At present the entire test state is effective passed into a test driver
just to record which device was removed. This is unnecessary and makes it
harder to track what is going on.
Use a simple boolean instead.
Also drop the unused 'removed' member while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This error should not happen in normal use. Reduce the length of it to
save space in the image.
Add an empty spl.h file to sh since it appears to lack this.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present it is not possible to include spl.h in on these architectures
since the asm/spl.h file is not present. We want to be able to use the
spl_phase() function, so add empty headers to make things build.
Signed-off-by: Simon Glass <sjg@chromium.org>
These are supposed to be private to driver model, not accessed by any code
outside. Add a trailing underscore to indicate this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use these functions in the core code as much as possible. With this, there
are only two places where each priv/plat pointer is accessed, one for read
and one for write.
Signed-off-by: Simon Glass <sjg@chromium.org>
Most drivers use these access methods but a few do not. Update them.
In some cases the access is not permitted, so mark those with a FIXME tag
for the maintainer to check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Add functions so this information is not accessed directly. This will be
needed for of-platdata which stores it in a different place.
Signed-off-by: Simon Glass <sjg@chromium.org>
This code was kept around after of-platdata started supporting parent
devices. That feature seems stable now, so let's drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the name 'uclass_driver' is used for the uclass linker list.
This does not follow the convention of using the struct name. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the output from this function is hard to read in SPL, due to
(intended) limitations in SPL's printf() function. Add an SPL version so
it is clearer.
Signed-off-by: Simon Glass <sjg@chromium.org>
This uses up space in the SPL binary but it always starts as zero. Also
some boards cannot support data in TPL (e.g. Intel Apollo Lake).
Use malloc() to allocate this structure instead, by moving the init a
little later, after malloc() is inited. Make this function optional since
it pulls in malloc().
This reduces the TPL binary size on coral by about 64 bytes
Signed-off-by: Simon Glass <sjg@chromium.org>
The spl-test4 node deliberately has an invalid compatible string. This
causes a warning from dtoc and the check it does is not really necessary.
Drop it, to avoid the warning and associated confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Lower case should be used for function names. Update this driver and its
callers accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Typedefs should not be used in U-Boot and structs should be lower case.
Update the code to use struct ns16550 consistently.
Put a header guard on the file while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
At present the dtoc commmand line is repeated twice in the Makefile. Use a
variable to avoid this, so it is easier to add more conditional arguments.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the SPL_NAME variable to simplify the rules. Drop the SPL targets
clean-files since the SPL and TPL dts/ directories are removed by
existing rules. Move the SPL rules into a new spl_dtbs to avoid the
complicated $(if) construct.
Also drop unused pieces from the 'targets' variable.
With this, SPL and TPL have separate dtbs which respect the various
u-boot,dm-spl / u-boot,dm-tpl tags.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than putting these in the top-level dts/ directory (which is
intended for U-Boot proper), put them in the correct subdirectory for
SPL (either spl/ or tpl/). This is where other SPL targets are kept,
so this is more consistent.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present both SPL and TPL use the same devicetree binary. While there
is logic to run fdtgrep separately on each one, it does not actually
happen.
Add a new TPL rule and use that instead. Make this rule conditional on
there actually being a TPL. Do the same for SPL for consistency.
Note that the SPL and TPL dtbs are build by a Makefule rule used for
U-Boot proper. This is the 'dtbs' target in dts/Makefile. So the check
for CONFIG_TPL_BUILD in cmd_fdtgrep never actually works at present.
We don't support CONFIG_OF_EMBED for TPL at present.
Signed-off-by: Simon Glass <sjg@chromium.org>
* UEFI capsule authentication
* UEFI capsule update on QEMU ARM
* fsuuid command for FAT file system
* bug fixes
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl/t+U4ACgkQxIHbvCwF
GsTexw/+K0BXWsx2lSBuOty0QIazr9ZjljVYLHIWa9PuWibEWPlfDZFLVSXZmYJ2
nv7B8ieagO8Ev+ULog8Y64q0Ild8188J/00zhWHRe96ovIjjyZ60jJPHUeUlL9UY
XJdpKPUyYdtJEG8I8DUaFiuGpleidNLScnEhGdpyJXvyW5vV9helcpSYexB/jOCe
LTgFR6a4ULpTQUpbKPEBlhF7Ww4/jJbVT8rdmACRGGvNMBI65wbvTHcQ2fZbi8MS
gau7eUd9rBCn/SbBKv19rGCffKvksBxXGfmp/+neB7ZUNwf2suQqVmDkucSATw93
fUyZCbyMm1f5WfhmJK7EfF8xUE4v5gBwrmCuV7TARzX9dRJeslezd5OVK+WpniVM
ZhRt7dBXdmbpf35o2KyPuvI//+Sa8vJw80vtiSK/UZCH5uEAkDK9+VXzQiRna7dN
tNmFW1bJEYz18lf6n9KWLH4A8mustwi2mwHS5sk+m8pYpS8Cihmwhpmv++QvSEyg
RvmS1ax77Bj3krfqVCiFQixuRmcwYjwPySvTzjFVJzVlEiRgoYo7BIHo6bZx8aDh
3lkB7By2OyC2xzRyd0Lkxw497tMaEQMuFV9voRuT7jmdK7g0grnu1daapKM5wKnt
wKxoZ8XmFKw2hyTnlNvkg8CP+B4lPPB2AEyf4q21iBM/bfOawo4=
=d+Lk
-----END PGP SIGNATURE-----
Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for next
* UEFI capsule authentication
* UEFI capsule update on QEMU ARM
* fsuuid command for FAT file system
* bug fixes
Add documentation highlighting the steps for using the uefi capsule
update feature for updating the u-boot firmware image.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add a efidebug subcommand to initiate a firmware update using the efi
firmware management protocol(fmp) set_image routine.
The firmware update can be initiated through
'efidebug capsule disk-update'
This would locate the efi capsule file on the efi system partition,
and call the platform's set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for enabling uefi capsule authentication. This feature is
enabled by setting the environment variable
"capsule_authentication_enabled".
The following configs are needed for enabling uefi capsule update and
capsule authentication features on the platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Prior to writing to an mtd device, mtd_erase is called. This call
fails in case the sector being erased is locked. Call mtd_unlock to
unlock the region which is to be erased and later written to. Lock the
region once the write to the region has completed.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The fsp_types.h header file contains macros for building signatures of
different widths. These signature macros are architecture agnostic,
and can be used in all places which use signatures in a data
structure. Move and rename the fsp_types.h under the common include
header.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The dfu framework uses the dfu_alt_info environment variable to get
information that is needed for performing the firmware update. Add
logic to set the dfu_alt_info for the qemu arm64 platform to reflect
the two mtd partitions created for the u-boot env and the firmware
image. This can be subsequently extended for other qemu architectures
which need this variable set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for setting the default values for mtd partitions on the
platform. This would be used for updating the firmware image using
uefi capsule update with the dfu mtd backend driver.
Currently, values have been defined for the qemu arm64 platform, with
default values defined for the mtd partitions based on the NOR
flash. This can be subsequently extended for other qemu architectures
which need mtdparts set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
On the qemu arm platform, the virtio devices are initialised in the
board_init function, which gets called before the initr_pci. With
this sequence, the virtio block devices on the pci bus are not
initialised. Move the initialisation of the virtio devices to
board_late_init which gets called after the call to initr_pci.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.
The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When a new event is queued we have to process the event queue by calling
efi_process_event_queue(). But there is not reason to call the function
when the event is not queueable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.
So let's add an extra argument with the buffer size and check that
before doing any copying.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we install the EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader only falls back to the cmdline interpreted initrd if the
protocol is not installed.
This creates a problem for EFI installers, since they won't be able to
load their own initrd and start the installation.
A following patch introduces a different logic where we search for an
initrd path defined in an EFI variable named 'Initrd####'.
If the bootmgr is used to launch the EFI payload, we'll will try to match
the BootCurrent value and find the corresponding initrd
(i.e Boot0000 -> Initrd0000 etc). If the file is found, we'll install
the required protocol which the kernel's efi-stub can use and load our
initrd.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
dm.h and env.h serve no purpose here. Remove them and sort the
remaining in alphabetical order.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not use data from the loaded image object after deleting it.
Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().
Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.
Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FAT file system does not have a UUID but a 4 byte volume ID.
Let the fsuuid command show it in XXXX-XXXX format.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FAT filesystem implementation uses several marcros referring to a magic
variable name mydata which renders the code less readable. Eliminate one of
them which is only used for a debug() statement.
Use log_debug() instead of debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
