When calling efi_dp_from_name() we are not interested in the device part.
Just pass NULL as an argument.
Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The GUID of partitions is sufficient for identification and will stay
constant in the lifetime of a boot option. The preceding path of the
device-path may change due to changes in the enumeration of devices.
Therefore it is preferable to use the short-form of device-paths in load
options. Adjust the 'efidebug boot add' command accordingly.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Create the GUID as a global variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Parameter size is never used in function efi_dp_from_lo(). Remove it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Display the number of the boot option and not its index.
Fixes: 2ecee31017 ("efi_loader: use efi_create_indexed_name()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use efi_get_variable_int() instead of EFI_CALL(RT->get_variable()).
Use efi_set_variable_int() instead of EFI_CALL(efi_set_variable()).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Simplify the creation of indexed variable names like 'Boot0000' by using
function efi_create_indexed_name().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To print a UTF-16 string use %ls instead of converting string to UTF-8.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To print a UTF-16 string use %ls instead of converting string to UTF-8.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Replace static function efi_get_device_handle_info() by a simplified
function efi_get_device_path_text() avoiding EFI_CALL().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit enables the ESRT printing from the u-boot shell by invoking:
- efidebug capsule esrt
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().
The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.
The code ensures that every ESRT entry has a unique fw_class value.
Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec allows a packed array of UEFI device paths in the
FilePathList[] of an EFI_LOAD_OPTION. The first file path must
describe the loaded image but the rest are OS specific.
Previous patches parse the device path and try to use the second
member of the array as an initrd. So let's modify efidebug slightly
and install the second file described in the command line as the
initrd device path.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This occur when building on Raspberry Pi 400 (32-bit ARM). Fix them.
Examples:
cmd/efidebug.c: In function ‘do_efi_capsule_update’:
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
size [-Wpointer-to-int-cast]
ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
^
include/efi_loader.h:104:9: note: in definition of macro ‘EFI_CALL’
typeof(exp) _r = exp; \
^~~
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
size [-Wpointer-to-int-cast]
ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
^
include/efi_loader.h:104:19: note: in definition of macro ‘EFI_CALL’
typeof(exp) _r = exp; \
^~~
In file included from include/common.h:20,
from lib/efi_loader/efi_capsule.c:9:
lib/efi_loader/efi_capsule.c: In function ‘efi_update_capsule’:
include/efi_loader.h:83:8: warning: format ‘%lu’ expects argument of type
‘long unsigned int’, but argument 10 has type ‘size_t’
{aka ‘unsigned int’} [-Wformat=]
debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
^~~~~~~~~~~~~~~~~~
include/linux/printk.h:37:21: note: in definition of macro ‘pr_fmt’
#define pr_fmt(fmt) fmt
^~~
include/log.h:229:2: note: in expansion of macro ‘log’
log(LOG_CATEGORY, LOGL_DEBUG, fmt, ##args); \
^~~
include/log.h:249:2: note: in expansion of macro ‘debug_cond’
debug_cond(_DEBUG, fmt, ##args)
^~~~~~~~~~
include/efi_loader.h:83:2: note: in expansion of macro ‘debug’
debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
^~~~~
lib/efi_loader/efi_capsule.c:444:2: note: in expansion of macro ‘EFI_ENTRY’
EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
^~~~~~~~~
lib/efi_loader/efi_capsule.c:444:19: note: format string is defined here
EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
~~^
%u
Signed-off-by: Simon Glass <sjg@chromium.org>
Replace (uintptr_t)NULL by 0.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the handle for the UEFI System Partition we must install the System
Partition GUID (with a NULL interface).
Let the efidebug command display the GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CID 316364 says:
> Null pointer dereferences (FORWARD_NULL)
> printf("Result total size: 0x%x\n", result->variable_total_size);
at do_efi_capsule_res().
The code is basically safe because a buffer for "result" is allocated
by malloc() and filled up by the second get_variable(), which fails any way
if the allocation has failed.
But the first (and second) get_variable() possibly returns an error other
than EFI_SUCCESS. We always need to check the return code from
get_variable() before accessing the data in "result".
While this change won't suppress CID 316364, the resulting code is much
safer.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a efidebug subcommand to initiate a firmware update using the efi
firmware management protocol(fmp) set_image routine.
The firmware update can be initiated through
'efidebug capsule disk-update'
This would locate the efi capsule file on the efi system partition,
and call the platform's set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
"efidebug capsule" is more or less a debugging utility.
efidebug capsule update: invoke UpdateCapsule against data on memory
efidebug capsule show: show a capsule header
efidebug capsule result: dump a capsule result variable
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A previous commit is adding EFI_TCG2_PROTOCOL, which in it's eventlog
support registers an EFI configuration table.
Let's add the necessary GUID so 'efidebug table' command can display
table names properly.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add the Random Number Generator (RNG) protocol to the GUIDs that the
'efidebug dh' protocol can replace by a text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable load_options must be initialized to NULL to avoid a segmentation
fault when freeing the memory this variable points to.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For passing the optional data of the load option to the loaded imaged
protocol we need its size.
efi_deserialize_load_option() is changed to return the size of the optional
data.
As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.
Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.
Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI 2.8 specification has introduced the EFI_MEMORY_SP memory
attribute. Add it to the 'efidebug memmap' and 'efi mem' commands.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
With the previous patches that use OP-TEE and StandAloneMM for UEFI
variable storage we've added functionality for efi_query_variable_info.
So let's add the relevant command to efidebug and retrieve information
about the container used to store UEFI variables
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Compiling with -Wtype-limits yields:
cmd/efidebug.c:968:32: error: comparison is always false due to limited
range of data type [-Werror=type-limits]
968 | if (*endp != '\0' || bootnext > 0xffff) {
|
Remove the superfluous check.
Fixes: 59df7e7e77 ("cmd: add efidebug command")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The check here, "Null pointer dereferences," is a false positive.
So leave a comment.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Coverity (CID 300329)
Coverity detected a dead code, but actually there is a bug in a check
against a number of arguments. So simply fix it.
Reported-by: Coverity (CID 300330)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not to refer to a function via the run-time or boot services
tables if the function is exported.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* don't copy GUIDs for no reason
* shorten print format strings by using variable names
* don't use the run-time table to access exported functions
* check the result of malloc() (fixes Coverity CID 300331)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For EFI_PERSISTENT_MEMORY_TYPE the 'efidebug memmap' command produces an
illegal memory access.
* Add the missing descriptive string for EFI_PERSISTENT_MEMORY_TYPE.
* Replace the check for EFI_MAX_MEMORY_TYPE by the ARRAY_SIZE() macro.
Reported-by: Coverity (CID 300336)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Do not recreate a variable name that we already have as u16 string.
* Check the return value of malloc()
* EFI_NOT_FOUND cannot occur for a variable name returned by
GetNextVariableName(). Remove a print statement.
* Don't copy a GUID for no reason.
* Don't use the run-time service table to call exported functions.
* Don't pass NULL to show_efi_boot_opt_data() (fixes Coverity CID 300338).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
On 32 bit systems fix
warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
Fixes: a415d61eac ("cmd: map addresses to sysmem in efidebug memmap")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Addresses in the sandbox's device tree are in the sandbox's virtual address
space. If we want to compare memory reservations in the device-tree with
the output of 'efidebug memmap', we need to convert back to this address
space.
Adjust the output of the 'efidebug memmap' command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the missing line feed at the error message if the variable referred to
by 'efidebug boot rm' does not exist.
Shorten the format string by using the variable name instead of the number
of the boot variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is a wrong usage of utf8_utf16_strncpy() in "boot rm" command, and
then it will end up with a failure of this command due to a wrong
value of an interim variable ("var_name16").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>