Commit graph

164 commits

Author SHA1 Message Date
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Heinrich Schuchardt
82d01f04fa efi_loader: switch to non-secure mode later
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.

With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().

Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-29 20:22:40 +01:00
Heinrich Schuchardt
ff2f532fad efi_loader: make the UEFI boot manager configurable
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:09:34 +01:00
Heinrich Schuchardt
94686f60a2 efi_loader: implement EFI_DT_FIXUP_PROTOCOL
A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Heinrich Schuchardt
5f59518a7b efi_loader: setting boot device
Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.

Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.

For a PE-COFF image remember address and size, boot device and path.

For a FIT image remember boot device and path.

If the PE-COFF image is overwritten by loading another file, forget it.

Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Heinrich Schuchardt
bb33c79e47 efi_loader: simplify running helloworld.efi
Currently when executing 'bootefi hello' we copy helloworld.efi to the
address identified by environment variable loadaddr. This is unexected
behavior for a user. There is no need to copy helloworld.efi before
executing it after relocation.

Remove the copy action.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Heinrich Schuchardt
4cbb2930bd efi_loader: consider no-map property of reserved memory
The device tree may contain a /reserved-memory node. The no-map property
of the sub-nodes signals if the memory may be accessed by the UEFI payload
or not.

In the EBBR specification (https://github.com/arm-software/ebbr) the
modeling of the reserved memory has been clarified.

If a reserved memory node in the device tree has the no-map property map,
create a EfiReservedMemoryType memory map entry else use
EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
c2f010393b efi_loader: log messages for bootefi command
Write log messages when booting via the bootefi command to allow tracking
on the syslog server. Example messages are

    Booting /snp.efi

or

    Booting /MemoryMapped(0x0,0x4fe00000,0x35a40)
    Loading image failed

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
72e1fcacff efi_loader: document parameters of do_bootefi_exec()
Add the missing description of the load_options parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
0ad64007fe efi_loader: set load options in boot manager
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
1064d04920 efi_loader: factor out efi_set_load_options()
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
c001837400 efi_loader: use logging for bootefi command
Log messages of the bootefi command instead of simply printing them to the
console.

Do not show "## Application terminated" message when the UEFI binary
completed successfully.

Adjust the python tests testing for '## Application terminated'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
039d4f50e4 efi_loader: incorrect check against FDT_ADDR_T_NONE
With commit 0d7c2913fd ("cmd: bootefi: Honor the address & size cells
properties correctly") addr was replaced by fdt_addr. But not in the check
against FDT_ADDR_T_NONE.

Fixes: 0d7c2913fd ("cmd: bootefi: Honor the address & size cells properties
correctly")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-30 14:16:20 +02:00
Bin Meng
b1c272d18b cmd: bootefi: Fix fdt_size variable type in efi_carve_out_dt_rsv()
Variable fdt_size should be of type 'fdt_size_t', not 'fdt_addr_t'.

Fixes 0d7c2913fd: ("cmd: bootefi: Honor the address & size cells properties correctly")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-24 16:50:15 +02:00
Atish Patra
0d7c2913fd cmd: bootefi: Honor the address & size cells properties correctly
fdtdec_get_addr_size reads the uses a fixed value for address & size
cell properties which may not be correct always.

Use the auto variant of the function which automatically reads
 #address-cells & #size-cells from parent and uses to read the "reg"
property.

Signed-off-by: Atish Patra <atish.patra@wdc.com>

On 32 bit systems fdt_addr_t may be 4 bytes long but size is defined as
u64. Avoid filling the upper 4 bytes of the sizep parameter of
fdtdec_get_addr_size_auto_parent() with random bytes from the stack by
defining a separate variable fdt_size.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-19 09:00:38 +02:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Michael Walle
714497e327 efi_loader: round the memory area in efi_add_memory_map()
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-17 21:59:53 +02:00
Heinrich Schuchardt
42a426e027 efi_loader: put device tree into EfiACPIReclaimMemory
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Heinrich Schuchardt
4fe050e65f efi_loader: remove superfluous NULL check in bootefi.c
efi_free_pool() and efi_delete_handle() both check if their argument is
NULL. The caller should not duplicate this check.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Heinrich Schuchardt
4ef2b0d551 efi_loader: only reserve memory if fdt node enabled
Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.

Reported-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Fixes: fef907b2e4 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
2020-03-28 10:45:03 +01:00
Atish Patra
7be64b885a cmd: bootefi: Parse reserved-memory node from DT
Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.

Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.

1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]

Signed-off-by: Atish Patra <atish.patra@wdc.com>

Fix an endless loop.

The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-17 08:29:52 +01:00
Heinrich Schuchardt
fef907b2e4 efi_loader: create reservations after ft_board_setup
Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().

The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.

Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-17 08:29:52 +01:00
Heinrich Schuchardt
7d4d551e7d efi_loader: fix efi_install_fdt() description
In the function description use the correct parameter name.

Mention EFI_FDT_USE_INTERNAL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-19 12:53:36 +01:00
Simon Glass
336d4615f8 dm: core: Create a new header file for 'compat' features
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.

Move the compatibility features into a separate header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-05 19:33:46 -07:00
Heinrich Schuchardt
a3850e40e1 efi_loader: free load options after execution
When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.

Free memory allocated for load options when the UEFI binary exits.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
f64f223256 efi_loader: export efi_install_fdt()
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().

Export the efi_install_fdt() function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
f9ceb6ac14 efi_loader: carve out efi_run_image()
Provide public function efi_run_imager() which can be used to run an UEFI
image from memory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
753aa18f17 efi_loader: use hardware device tree by default
If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
7a597259d2 efi_loader: pass address to efi_install_fdt()
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.

If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Simon Glass
7b51b576d6 env: Move env_get() to env.h
Move env_get() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2019-08-11 16:43:41 -04:00
Heinrich Schuchardt
810371a0b2 efi_loader: fix function comments in cmd/bootefi.c
Describe efi_set_bootdev().

Change function descriptions to Sphinx style.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16 22:17:19 +00:00
Bryan O'Donoghue
b225c92fd0 efi_loader: Change return type of efi_add_memory_map()
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.

This patch does the following:

- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio()  to new efi_add_memory_map()

Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16 22:17:17 +00:00
Heinrich Schuchardt
e2d82f8b2a efi_loader: comments for efi_install_fdt()
Describe that efi_install_fdt() defaults to using the device tree
indicated by environment variable fdtcontroladdr.

ACPI tables and device trees are mutually exclusive.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:23 +02:00
Heinrich Schuchardt
7e92db810b efi_loader: deduplicate code in cmd/bootefi.c
Move duplicate initialization code to single instance.

Adjust comments of concerned functions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:23 +02:00
Heinrich Schuchardt
52cbac9b06 efi_loader: clean up UEFI sub-system initialization
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.

Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().

Remove unused includes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-07 21:10:03 +02:00
Heinrich Schuchardt
556d8dc937 efi_loader: implement support of exit data
In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().

Let the `bootefi` command print the exit data string in case of an error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-02 18:17:50 +02:00
AKASHI Takahiro
d40e05ae95 efi_loader: set OsIndicationsSupported at init
UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Add comments. Rename a variable.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-02 18:17:49 +02:00
Heinrich Schuchardt
6182495e10 efi_loader: need either ACPI table or device tree
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.

If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.

The fdt unit test should not be run on boards with an ACPI table.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
6b95b38c41 efi_loader: rework bootmgr/bootefi using load_image API
In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.

With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
e2e4098e1b cmd: bootefi: carve out do_bootefi_image() from do_bootefi()
This is a preparatory patch for reworking do_bootefi() in later patch.
All the non-boot-manager-based (that is, bootefi <addr>) code is put
into one function, do_bootefi_image().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
d6b21894d4 cmd: bootefi: carve out bootmgr code from do_bootefi()
This is a preparatory patch for reworking do_bootefi() in later patch.
do_bootmgr_exec() is renamed to do_efibootmgr() as we put all the necessary
code into this function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
cc999d58e3 cmd: bootefi: move do_bootefi_bootmgr_exec() forward
This is a preparatory patch for reworking do_bootefi() in later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
3fc2b16335 cmd: bootefi: carve out efi_selftest code from do_bootefi()
This is a preparatory patch for reworking do_bootefi() in later patch.

Efi_selftest code is unusual in terms of execution path in do_bootefi(),
which make that function complicated and hard to understand. With this
patch, all efi_selftest related code will be put in a separate function.

The change also includes expanding efi_run_prepare() and efi_run_finish()
in do_bootefi_exec().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
3ffc52fd23 cmd: bootefi: merge efi_install_fdt() and efi_process_fdt()
This is a preparatory patch for reworking do_bootefi() in later patch.
For simplicity, merge two functions.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Return error code of efi_install_configuration_table() when aborting from
efi_install_fdt().

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:28 +02:00
AKASHI Takahiro
e878e6a7da cmd: bootefi: carve out fdt handling from do_bootefi()
This is a preparatory patch for reworking do_bootefi() in later patch.

Carve out a function to handle the installation of the device tree
as a configuration table in system table.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:27 +02:00
AKASHI Takahiro
defa7b8edd cmd: bootefi: rework set_load_options()
set_load_options() can fail, so it should return error code to stop
invoking an image.
In addition, set_load_options() now takes a handle, instead of
loaded_image_info, to utilize efi_load_image() in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:27 +02:00
Ilias Apalodimas
29361ec473 Change FDT memory type from runtime data to boot services data
Following Ard's suggestion:
Runtime data sections are intended for data that is used by the runtime
services implementation.
Let's change the type to EFI_BOOT_SERVICES_DATA.

This also fixes booting of armv7 using efi and fdtcontroladdr.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-12 22:00:42 +02:00
Heinrich Schuchardt
1504bb0d96 efi_loader: clean up bootefi_test_prepare()
Free resources upon failure.

Correct the function description.

As there is no need for any special address in the dummy memory device
path passed via the EFI_LOADED_IMAGE_PROTOCOL simply use 0 as address.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-02-16 15:42:20 +01:00