This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
On 32 bit systems fix
warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
Fixes: a415d61eac ("cmd: map addresses to sysmem in efidebug memmap")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Addresses in the sandbox's device tree are in the sandbox's virtual address
space. If we want to compare memory reservations in the device-tree with
the output of 'efidebug memmap', we need to convert back to this address
space.
Adjust the output of the 'efidebug memmap' command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the missing line feed at the error message if the variable referred to
by 'efidebug boot rm' does not exist.
Shorten the format string by using the variable name instead of the number
of the boot variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is a wrong usage of utf8_utf16_strncpy() in "boot rm" command, and
then it will end up with a failure of this command due to a wrong
value of an interim variable ("var_name16").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
When we hit a matching GUID we can directly return the text. There is no
need for a check after the loop.
efi_guid_t is defined as 8 byte aligned but GUIDs in packed structures do
not follow this alignment. Do not require the argument of get_guid_text()
to be correctly aligned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
I detected the following error in sandbox with Clang on Travis CI:
+cmd/efidebug.c:703:15: error: result of comparison of constant
9223372036854775822 with expression of type 'int' is always false
[-Werror,-Wtautological-constant-out-of-range-compare]
+ else if (ret == EFI_NOT_FOUND)
+ ~~~ ^ ~~~~~~~~~~~~~
Simply changing a type of 'ret' to efi_status_t will fix this error.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
make htmldocs produces a warning:
./cmd/efidebug.c:733: WARNING: Unexpected indentation.
Correct the indentation.
Remove 'See above for details of sub-commands.' which is not helpful in the
Sphinx generated documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_status_t and int are of different size. Use separate variables for
return codes of different type.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Boot####, BootOrder and BootNext should be non-volatile.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The field boot OptionalData in structure _EFI_LOAD_OPTIONS is for binary
data.
When we use `efidebug boot add` we should convert the 5th argument from
UTF-8 to UTF-16 before putting it into the BootXXXX variable.
When printing boot variables with `efidebug boot dump` we should support
the OptionalData being arbitrary binary data. So let's dump the data as
hexadecimal values.
Here is an example session protocol:
=> efidebug boot add 00a1 label1 scsi 0:1 doit1 'my option'
=> efidebug boot add 00a2 label2 scsi 0:1 doit2
=> efidebug boot dump
Boot00A0:
attributes: A-- (0x00000001)
label: label1
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit1
data:
00000000: 6d 00 79 00 20 00 6f 00 70 00 74 00 69 00 6f 00 m.y. .o.p.t.i.o.
00000010: 6e 00 00 00 n...
Boot00A1:
attributes: A-- (0x00000001)
label: label2
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit2
data:
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently in do_efi_boot_dump(), we directly read EFI variables from
related environment variables. To accommodate alternative storage
backends, we should switch to using the UEFI API instead.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The `efidebug dh` command shows handles and the installed protocols. For
most of the protocols implemented by U-Boot a short text was shown. But for
some only the GUID was displayed.
Provide the missing short texts for the following protocols: HII String,
HII Database, HII Config Routing, Simple Network, PXE Base Code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should consistently use the same name for protocol GUIDs as defined in
the UEFI specification. Not adhering to this rule has led to duplicate
definitions for the EFI_LOADED_IMAGE_PROTOCOL_GUID.
Adjust misnamed protocol GUIDs.
Adjust the text for the graphics output protocol in the output of the
`efidebug dh` command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In `efidebug boot add iPXE scsi 0:1 snp-arm64.efi --foo` a parameter is
missing. Hence the command should not silently return as if everything were
ok but should display the usage info.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
"drivers" command prints all the uefi drivers on the system.
=> efi drivers
Driver Name Image Path
================ ==================== ====================
000000007ef003d0 <NULL> <built-in>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
"devices" command prints all the uefi variables on the system.
=> efi devices
Scanning disk ahci_scsi.id0lun0...
Scanning disk ahci_scsi.id1lun0...
Found 4 disks
Device Device Path
================ ====================
000000007ef07ea0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000000007ef00c10 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(0,0)
000000007ef00dd0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)
000000007ef07be0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)/HD(1,MBR,0x086246ba,0x800,0x40000)
000000007ef07510 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)/HD(2,MBR,0x086246ba,0x40800,0x3f800)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, there is no easy way to add or modify UEFI variables.
In particular, bootmgr supports BootOrder/BootXXXX variables, it is
quite hard to define them as u-boot variables because they are represented
in a complicated and encoded format.
The new command, efidebug, helps address these issues and give us
more friendly interfaces:
* efidebug boot add: add BootXXXX variable
* efidebug boot rm: remove BootXXXX variable
* efidebug boot dump: display all BootXXXX variables
* efidebug boot next: set BootNext variable
* efidebug boot order: set/display a boot order (BootOrder)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
