Commit graph

2888 commits

Author SHA1 Message Date
AKASHI Takahiro
ab31c8a158 efi_loader: disk: remove unused field
The field, ifname, in efi_disk_obj is set but never used anywhere.
Just remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-20 08:38:12 +02:00
Masahisa Kojima
ee57666294 efi_loader: move udevice pointer into struct efi_object
This is a preparation patch to provide the unified method
to access udevice pointer associated with the EFI handle
by adding udevice pointer into struct efi_object.
The patch also introduces a helper function efi_link_dev()
to link the udevice and EFI handle.

The EFI handles of both EFI block io driver implemented in
lib/efi_loader/efi_disk.c and EFI block io driver implemented
as EFI payload can access the udevice pointer in the struct efi_object.
We can use this udevice pointer to get the U-Boot friendly
block device name(e.g. mmc 0:1, nvme 0:1) through EFI handle.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-13 11:09:49 +02:00
Heinrich Schuchardt
e7496e57a0 efi_loader: fix efi_convert_device_path_to_text()
Ensure that the string we convert to UTF-16 is NUL terminated even
if the device path only contains end nodes.

Fixes: bd3d75bb0c ("efi_loader: multi part device paths to text")
Addresses-Coverity: 350434 ("Uninitialized scalar variable")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-08-13 11:09:49 +02:00
Tom Rini
40ed7be4af Convert CONFIG_SYS_FDT_PAD to Kconfig
This converts the following to Kconfig:
   CONFIG_SYS_FDT_PAD

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-08-12 16:10:50 -04:00
Simon Glass
bc06aa035d bootstd: Allow bootmeths to be marked as global
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.

Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:17:10 -04:00
Simon Glass
331048471d dm: core: Introduce support for multiple trees
At present ofnode only works with a single device tree, for the most part.
This is the control FDT used by U-Boot.

When booting an OS we may obtain a different device tree and want to
modify it. Add some initial support for this into the ofnode API.

Note that we don't permit aliases in this other device tree, since the
of_access implementation maintains a list of aliases collected at
start-up. Also, we don't need aliases to do fixups in the other FDT. So
make sure that flat tree and live tree processing are consistent in this
area.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:14:23 -04:00
Simon Glass
cafe8712e8 video: Renname vbe.h to vesa.h
We want to use VBE to mean Verfiied Boot for Embedded in U-Boot. Rename
the existing VBE (Vesa BIOS extensions) to allow this.

Verified Boot for Embedded is documented doc/develop/vbe.rst

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-12 08:14:23 -04:00
Pali Rohár
3ff4675d73 lz4: Fix compile warning comparison of distinct pointer types
In file included from include/linux/bitops.h:22,
                 from include/log.h:15,
                 from include/linux/printk.h:4,
                 from include/common.h:20,
                 from lib/lz4_wrapper.c:6:
lib/lz4_wrapper.c: In function ‘ulz4fn’:
include/linux/kernel.h:184:17: warning: comparison of distinct pointer types lacks a cast
  (void) (&_min1 == &_min2);  \
                 ^~
lib/lz4_wrapper.c:104:18: note: in expansion of macro ‘min’
    size_t size = min((ptrdiff_t)block_size, end - out);
                  ^~~

Signed-off-by: Pali Rohár <pali@kernel.org>
2022-08-10 13:46:55 -04:00
Simon Glass
4e4bf9449b common: Drop display_options.h from common header
Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-08-10 13:46:55 -04:00
Patrice Chotard
5e2548c1d6 lmb: Fix LMB_MEMORY_REGIONS flag usage
This patch is fixing a broken boot observed on stm32mp157c-dk2 board.

IS_ENABLED macro should be used to check if a compilation flag is set
to "y" or "m".
LMB_MEMORY_REGIONS is set to a numerical value, IS_ENABLED macro is not
suitable in this case.

Fixes: 7c1860fce4 ("lmb: Fix lmb property's defination under struct lmb")
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-08-10 13:38:30 -04:00
Sughosh Ganu
e67ffb5aa5 tpm: rng: Add driver model interface for TPM RNG device
The TPM device has a builtin random number generator(RNG)
functionality. Expose the RNG functions of the TPM device to the
driver model so that they can be used by the EFI_RNG_PROTOCOL if the
protocol is installed.

Also change the function arguments and return type of the random
number functions to comply with the driver model api.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Ilias Apalodimas
5d98329196 efi_loader: initialize the RNG protocol after the TCC2
Due to U-Boot's lazy binding the RNG presented by the TCG is not available
until the EFI_TCG2 protocol has been initialized.  Since the TPM has a
built-in RNG device we can use for the OS randomization, move the RNG
protocol installation after the TCG.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Simon Glass
5e5937822a tpm: Export the TPM-version functions
These functions should really be available outside the TPM code, so that
other callers can find out which version the TPM is. Rename them to have
a tpm_ prefix() and add them to the header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-02 23:50:02 +03:00
Tom Rini
7277c4bddc minor dm- and fdt-related fixes
start of test for fdt command
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmLgRtERHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYXFwgAlALOMj3bwwsIAXNa5j/hPb3j/ecIqXgn
 ocyxN+U5eSb2Ju5Jc9QmSeUMnGrii9+PW9j0JApdHrbUgBI2Sx+zwqMTIfA+BS05
 4xXZgk5jOT+we2489FjgFcplv+dIuVlsB/Zo6zTbZyjkobfilYsZEGYHJ/CYNaIH
 n7EmZeby1cXL7DMCxT39d3hD43XSX8cqQ1IIiF9DgtHQYs2Ff8dFcbWArSdgLX3o
 Eob2Qj/GjScg87zjZcsgZajWJMHUfMeD5ZiKN2fR0T/wOdO1WtzFoF2Mt8KZcW1j
 BD1shgBCMSSl5EgRG1BQZw4Sa92W2IBlbJ9tfIh8qnWOzEBzOs/M6w==
 =lsO4
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26jul22' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm.git

minor dm- and fdt-related fixes
start of test for fdt command
2022-07-27 06:59:55 -04:00
Simon Glass
281996110c addrmap: Support on sandbox
Update this feature so that it works on sandbox, using a basic identity
mapping. This allows us to run the 'ut addrmap' test.

Also fix up the test to use the correct macros to access the linker
list, so that the 'ut addrmap' command actually works.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-07-26 02:30:56 -06:00
Ashok Reddy Soma
7c1860fce4 lmb: Fix lmb property's defination under struct lmb
Under struct lmb {} the lmb property's should be defined only if
CONFIG_LMB_MEMORY_REGIONS is defined.

Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/c24a2b1d6f5db4eb65393f6a77fae129b30b6233.1657183534.git.michal.simek@amd.com
2022-07-26 08:23:54 +02:00
Heinrich Schuchardt
2eb328ea61 efi_loader: remove support for CONFIG_LCD
There is no board left using CONFIG_LCD without CONFIG_DM_VIDEO.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-18 17:21:49 +02:00
Masahisa Kojima
9897350c52 efi_loader: expose END device path node
This commit exposes the END device path node.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-13 20:07:07 +02:00
Tom Rini
36b661dc91 Merge branch 'next' 2022-07-11 14:58:57 -04:00
Tom Rini
b340199f82 spl: Ensure all SPL symbols in Kconfig have some SPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-07-07 09:29:08 -04:00
AKASHI Takahiro
634f6b2fb1 efi_loader: image_loader: add a missing digest verification for signed PE image
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.

Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b72d09fa7d efi_loader: image_loader: replace EFI_PRINT with log macros
Now We are migrating from EFI_PRINT() to log macro's.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b330140659 efi_loader: signature: export efi_hash_regions()
This function is used to calculate a message digest as part of
authentication process in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b124efc09f lib: crypto: add mscode_parser
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.

This parser is used in image authentication to parse the field and
retrieve a message digest.

Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
Paul Barbieri
7a85f32413 EFI: Fix ReadBlocks API reading incorrect sector for UCLASS_PARTITION devices
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.

Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.

This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.

Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-07-02 14:19:12 +02:00
Tom Rini
82e0b51ccb Convert CONFIG_ENV_MIN_ENTRIES et al to Kconfig
This converts the following to Kconfig:
   CONFIG_ENV_MIN_ENTRIES
   CONFIG_ENV_MAX_ENTRIES

Cc: Michal Simek <michal.simek@amd.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:11:48 -04:00
Tom Rini
dc2d27ae72 arm: samsung: Remove dead LCD code
Since bb5930d5c9 ("exynos: video: Convert several boards to driver
model for video") there have been no callers of any of the exynos_lcd_*
family of functions.  Remove these from the boards, and then remove
unused logo and related code as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Minkyu Kang <mk7.kang@samsung.com>
2022-06-28 17:03:32 -04:00
Tom Rini
13ce351b9a vpl: Ensure all VPL symbols in Kconfig have some VPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a VPL
specific option has at least a direct dependency on VPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:03:31 -04:00
Tom Rini
8bea4bf7d3 tpl: Ensure all TPL symbols in Kconfig have some TPL dependency
Tighten up symbol dependencies in a number of places.  Ensure that a TPL
specific option has at least a direct dependency on TPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-28 17:03:31 -04:00
Loic Poulain
915047048f lib: sha256: Add support for hardware specific sha256_process
Mark sha256_process as weak to allow hardware specific implementation.
Add parameter for supporting multiple blocks processing.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-06-27 13:36:28 -04:00
Loic Poulain
8201b8066a lib: sha1: Add support for hardware specific sha1_process
Mark sha1_process as weak to allow hardware specific implementation.
Add parameter to support for multiple blocks processing.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-06-27 13:36:27 -04:00
Rui Miguel Silva
bfef72e4dd cmd: load: add load command for memory mapped
cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.

So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.

ex: loadm $kernel_addr $kernel_addr_r $kernel_size

with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-06-22 11:35:47 -04:00
Tom Rini
52af0101be Merge branch 'master' into next
Merge in v2022.07-rc5.
2022-06-20 14:40:59 -04:00
Heinrich Schuchardt
68edbed454 efi_loader: initialize console size late
If CONFIG_VIDEO_DM=n we query the display size from the serial console.
Especially when using a remote console the response can be so late that
it interferes with autoboot.

Only query the console size when running an EFI binary.

Add debug output showing the determined console size.

Reported-by: Fabio Estevam <festevam@gmail.com>
Fixes: a57ad20d07 ("efi_loader: split efi_init_obj_list() into two stages")
Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Fabio Estevam <festevam@denx.de>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
2022-06-19 15:53:09 +02:00
Heinrich Schuchardt
72fa9cd59e efi_loader: create boot options without file path
Allow the efidebug command to create boot options without file path, e.g.

    efidebug boot add -b 0001 'short dev only' host 0:1 ''
    efidebug boot add -B 0002 'long dev only' host 0:1 ''

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-12 13:02:34 +02:00
Heinrich Schuchardt
178667b34b efi_loader: allow booting from short dev only DP
Allow booting from a short form device-path without file path, e.g.

    /HD(1,GPT,5ef79931-a1aa-4c70-9d67-611e8f69eafd,0x800,0x1000)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-12 09:17:54 +02:00
Sughosh Ganu
556a12654a EFI: FMP: Use a common GetImageInfo function for FIT and raw images
The GetImageInfo function definitions for the FIT images and raw
images are the same. Use a common function for the both the Firmware
Management Protocol(FMP) instances for raw and FIT images.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-12 09:17:54 +02:00
Sughosh Ganu
119fafdefb EFI: Do not consider OsIndications variable if CONFIG_EFI_IGNORE_OSINDICATIONS is enabled
The EFI_IGNORE_OSINDICATIONS config symbol was introduced as a
mechanism to have capsule updates work even on platforms where the
SetVariable runtime service was not supported. The current logic
requires the OsIndications variable to have been set to a 64 bit value
even when the EFI_IGNORE_OSINDICATIONS config is enabled. Return an
error code on not being able to read the variable only when
EFI_IGNORE_OSINDICATIONS is not enabled.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-12 09:17:54 +02:00
Rasmus Villemoes
26f981f295 fdtdec: drop needlessly convoluted CONFIG_PHANDLE_CHECK_SEQ
Asking if the alias we found actually points at the device tree node
we passed in (in the guise of its offset from blob) can be done simply
by asking if the fdt_path_offset() of the alias' path is identical to
offset.

In fact, the current method suffers from the possibility of false
negatives: dtc does not necessarily emit a phandle property for a node
just because it is referenced in /aliases; it only emits a phandle
property for a node if it is referenced in <angle brackets>
somewhere. So if both the node we passed in and the alias node we're
considering don't have phandles, fdt_get_phandle() returns 0 for both.

Since the proper check is so simple, there's no reason to hide that
behind a config option (and if one really wanted that, it should be
called something else because there's no need to involve phandle in
the check).

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Acked-by: Aswath Govindraju <a-govindraju@ti.com>
2022-06-06 18:01:21 -04:00
Tom Rini
2e2e784de0 zlib: Port fix for CVE-2018-25032 to U-Boot
While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.

Link: 5c44459c3b
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-06 17:47:17 -04:00
Vincent Stehlé
8645aefc8b efi: test/py: authenticate fit capsules
Add support for the authentication of UEFI capsules containing FIT images.

The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.

The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.

This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-04 08:43:55 +02:00
Sughosh Ganu
6a463bc1c9 EFI: Populate descriptor_count value only when image_info_size is not zero
The GetImageInfo function of the Firmware Mangement Protocol(FMP) gets
called initially to query the size of the image descriptor array that
would have to be allocated. During this call, the rest of the function
arguments, specifically pointers might be passed as NULL. Do not
populate the descriptor_count value before it is known that the call
to GetImageInfo has been made with the allocated buffer for the image
descriptors.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-04 08:43:55 +02:00
Vincent Stehlé
7751d2ef86 efi: fix documentation warnings
This fixes the following warnings:

  ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version' not described in 'efi_firmware_fit_get_image_info'
  ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_fit_get_image_info'
  ./lib/efi_loader/efi_firmware.c:369: warning: bad line: firmware image
  ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version' not described in 'efi_firmware_raw_get_image_info'
  ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_raw_get_image_info'

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28 10:59:27 +02:00
AKASHI Takahiro
57ad624103 efi_loader: bootmgr: fix a problem in loading an image from a short-path
Booting from a short-form device path which starts with the first element
being a File Path Media Device Path failed because it doesn't contain
any valid device with simple file system protocol and efi_dp_find_obj()
in efi_load_image_from_path() will return NULL.
For instance,
/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(0,0)/\helloworld.efi
-> shortened version: /\helloworld.efi

With this patch applied, all the media devices with simple file system
protocol are enumerated and the boot manager attempts to boot temporarily
generated device paths one-by-one.

This new implementation is still a bit incompatible with the UEFI
specification in terms of:
* not creating real boot options
* not try
  "If a device does not support the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, but
  supports the EFI_BLOCK_IO_PROTOCOL protocol, then the EFI Boot Service
  ConnectController must be called for this device with DriverImageHandle
  and RemainingDevicePath set to NULL and the Recursive flag is set to TRUE."
(See section 3.1.2 "Load Option Processing".)

But it still gives us a closer and better solution than the current.

Fixes: commit 9cdf470274 ("efi_loader: support booting via short-form device-path")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28 10:59:27 +02:00
AKASHI Takahiro
05f391e2fc efi_loader: disk: add efi_disk_is_removable()
This helper function will be used to determine if the device is
removable media, initially for handling a short-path loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-05-28 10:59:27 +02:00
Ilias Apalodimas
b436cc6a57 efi_loader: add sha384/512 on certificate revocation
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-05-07 23:17:26 +02:00
Jan Kiszka
6ae494831d efi_loader: Select EVENT as well
Fixes

WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
  Depends on [n]: EVENT [=n]
  Selected by [y]:
  - EFI_LOADER [=y] && OF_LIBFDT [=y] && ...

and the succeeding build breakage.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-07 23:17:26 +02:00
Jan Kiszka
90c52423be lib/date: Make rtc_mktime and mktime64 Y2038-ready
We currently overflow due to wrong types used internally in rtc_mktime,
on all platforms, and we return a too small type on 32-bit.

One consumer that directly benefits from this is mktime64. Many others
may still store the result in a wrong type.

While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
714209832d).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-05-05 15:06:02 -04:00
AKASHI Takahiro
4e65ca00f3 efi_loader: bootmgr: add booting from removable media
Under the current implementation, booting from removable media using
a architecture-specific default image name, say BOOTAA64.EFI, is
supported only in distro_bootcmd script. See the commit 74522c898b
("efi_loader: Add distro boot script for removable media").

This is, however, half-baked implementation because
1) UEFI specification requires this feature to be implemented as part
   of Boot Manager's responsibility:

  3 - Boot Manager
  3.5.1 Boot via the Simple File Protocol
  When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will
  start with a device path that points to the device that implements the
  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next
  part of the FilePath may point to the file name, including
  subdirectories, which contain the bootable image. If the file name is
  a null device path, the file name must be generated from the rules
  defined below.
  ...
  3.5.1.1 Removable Media Boot Behavior
  To generate a file name when none is present in the FilePath, the
  firmware must append a default file name in the form
  \EFI\BOOT\BOOT{machine type short-name}.EFI ...

2) So (1) entails the hehavior that the user's preference of boot media
   order should be determined by Boot#### and BootOrder variables.

With this patch, the semantics mentioned above is fully implemented.
For example, if you want to boot the system from USB and SCSI in this
order,
* define Boot0001 which contains only a device path to the USB device
  (without any file path/name)
* define Boot0002 which contains only a device path to the SCSI device,
and
* set BootOrder to Boot0001:Boot0002

To avoid build error for sandbox, default file name "BOOTSANDBOX.efi"
is defined even if it is out of scope of UEFI specification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
On sandbox use binary name corresponding to host architecture.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
AKASHI Takahiro
d8465ffc01 efi_loader: export efi_locate_device_handle()
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00