Add parameter checks in efi_load_image().
Check memory allocation is successful in efi_load_image().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
fdt_region.c does not depend on anything in libfdt_internal.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The get_codeseg32() wants to know if a passed in descriptor has
flag GDT_NOTSYS set (desc & GDT_NOTSYS), not whether desc and
GDT_NOTSYS are not != 0 (desk && GDT_NOTSYS).
This is an obvious typo. Fix it up.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE
binary into memory prior to handing off control to OPTEE.
We need to pull this value out of u-boot in order to produce an IMX IVT/CSF
signed pair for the purposes of secure boot. The best way to do that is to
have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.
Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default address of TrustZone
DRAM that a board-port can over-ride. The region that U-Boot sets aside for
the OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
address specified in the OPTEE build and the TZDRAM address specified in
U-Boot match-up.
Further patches will use TZDRAM address with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM
that a board-port can over-ride. The region that U-Boot sets aside for the
OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
size specified in the OPTEE build and the TZDRAM size specified in U-Boot
match-up.
Further patches will use TZDRAM size with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
This patch adds code to lib to enable sharing of useful OPTEE code between
board-ports and architectures. The code on lib/optee/optee.c comes from the
TI omap2 port. Eventually the OMAP2 code will be patched to include the
shared code. The intention here is to add more useful OPTEE specific code
as more functionality gets added.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.
This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h
and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Enable networking command only when NET is enabled.
And remove selecting NET for CMD_NET
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
efi_disk_register should return as status code (efi_status_t).
Disks with zero blocks should be reported as 'not ready' without throwing
an error.
This patch solves a problem running OpenBSD on system configured with
CONFIG_BLK=n (e.g. i.MX6).
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add stubs for UpdateCapsule, QueryCapsuleCapabilities, and
QueryVariableInfo.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Change the return type of efi_driver_init() to efi_status_t.
efi_driver_init() calls efi_add_driver() which returns an efi_status_t
value. efi_driver_init() should not subject this value to a conversion to
int losing high bits on 64bit systems.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the UEFI revision number in the system table header is set to
2.0.5. This version number does not refer to any existing version of the
UEFI standard.
Set the revision number to 2.7.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently we set the function pointer for the CreateEventEx boot service
to NULL. When called this would lead to an immediate failure.
A function stub is provided which handles the case that the boot service
is called without an event group and returns EFI_UNSUPPORTED otherwise.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For EFI binaries we need special CFLAGS.
They were specified for an object file that since has been replaced.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Before the patch an undefined constant EFI_SUBSYSTEM was used in the
crt0 code. The current version of binutils does not swallow the error.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888403
The necessary constant IMAGE_SUBSYSTEM_EFI_APPLICATION is already
defined in pe.h. So let's factor out asm-generic/pe.h for the
image subsystem constants and use it in our assembler code.
IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER does not exist in the specification
let's use IMAGE_SUBSYSTEM_EFI_ROM instead.
The include pe.h is only used in code maintained by Alex so let him be the
maintainer here too.
Reported-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Vagrant Cascadian <vagrant@debian.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
config_fallbacks.h has some logic that sets HAVE_BLOCK_DEVICE
based on a list of enabled options. Moving HAVE_BLOCK_DEVICE to
Kconfig allows us to drastically shrink the logic in
config_fallbacks.h
Signed-off-by: Adam Ford <aford173@gmail.com>
[trini: Rename HAVE_BLOCK_DEVICE to CONFIG_BLOCK_DEVICE]
Signed-off-by: Tom Rini <trini@konsulko.com>
config_fallback.h has some logic that checks a variety of options
and selects LIB_UUID if it hasn't already been selected. This
will all LIB_UUID in Kconfig and select this option for the list
of options to allow us to remove the logic from fallbacks
Signed-off-by: Adam Ford <aford173@gmail.com>
config_fallbacks.h had some logic to automatically select
LIB_RAND if RANDOM_UUID or CMD_UUID were set if LIB_HW_RAND wasn't
already selected. By migrating LIB_HW_RAND to Kconfig, we can
remove this check from config_fallbacks.h and put it into Kconfig
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
[trini: Turn into a choice, add NET_RANDOM_ETHADDR]
Signed-off-by: Tom Rini <trini@konsulko.com>
AES encryption in CBC mode, in most cases, must be used with random
initialization vector. Using the same key and initialization vector several
times is weak and must be avoided.
Added iv parameter to the aes_cbc_encrypt_blocks and aes_cbc_decrypt_blocks
functions for passing initialization vector.
Command 'aes' now also require the initialization vector parameter.
Signed-off-by: Andrey Mozzhuhin <amozzhuhin@yandex.ru>
Now that we have %pD support in vsprintf we should avoid separate
logic for printing device paths in other places.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
In an image is loaded from memory we do not have a device path.
Do not install NULL as device path in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When printing '%pD' with a value of NULL we want to output
'<NULL>'. But this requires copying to buf. Leave this
to string16.
A unit test is supplied which relies on EFI support in the sandbox.
The development for EFI support in the sandbox is currently in branch
u-boot-dm/efi-working. The branch lacks commit 6ea8b580f0 ("efi_loader:
correct DeviceNodeToText for media types"). Ater rebasing the aforementioned
branch on U-Boot v2018.01 and adding 256060e425 and this patch the test
is executed successfully.
Fixes: 256060e425 (vsprintf.c: add EFI device path printing)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When a UEFI payload just returns instead of calling the Exit() callback,
we handle that in efi_do_enter() and call Exit on its behalf, so that
the loaded_image->exit_status value is correct.
We were missing that logic in StartImage(). Call it there too.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Provide a better description for indent_string.
Fix a typo.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
EFI calls are usually defined as asmlinkage. That means we pass all parameters
to functions via the stack x86_32.
On x86_64 however, we need to also stick to the MS ABI calling conventions,
which the EFIAPI define conveniently handles for us. Most EFI functions were
also marked with EFIAPI, except for the entry call.
So this patch adjusts all entry calls to use EFIAPI instead of the manual
asmlinkage attribute.
While at it, we also change the prototype of the entry point to return
efi_status_t instead of ulong, as this is the correct prototype definition.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- Use efi_status_t in all occurences
We have 2 users of the EFI headers: efi_loader and the EFI stub. Efi_loader
always expects that the bitness of the definitions it uses is identical to
the execution.
The EFI stub however allows to run x86_64 U-Boot on 32bit EFI and the other
way around, so it allows for different bitness of EFI definitions and U-Boot
environment.
This patch explicitly requests via Kconfig that efi_loader can only be enabled
if the bitness is identical. Because we can run efi_loader on x86_64 without
EFI stub enabled, it also ensures that this case propagates the correct ABI
constraints.
Signed-off-by: Alexander Graf <agraf@suse.de>
There is tons of code duplication between lib/libfdt/libfdt.h and
scripts/dtc/libfdt/libfdt.h. Evacuate the U-Boot own code to
include/libfdt.h and remove lib/libfdt/libfdt.h.
For host tools, <libfdt.h> should include scripts/dtc/libfdt/libfdt.h,
which is already suitable for user-space.
For compiling U-Boot, <linux/libfdt.h> should be included because we
need a different libfdt_env.h .
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The only difference between scripts/dtc/libfdt/fdt_rw.c and
lib/libfdt/fdt_rw.c is fdt_remove_unused_strings().
It is only used by fdtgrep, so we do not need to compile it for U-Boot
image. Move it to tools/libfdt/fdw_rw.c so that lib/libfdt/fdt_rw.c
can be a wrapper of scripts/dtc/libfdt/fdt_rw.c.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The sunXi arm64 build has overflown, leading to the main U-boot binary
overwriting the environment when flashing the new image, or even worse,
overwriting itself when we're calling saveenv.
Disable this option that is not critical until we can adress the issue
properly.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Some messages are only useful if an error occurs.
Fix a use after free.
Add a missing free.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Create device path nodes for UCLASS_ETH udevices.
Create device path nodes of block device children of UCLASS_MMC udevices.
Consistently use debug for unsupported nodes.
Set the log level to error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: Fix build failure by adding #ifdef CONFIG_DM_ETH]
Signed-off-by: Alexander Graf <agraf@suse.de>
This test checks the driver for block IO devices.
A disk image is created in memory.
A handle is created for the new block IO device.
The block I/O protocol is installed on the handle.
ConnectController is used to setup partitions and to install the simple
file protocol.
A known file is read from the file system and verified.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch provides
* a uclass for EFI drivers
* a EFI driver for block devices
For each EFI driver the uclass
* creates a handle
* adds the driver binding protocol
The uclass provides the bind, start, and stop entry points for the driver
binding protocol.
In bind() and stop() it checks if the controller implements the protocol
supported by the EFI driver. In the start() function it calls the bind()
function of the EFI driver. In the stop() function it destroys the child
controllers.
The EFI block driver binds to controllers implementing the block io
protocol.
When the bind function of the EFI block driver is called it creates a
new U-Boot block device. It installs child handles for all partitions and
installs the simple file protocol on these.
The read and write functions of the EFI block driver delegate calls to the
controller that it is bound to.
A usage example is as following:
U-Boot loads the iPXE snp.efi executable. iPXE connects an iSCSI drive and
exposes a handle with the block IO protocol. It calls ConnectController.
Now the EFI block driver installs the partitions with the simple file
protocol.
iPXE uses the simple file protocol to load Grub or the Linux Kernel.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: add comment on calloc len]
Signed-off-by: Alexander Graf <agraf@suse.de>
This pair of tests checks the StartImage boot service.
Each test loads an EFI application into memory and starts it.
One returns by calling the Exit boot service. The other returns directly.
The tests are not built on x86_64 because the relocation code for the efi
binary cannot be created.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch lets the implementation of ExitBootServices conform to
the UEFI standard.
The timer events must be disabled before calling the notification
functions of the exit boot services events.
The boot services must be disabled in the system table.
The handles in the system table should be defined as efi_handle_t.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
In ExitBootServices we need to signal events irrespective of the current
TPL level. A new parameter check_tpl is added to efi_signal_event().
Function efi_console_timer_notify() gets some comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
On a block device and its partitions the same protocols can be
installed. To tell the apart we can use the type of the last
node of the device path which is not the end node.
The patch provides a utility function to find this last node.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add the revision constants.
Depending on the revision additional fields are needed in the
media descriptor.
Use efi_uintn_t for number of bytes to read or write.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Up to now we have been using efi_disk_create_partitions() to create
partitions for block devices that existed before starting an EFI
application.
We need to call it for block devices created by EFI
applications at run time. The EFI application will define the
handle for the block device and install a device path protocol
on it. We have to use this device path as stem for the partition
device paths.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Provide new function efi_dp_part_node() to create a device
node for a partition.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The GUID of the EFI_BLOCK_IO_PROTOCOL is needed in different code
parts. To avoid duplication make efi_block_io_guid a global symbol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The interface type name can be used to look up the interface type.
Don't confound it with the driver name which may be different.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
