At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.
For now no callers pass the size, but this can be updated later.
Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.
With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().
Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.
Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.
For a PE-COFF image remember address and size, boot device and path.
For a FIT image remember boot device and path.
If the PE-COFF image is overwritten by loading another file, forget it.
Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently when executing 'bootefi hello' we copy helloworld.efi to the
address identified by environment variable loadaddr. This is unexected
behavior for a user. There is no need to copy helloworld.efi before
executing it after relocation.
Remove the copy action.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device tree may contain a /reserved-memory node. The no-map property
of the sub-nodes signals if the memory may be accessed by the UEFI payload
or not.
In the EBBR specification (https://github.com/arm-software/ebbr) the
modeling of the reserved memory has been clarified.
If a reserved memory node in the device tree has the no-map property map,
create a EfiReservedMemoryType memory map entry else use
EfiBootServicesData.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Write log messages when booting via the bootefi command to allow tracking
on the syslog server. Example messages are
Booting /snp.efi
or
Booting /MemoryMapped(0x0,0x4fe00000,0x35a40)
Loading image failed
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).
Factor out a common function efi_set_load_options().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Log messages of the bootefi command instead of simply printing them to the
console.
Do not show "## Application terminated" message when the UEFI binary
completed successfully.
Adjust the python tests testing for '## Application terminated'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With commit 0d7c2913fd ("cmd: bootefi: Honor the address & size cells
properties correctly") addr was replaced by fdt_addr. But not in the check
against FDT_ADDR_T_NONE.
Fixes: 0d7c2913fd ("cmd: bootefi: Honor the address & size cells properties
correctly")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable fdt_size should be of type 'fdt_size_t', not 'fdt_addr_t'.
Fixes 0d7c2913fd: ("cmd: bootefi: Honor the address & size cells properties correctly")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
fdtdec_get_addr_size reads the uses a fixed value for address & size
cell properties which may not be correct always.
Use the auto variant of the function which automatically reads
#address-cells & #size-cells from parent and uses to read the "reg"
property.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
On 32 bit systems fdt_addr_t may be 4 bytes long but size is defined as
u64. Avoid filling the upper 4 bytes of the sizep parameter of
fdtdec_get_addr_size_auto_parent() with random bytes from the stack by
defining a separate variable fdt_size.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.
There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.
Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_free_pool() and efi_delete_handle() both check if their argument is
NULL. The caller should not duplicate this check.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.
Reported-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Fixes: fef907b2e4 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.
Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.
1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Fix an endless loop.
The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().
The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.
Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.
Free memory allocated for load options when the UEFI binary exits.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().
Export the efi_install_fdt() function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.
If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.
This patch does the following:
- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()
Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Describe that efi_install_fdt() defaults to using the device tree
indicated by environment variable fdtcontroladdr.
ACPI tables and device trees are mutually exclusive.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.
Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().
Remove unused includes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().
Let the `bootefi` command print the exit data string in case of an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add comments. Rename a variable.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.
If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.
The fdt unit test should not be run on boards with an ACPI table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.
With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
All the non-boot-manager-based (that is, bootefi <addr>) code is put
into one function, do_bootefi_image().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
do_bootmgr_exec() is renamed to do_efibootmgr() as we put all the necessary
code into this function.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
Efi_selftest code is unusual in terms of execution path in do_bootefi(),
which make that function complicated and hard to understand. With this
patch, all efi_selftest related code will be put in a separate function.
The change also includes expanding efi_run_prepare() and efi_run_finish()
in do_bootefi_exec().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
For simplicity, merge two functions.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Return error code of efi_install_configuration_table() when aborting from
efi_install_fdt().
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch for reworking do_bootefi() in later patch.
Carve out a function to handle the installation of the device tree
as a configuration table in system table.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
set_load_options() can fail, so it should return error code to stop
invoking an image.
In addition, set_load_options() now takes a handle, instead of
loaded_image_info, to utilize efi_load_image() in a later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following Ard's suggestion:
Runtime data sections are intended for data that is used by the runtime
services implementation.
Let's change the type to EFI_BOOT_SERVICES_DATA.
This also fixes booting of armv7 using efi and fdtcontroladdr.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Free resources upon failure.
Correct the function description.
As there is no need for any special address in the dummy memory device
path passed via the EFI_LOADED_IMAGE_PROTOCOL simply use 0 as address.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>