.

    => efidebug boot dump
    Scanning disk mmc2.blk...
    Scanning disk mmc1.blk...
    Scanning disk mmc0.blk...
    Found 3 disks
    No EFI system partition
    "dfu_alt_info" env variable not defined!
    Probably dfu_alt_info not defined
    "dfu_alt_info" env variable not defined!
    Probably dfu_alt_info not defined

Remove the 'Probably dfu_alt_info not defined' message.
Instead write a warning if the variable contains no entities.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-15 10:57:22 +01:00
Ilias Apalodimas
a2f1482fc0 efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installed
U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen
node. That would be problematic in case we want to measure the DTB we
install in the configuration table, since it would change across reboots.

The Linux kernel EFI-stub completely ignores it and only relies on
EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization
of the physical placement of the kernel). In fact it (blindly) overwrites
the existing seed if the protocol is installed. However it still uses it
for randomizing it's virtual placement.
So let's get rid of it in the presence of the RNG protocol.

It's worth noting that TPMs also provide an RNG.  So if we tweak our
EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device
is present the 'kaslr-seed' property will always be removed, allowing
us to reliably measure our DTB.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2022-01-15 10:57:22 +01:00
Eugen Hristev
97f2a749d5 lib: Kconfig: fix PHANDLE_CHECK_SEQ position outside of menu
CONFIG_PHANDLE_CHECK_SEQ is outside of the menu 'Library routines'
thus it's invisible in menuconfig and cannot be selected.
Fix this by moving the 'endmenu' after the PHANDLE_CHECK_SEQ definition

Fixes: c589132a1d ("fdt: Use phandle to distinguish DT nodes with same name")
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Aswath Govindraju <a-govindraju@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-14 14:36:57 -05:00
qianfan Zhao
62649165cb lib: sparse: Make CHUNK_TYPE_RAW buffer aligned
CHUNK_TYPE_RAW buffer is not aligned, and flash sparse images by
fastboot will report "Misaligned operation" if DCACHE is enabled.

Flashing Sparse Image
CACHE: Misaligned operation at range [84000028, 84001028]
CACHE: Misaligned operation at range [84001034, 84002034]
CACHE: Misaligned operation at range [8401104c, 8401304c]

Fix it

Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
2022-01-14 12:26:30 -05:00
Tom Rini
fe04d885fb Merge branch 'next'
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-10 14:01:57 -05:00
Heinrich Schuchardt
675c3ccc5c lib/rsa: avoid -Wdiscarded-qualifiers
The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *.
Our code drops the const qualifier leading to

In file included from tools/lib/rsa/rsa-sign.c:1:
./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’:
./tools/../lib/rsa/rsa-sign.c:631:13: warning:
assignment discards ‘const’ qualifier from pointer target type
[-Wdiscarded-qualifiers]
  631 |         rsa = EVP_PKEY_get0_RSA(pkey);
      |             ^

Add a type conversion.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-10 08:13:24 -05:00
Tom Rini
0dadad6d7c - disable CONFIG_NET_RANDOM_ETHADDR when unnecessary on amlogic based configs
- meson64_android: add board specific env settings, in order to support VIM3/L for android
 - add changes to support VIM3/L android boot by using meson64_android.h config
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPVPGJshWBf4d9CyLd9zb2sjISdEFAmHYV8MACgkQd9zb2sjI
 SdELkA/+LjyjJB1KI6/KLLg43zyFeeZX/SjQd5BUIx6EfaCgyTkuq2lzQnErGmbi
 HoyMoNLpBxLIL27/5TXPzmKYAeOfKPxA/sXTTtx/l7PG8ncSZIoU0+utqjycdUsK
 tSi7EdFzk7/kDDRkqqA7q9nxsPn/7GQNh/ZC9zstMXKaTO/TEb/sZWCMcvQ0MNoB
 ynZKOCg5t60UkIYIRwZwC/OS/ssn86dovv/Aa/8D6qpL2AbS5DoCXHuAr8Dnz7fJ
 q4rV7oLh7a+WHe/qC7R6ylYFIVVqY5JaIgbLDwuvk1z9o7txchMMQnGgllZ35sN9
 LECD2iSDGjhPaHuGCvQwl3TWtIpvtdcP4sQTyJhsXNPxCG6HHvRz7xY4erUohR1I
 LIddwCCHeCrBiaamXNbCzph2+JhfPSQ5ETCL9M6iBMxNUPunlCxjfjDzlT/pg11p
 EO9PIPjRMR9QhxKtd3gZpyAqPuMBEmIwhDtHI6dL3DNOOsF44ObE4swnzS6qXIDn
 jRZzFCC2f/Vyg11YnzFtV3A5eWwJahGDWAGAnnlg6Y8GCLlLmDJitcgA/rWSALko
 T5fC8L8IFUx2RnHczyitJ/wqJl9FqOAnIaoB3Trpwp8gFQ15dQjbvoXldQnAjSS2
 9bns3zOrx79EF4lbHhwNE9UDLm6OjK5vR3h4bGJvyZBmasVsA90=
 =dLEg
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-amlogic-20220107' of https://source.denx.de/u-boot/custodians/u-boot-amlogic into next

- disable CONFIG_NET_RANDOM_ETHADDR when unnecessary on amlogic based configs
- meson64_android: add board specific env settings, in order to support VIM3/L for android
- add changes to support VIM3/L android boot by using meson64_android.h config
2022-01-09 07:56:31 -05:00
Simon Glass
62725e661a efi: Show when allocated pages are used
Add a message here so that both paths of memory allocation are reported.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 07:02:06 +01:00
Simon Glass
bc53a35ac5 efi: Check for failure when initing the app
The stub checks for failure with efi_init(). Add this for the app as well.
It is unlikely that anything can be done, but we may as well stop.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:50:40 +01:00
Simon Glass
2a1cf03ea4 efi: Share struct efi_priv between the app and stub code
At present each of these has its own static variable and helper functions.
Move them into a shared file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
184be59258 efi: Add a few comments to the stub
Comment some functions that need more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
613cd0c467 efi: Locate all block devices in the app
When starting the app, locate all block devices and make them available
to U-Boot. This allows listing partitions and accessing files in
filesystems.

EFI also has the concept of 'disks', meaning boot media. For now, this
is not obviously useful in U-Boot, but add code to at least locate these.
This can be expanded later as needed.

We cannot use printf() in the early stub or app since it is not compiled
in

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
726cd9836d efi: Make unicode printf available to the app
This is needed to show unicode strings. Enable this code in the app.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Ilias Apalodimas
2707610eb7 efi_loader: Don't limit the StMM buffer size explicitly
Currently we allow and explicitly check a single shared page with
StandAloneMM.  This is dictated by OP-TEE which runs the application.
However there's no way for us dynamically discover the number of pages we
are allowed to use.  Since writing big EFI signature list variable
requires more than a page, OP-TEE has bumped the number of shared pages to
four.

Let's remove our explicit check and allow the request to reach OP-TEE even
if it's bigger than what it supports.  There's no need to sanitize the
number of pages internally.  OP-TEE will fail if we try to write more
than it's allowed. The error will just trigger later on,  during the
StMM access.

While at it add an error message to help users figure out what failed.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
2021-12-31 06:44:29 +01:00
Tom Rini
2f8a6db5d8 Finish conversion of CONFIG_SYS_CLK_FREQ to Kconfig
In order to finish moving this symbol to Kconfig for all platforms, we
need to do a few more things.  First, for all platforms that define this
to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to
CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h.  This entails
also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk()
and updating a few preprocessor tests.

With that done, all platforms that define a value here can be converted
to Kconfig, and a fall-back of zero is sufficiently safe to use (and
what is used today in cases where code may or may not have this
available).  Make sure that code which calls this function includes
<clock_legacy.h> to get the prototype.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-12-27 16:20:18 -05:00
Heinrich Schuchardt
3a8b919932 tools: avoid OpenSSL deprecation warnings
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-26 06:57:20 +01:00
Ilias Apalodimas
2b18d95d91 efi_loader: Don't limit the StMM buffer size explicitly
Currently we allow and explicitly check a single shared page with
StandAloneMM.  This is dictated by OP-TEE which runs the application.
However there's no way for us dynamically discover the number of pages we
are allowed to use.  Since writing big EFI signature list variable
requires more than a page, OP-TEE has bumped the number of shared pages to
four.

Let's remove our explicit check and allow the request to reach OP-TEE even
if it's bigger than what it supports.  There's no need to sanitize the
number of pages internally.  OP-TEE will fail if we try to write more
than it's allowed. The error will just trigger later on,  during the
StMM access.

While at it add an error message to help users figure out what failed.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
2021-12-26 06:49:14 +01:00