According to the UEFI specification the variable VendorKeys is 1 if the
"system is configured to use only vendor-provided keys".
As we do not supply any vendor keys yet the variable VendorKeys must be
zero.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not change the value of parameter attributes in function
efi_set_variable_int(). This allows to use it later.
Do not use variable attr for different purposes but declare separate
variables (attr and old_attr).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Simplify the implementation of the UEFI boot manager:
* avoid EFI_CALL for SetVariable() and GetVariable()
* remove unnecessary type conversions
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read
only.
Avoid EFI_CALL() for SetVariable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have two implementations of UEFI variables:
* variables provided via an OP-TEE module
* variables stored in the U-Boot environment
Read only variables are up to now only implemented in the U-Boot
environment implementation.
Provide a common interface for both implementations that allows handling
read-only variables.
As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:
lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
Use %zu for printing size_t.
Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.
With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A signed image may have multiple signatures in
- each WIN_CERTIFICATE in authenticode, and/or
- each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)
In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.
With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
- the case where a digest algorithm used in signature is not supported by
U-Boot, or
- the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.
Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
WIN_CERT_TYPE_PKCS_SIGNED_DATA
WIN_CERT_TYPE_EFI_PKCS1_15
As EDK2 does, we will support the first two that are pkcs7 SignedData.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Move ADDR_MAP related config options from include/configs/*.h to the
proper place in lib/Kconfig. This has been done using
./tools/moveconfig.py and manual inspection of the generated changes.
This is a preparation to use ADDR_MAP helper on ARM 32bit Raspberry Pi4
board for mapping the PCIe XHCI MMIO, which is above the 4GiB identity
mapping limit.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.
So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
This is defined only when __lp64__ is defined. That means that ulong is
64 bits long. Therefore we don't need to use a separate u64 type on those
architectures.
Fix up the code to take advantage of that, removing the preprocessor
conditions.
Also include the missing header file that defines MEM_SUPPORT_64BIT_DATA
Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
Define this macro always so we don't need the preprocessor to check it.
Convert the users to #if instead of #ifdef.
Note that '#if MEM_SUPPORT_64BIT_DATA' does not give an error if the
macro is not define. It just assumes zero.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
padding_pss_verify only works with the default pss salt setting of -2
(length to be automatically determined based on the PSS block structure)
not -1 (salt length set to the maximum permissible value), which makes
verifications of signatures with that saltlen fail.
Until this gets implemented at least document this behaviour.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
n, rr and rrtmp are used for internal calculations, but in the end
the results are copied into separately allocated elements of the
actual key_prop, so the n, rr and rrtmp elements are not used anymore
when returning from the function and should of course be freed.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When calculating rrtmp/rr rsa_gen_key_prop() tries to make
(((rlen + 31) >> 5) + 1) steps in the rr uint32_t array and
(((rlen + 7) >> 3) + 1) / 4 steps in uint32_t rrtmp[]
with rlen being num_bits * 2
On a 4096bit key this comes down to to 257 uint32_t elements
in rr and 256 elements in rrtmp but with the current allocation
rr and rrtmp only have 129 uint32_t elements.
On 2048bit keys this works by chance as the defined max_rsa_size=4096
allocates a suitable number of elements, but with an actual 4096bit key
this results in other memory parts getting overwritten.
So as suggested by Heinrich Schuchardt just use the actual bit-size
of the key as base for the size calculation, in turn making the code
compatible to any future keysizes.
Suggested-by: Heinrich Schuchardt <xypron.debian@gmx.de>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rrtmp needs 2 + (((*prop)->num_bits * 2) >> 5) array elements.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The exponent field of struct key_prop gets allocated an uint64_t,
and the contents are positioned from the back, so an exponent of
"0x01 0x00 0x01" becomes 0x0 0x0 0x0 0x0 0x0 0x1 0x0 0x1"
Right now rsa_gen_key_prop() allocates a uint64_t but sets exp_len
to the size returned from the parser, while on the other hand the
when getting the key from the devicetree exp_len always gets set to
sizeof(uint64_t).
So bring that in line with the established code.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Right now in multiple places there are only checks for the full
CONFIG_RSA_VERIFY_WITH_PKEY option, not split into main,spl,tpl variants.
This breaks when the rsa functions get enabled for SPL, for example to
verify u-boot proper from spl.
So fix this by using the existing helpers to distinguis between
build-steps.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While the SPL may want to do signature checking this won't be
the case for TPL in all cases, as TPL is mostly used when the
amount of initial memory is not enough for a full SPL.
So on a system where SPL uses DM but TPL does not we currently
end up with a TPL compile error of:
lib/rsa/rsa-verify.c:48:25: error: dereferencing pointer to incomplete type ‘struct checksum_algo’
To prevent that change the $(SPL_) to $(SPL_TPL_) to distinguish
between both. If someone really needs FIT signature checking in
TPL as well, a new TPL_RSA_VERIFY config symbol needs to be added.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
Use function set_gd() for setting the register on ARM.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This series comprises error corrections for the UEFI subsystem:
* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec
The boot manager uses log functions instead of printf() and debug().
The UEFI intialization state is exported.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl8AQD4ACgkQxIHbvCwF
GsQqpxAAlt+EmomF8I5oUFZ7RwX3XTBXOU2oWlYt2DbkemZvroiGnWu6MC52K/RD
sDdJwvIo+5NuzDbGlPqKB/NjhJ4eF2W+vOIKSey8+iCXhTovmCiqc7DzxUm0Ansi
J0A/fwr3jdqUC1dl4C+ytwxPHQC01kK++8Ln5OptqbM1/DskpF0bspdr2fZG02Gc
ndOPw0WEJYEdNH18rQaW+7fOADXgJzK1VIwMIhqQszGrOO/M7mbyXZDpHG787iOH
smz41YL/2n4ExGsU4hdIQNWDmSJuEIWgB0PEeSiLE29O2m5G8eNfsAmHjRrV9U9p
QEbaREQDxXB1BmlYNr/A2497p5pPfjJGhiPVjuN9vRXCMhbGyh937iOkT0c1TAuu
aJyD5pqPxuGMUjNzO5foINMT97DuqewHoEf/DTmp4AtVzBZC+NzTiO79J94PQc6+
xIDomTIM1WWtPlcMyvZfwUrlX33Gh3yOGBTwnXqS/YSzIQ1mqxoE6rFOZihUYRfz
Rh6vUP8csOEhfm0XXDhwAVTudA53cQbBUOgPLPbS6zxhnvJNWN04zHXatg9unBnw
mH8E30dBote0Make8Kzv53j/ytFL06AA/jgnvDbEOmE4SP7aYGL+oYxryjIPudz8
mngRE2x2zlppXknTrYdnOAjlULxxOA88u0XiNi3uIuVJGtEbrfA=
=wwI2
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-10-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for efi-2020-10-rc1
This series comprises error corrections for the UEFI subsystem:
* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec
The boot manager uses log functions instead of printf() and debug().
The UEFI intialization state is exported.
- Resync Kconfiglib with the v14.1.0 release.
- Re-sync our <linux/compiler*h> files with v5.7-rc5 from upstream.
- Fully resync checkpatch.pl with v5.7 release.
To safely to all of the above, we have a few bugfixes about functions
that need a 'static inline' but weren't. We also stop setting
CROSS_COMPILE in arch/*/config.mk. Finally, with the above changes
boards can now opt-in to optimizing inlining and we do this for the
socfpga stratix10 platform for space savings.
Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When booting via the boot manager use log function for user messages
instead of printf() and debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug() to
EFI_PRINT() in efi_image_loader.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug() to
EFI_PRINT in efi_variable.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug to
EFI_PRINT in efi_signature.c
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The simplest solution to revert the commit b32ac16f9a ("test/py: fix
test_efi_secboot/conftest.py") is to move efi_console_register()
forward before efi_disk_register().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Copy these from Linux v5.7-rc5 tag.
This brings in some handy new attributes and is otherwise important to
keep in sync.
We drop the reference to smp_read_barrier_depends() as it is not
relevant on the architectures we support at this time, based on where
it's implemented in Linux today. We drop the call to kasan_check_read()
as that is not relevant to U-Boot as well.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
This could give a confusing error message if it failed and didn't set
errno.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
- Makefile: add rule to build an endian-swapped U-Boot image
used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiQkHUH+J02LLC9InKPlOlyTyXBgFAl76U4wACgkQKPlOlyTy
XBhKeg/6Au6lPC5QLnjEO5gpuhI/eF555jRoABXUNoM8FUjkcqA207Sgd3iTH9lS
imOGHkzwipYno5pY1UoiXr7RKJgAkJfKYWRrZ46qgITrEkgQ8Xyp46xIqhoHvpuH
Qs1YeDllHeRViBt2ZP6UJsYfUIA9xnU/o9tLh4lx2SiCPWbNDns7cB0Ajazh47Cx
8UT2ZwbATaaFfN9m4Lg65O6Fe1G/cHAw5H/xsDajpVOpskHk0RZxRxzob6XLQete
sVkZdjYmH7zG+7THLkPriu2y/qlc5t2re3OeAr/5YwYJODnj3aN7iI20Sl9xMwDP
eDcSt19HMs+Ng60+yqwHxoU+AQ2BjswYHssb2vdY8OQhlRpoFke6nT+oQtCQCYhZ
At/b2O8kh9IM9alsc8xltMABLgrOhREfxC6VQg7bsCH01+qcojGX8dhVQrYsWkKQ
GrCs6SAl8zR78j8s3OGSsvTczMkTrBTglYWIYrlvA5fFhVg5Yz38S+ioTqPc4QDc
ZJ9bDDO00CY4hJC8sx4TQcsn0OmSJeN394dy6CUoxL6fEXBdRmNRLBUnmuTmPmYT
suLB9qaG+Q6cEttXjfNN1VotSG+61COUZ0uoed47cGUo8AxLMTEe62twUc0aDPNS
NMUoMwHqVbivaGUBfG16mu8bnVfaCqFyR/LLGa6J3yQSQ8qeu30=
=dnTK
-----END PGP SIGNATURE-----
Merge tag 'mips-pull-2020-06-29' of https://gitlab.denx.de/u-boot/custodians/u-boot-mips into next
- net: pcnet: cleanup and add DM support
- Makefile: add rule to build an endian-swapped U-Boot image
used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
efi_get_variable_common() does not use EFI_ENTRY(). So we should not use
EFI_EXIT() either.
Fixes: 767f6eeb01 ("efi_loader: variable: support variable authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as
UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2.
Use variable name secure_boot instead of sec_boot for the value of the
UEFI variable SecureBoot.
Avoid abbreviations in function descriptions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode.
So it should not be defined as int but as enum efi_secure_mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7ny9YACgkQxIHbvCwF
GsRTAg//bG9ixJ/ryzkPNhgedyHnJnZ1fBOVQphaJAnQDjLKhxTMsebIaBDpxkGg
yCa0RAo7Y91PeYz/2WavH1BKX4SjSXEDIyIw8cvhCwQ5hmlBEQHiw6WIUCGW2p33
iQO9XdTR8U1IqRENJk6ZtGP6hKH9V8LNY9taBt1lkk45aS8tDVPVivVn+1Z+JFbg
sY0VTaWmCFWOH+aeJprWYR7tjO6TI5KG82SNe3tu3vmfRzFN5X/2E4IOmcHL00Yy
oVGALNBEQ22TZgz7/uQTn4xH3X3a+HDW7RyHnOQUkmqxCUqfTvp54tLLVhNTTsIj
ccvS2TGaI9bKQVIzBQbOWaJRgYrlzDvlCvUwxgqg3iAWx0bzXeB0Nz8cNWTj0HOP
gNpCJeODp3XlGD4PKx6GKg9R6JMmtzcJYudPLhoy1jjwZxLALGv+Y2DRP7fzeLpA
wW6Slg8t3HEMF8JYbqYVa/V0CqB9MNX7nfHBdBu/SoMoOqzMA8TQk3Aen4jTWU1x
wYSxh7sh1KT21/cpoVRTyD+5Ao8Ti6zeDbdCcbAQTr9w210ts/wRyCWXjPbe/WCM
MWiEzuL2o6NfQdzUs1TyNs+8GohNI8X/PzFPok9+5gsbrKqKAbmWB2CQ74ufjt6k
Qg3wHBVOvYFqIvoEFoyWus6Ni4LEycrQ0kuYsHQhnNoZlUXj6wE=
=yON/
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc5' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc5
Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
This reverts commit 0486497e2b.
The strtoul has well-defined semantics. It is defined by the C standard and
POSIX. To quote the relevant section of the man pages,
> If base is zero or 16, the string may then include a "0x" prefix, and the
> number will be read in base 16; otherwise, a zero base is taken as 10
> (decimal) unless the next character is '0', in which case it is taken as
> 8 (octal).
Keeping these semantics is important for several reasons. First, it is very
surprising for standard library functions to behave differently than usual.
Every other implementation of strtoul has different semantics than the
implementation in U-Boot at the moment. Second, it can result in very
surprising results from small changes. For example, changing the string
"1f" to "20" causes the parsed value to *decrease*. Forcing use of the "0x"
prefix to specify hexidecimal numbers is a feature, not a bug. Lastly, this
is slightly less performant, since the entire number is parsed twice.
This fixes the str_simple_strtoul test failing with
test/str_ut.c:29, run_strtoul(): expect_val == val: Expected 0x44b (1099), got 0x1099ab (1087915)
test/str_ut.c:46, str_simple_strtoul(): 0 == run_strtoul(uts, str2, 0, 1099, 4): Expected 0x0 (0), got 0x1 (1)
Signed-off-by: Sean Anderson <seanga2@gmail.com>
CC: Michal Simek <michal.simek@xilinx.com>
CC: Shiril Tichkule <shirilt@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix the loop that parses FDT for a reserved memory node named "optee".
Before this change, if at least one subnode was found in the
reserved-memory node, the function endlessly looped since instruction
continue returned back in the loop without updating variable subnode.
This change fixes the issue by using a for loop.
Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
For size_t we have to use %zu for printing not %lu.
Fixes: 4540dabdca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
change to how sequence numbers are assigned to devices
minor fixes and improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl7kQ4kRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZrvAgAqc/TEj7QHPyW9rQSl8h65MXK93qRsnZo
4segKEtK0Rmv0S2VfmPCwujsDFl5gZUNt+rXD/l7F0a4Wzx4eYgYrEXOYsXs/ZHP
jjGrcbvO4Qkx3QzjMqqoUiQqeCgNQ9XIre8F+1NmZeQ2bFtPKbJXtXKYTcMI1wSW
PhRGbbsTnKNKC0dL0nLFG6+NC/sk6xRqMx28Ip38FTrQL+Uh67LZFpLkY3yuHo/1
CVhCw+7Aov0I6tDrdKrngjFqXRSoTsuOhavSFoW9U6llqDL7FIC6aoRo7x24lSJN
VFTRpXPmNHeslE6NHEOQs9elFpbxXR34te3k4p74rFuX/J/490UaYA==
=172C
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-12jun20' of git://git.denx.de/u-boot-dm into next
patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
minor fixes and improvements
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
At present fdtdec_add_reserved_memory() calls fdtdec_get_addr_size()
to get address and size for the subnodes of /reserved-memory node.
We should honor #address-cells and #size-cells properties in the
parent node.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fdtdec_get_addr_size() expects size is of type 'fdt_size_t', and
return value is of type 'fdt_addr_t'. Adjust their types accordingly.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This displays incorrect data at present due to a missing header file
in display_options. Fix it.
Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
smbios_add_string() cannot deal with empty strings. This leads to incorrect
property values and invalid tables. E.g. for the pine64-lts_defconfig
CONFIG_SMBIOS_MANUFACTURER="". Linux command dmidecode shows:
Table 1:
Manufacturer: sunxi
Product Name: sunxi
Table 3:
Invalid entry length (2). DMI table is broken! Stop.
Replace empty strings by "Unknown".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When build U-Boot SPL, meet an issue of undefined reference to
'crc7' for drivers/mmc/mmc_spi.c, so let's compile crc7.c when
CONFIG_MMC_SPI selected.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
This patch series addresses the following issues:
* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager
In a preparatory patch a structure definition is moved.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7X4dIACgkQxIHbvCwF
GsTMfxAAjYeEoHNhdxr6ZAytC653O0iIb6BQQmrkSakcAtU82PgkiUCJ+oSF09th
nBpSHZ8QW92avfnmrY3FjXj8fPU01LV4gytZwnEtgi6OaWtenOc/t3pElVVk7adW
17VbRTHY3Urb4+oM9hGI5KEmDOgRCe2LUOlOKA6b6tGiG+1mchE4gIgNGh3LDbbM
bAojulCliDoKyIUHMSwrpqX7U5OQF89qhd4AhkmlnYe0OqZueEMS3pDwsHICuP2i
j5SPqHF5r8Nm8Mf+bDLcRDK7xKQAkqGzqP8KwqVN1o7++4MbnlI/zL94vBrbbye9
av7OucMyKL44+BnOpB1dm/Zp8rJpJhOdbr0MHzZCk9foPQrWoLXRGx0dJLWNJvGd
Sb67YXBl8DP//uZCq4zdj/j9wuWE31ZbSRA7SM4ioODQYpRu3RdrQJltQcwIbcwK
M0L0JDXDNdnNPBA3Fwe3QxpskKOaXm1C8yTgDxEnjd9qoZCbohTl/nRjntXQUZWN
Xq3rmgxilYXSyYZ+hqtp6zT0KEZAMSHi/OibYSRQRva491hZS9qhcI3nPPpR30/s
xBd1ee6WW2sZVHVrEfqkWb4w7379I9Cp08lfmk6Mk+pne4Cbn8qc/lH+fxAaKkO5
eUTxWcWWuXJmgPtdZQux7bqDWr9WC6gUQ8W2PLLv4t8l7gqk1lE=
=rbBa
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc4' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc4
This patch series addresses the following issues:
* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager
In a preparatory patch a structure definition is moved.
The global variable, efi_guid_cert_type_pkcs7, will also be used in
efi_image_loader.c in a succeeding patch so as to correctly handle
a signature type of authenticode in signed image.
Meanwhile, it is currently defined in efi_variable.c. Once some secure
storage solution for UEFI variables is introduced, efi_variable.c may
not always be compiled in.
So move the definition to efi_signature.c as a common place.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We want to follow the Linux kernel style for function descriptions.
Add missing parentheses after function names.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
In the UEFI sub-system we need to save gd when leaving to UEFI binaries and
have to restore gd when reentering U-Boot.
Define a new function set_gd() for setting gd and use it in the UEFI
sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>
For passing the optional data of the load option to the loaded imaged
protocol we need its size.
efi_deserialize_load_option() is changed to return the size of the optional
data.
As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.
Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.
Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the CONFIG_GZIP_COMPRESSED from a config.h macro to a Kconfig menu
item. It is not selectable by a user because there is no reason to do
so. Instead it will be automatically selected by the stuff which uses
gzip(), like the zip command.
Remove it from the config_whitelist.txt. Also remove
CONFIG_GZIP_COMPRESS_DEF_SZ as this was never used on any board. The
default seems to be sane, otherwise it should be added as a Kconfig
option.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
Problems fixed with these patches are:
* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7Hb8sACgkQxIHbvCwF
GsR3tA/+NknuzED4AkdVL0uRWw4kZNcSqxY+lpFUC73iWN0gLTWKFO6IXDRF4Jox
3/xWSkMuPkeAp6sjl+Gv8DD2DCkNJedXeMdeAGZzPDLfXn16wmzhjvIe5xz8cr/2
0shL5PtTWK8BR/ClSxTANoYrASGUISIpyq3Tu/dKY9PCGesfvzObmv+n06HizR+b
E2ceSqVfEBZNLkp38o/PAOdrayjJCz7oSGxBhFQx1x3LYV/G6iHWdg9Kw+KsVdmR
GBh1frun8MbC9NOqWjdnMmKi1CeHeCvvBu38lXzpVlfB0VcC2UFeuGaRh1aDKdnq
CAiV20v9JygEwcxLGIEU4r+RwoqSxkbMbB2nlLnDuFmoJCC8gEK0ctUaFFrOV9i3
xB/ynnw4zlht039fv8Qaq6OPiHbzA5qGmE93DY4p6a+iV0Mplfy6qLXw+UWpFEGG
lGBZ2NPu04qjbZdzKCDag6Uw3oEypYMe3CO8Hg7EAQBB49v10LdhtgPm2BgZaaJn
ZmYqzF0+FB1znPGmu6hrxT6IPHy+fP0cxxEma5kxXTp6CapXLHl84v4JGqNPpqmN
jPV4MtmZaBXgasL1TDUCgpuNTEVcBcl49VastpPNMNjPPE/UD+oUXHbW+Lp1u1BH
Jn5rCODNi5gah1X/vQ+yFC7Pk95RE0vqYDbdSUR2Wn1WurfbMzQ=
=o+Cy
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc3 (2)
Problems fixed with these patches are:
* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
Prior to corrective patches for virtio and SATA devices the same device
path was installed on two different handles. This is not allowable.
With this patch we will throw an error if this condition occurs for
block devices.
Update a comment for the installation of the simple file system
protocol.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide device path nodes for SATA devices.
This avoids creation of two handles with the same device path indicating
our root node.
This is what the device paths for a SATA drive with four partitions could
like:
/VenHw(..)/Sata(0x0,0xffff,0x0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(1,MBR,0x81ea591f,0x800,0x63ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(2,MBR,0x81ea591f,0x6400800,0x9ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(3,MBR,0x81ea591f,0x6e00800,0x16ef2ab0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(4,MBR,0x81ea591f,0x1dcf3800,0x1dcedab0)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.
This avoids creation of two handles with the same device path indicating
our root node.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With commit 16ad946f41 ("efi_loader: change setup sequence") the
detection of block device was moved to the start of the initialization
sequence. In the case of virtio devices two handles with the same device
path being created.
The root node handle should be created before anything else.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Fixes: 16ad946f41 ("efi_loader: change setup sequence")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove unnecessary debug() from efi_set_variable_common().
native_name is NULL, so there is no meaning to print it.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add weak function which is called right after fdtdec_setup() configured
the U-Boot DT. This permits board-specific adjustments to the U-Boot DT
before U-Boot starts parsing the DT. This could be used e.g. to patch in
various custom nodes or merge in DT fragments from prior-stage firmware.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.
So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.
There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.
Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
stdlib.h is the header for malloc since at least c89/c90.
There is no system malloc.h on OpenBSD and trying to use malloc.h here
falls back to the U-Boot malloc.h breaking the build of qemu_arm64.
Fixes: 336d4615f8 ("dm: core: Create a new header file for 'compat' features")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
At present the MD5 option cannot be enabled by board configs since it has
no Kconfig name. It is generally enabled, so long as FIT support is
present. But not all boards use FIT, particularly in SPL
Fix this and add an option for SPL as well. This allows board code to call
md5() even if FIT support is not enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current code uses 'u16_strlen(x) + 1) * sizeof(u16)' in various
places to calculate the number of bytes occupied by a u16 string.
Let's introduce a wrapper around this. This wrapper is used on following
patches
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The only error case is that a given UUID is in wrong format.
So just return EFI_INVALID_PARAMETER here.
Reported-by: Coverity (CID 300333)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Coverity detected:
Using "&opt->CheckSum" as an array. This might corrupt or misinterpret
adjacent memory locations.
The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.
Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL. We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_variable_parse_signature() returns NULL on error, so IS_ERR()
is an incorrect check. The goto err leads to pkcs7_free_message(),
which works fine on a NULL ptr.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is no need to call efi_get_variable() instead of
efi_get_variable_common(). So let's use the internal function.
Move forward declarations to the top of the file.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a couple of missing targets so that helloworld and other efi targets
are not needlessly rebuilt.
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
did a cast to uint64_t of the key_prop->public_exponent field.
But that alignment is not guaranteed in all cases.
This came to light when in my spl-fit-signature the key-name exceeded
a certain length and with it the verification then started failing.
(naming it "integrity" worked fine, "integrity-uboot" failed)
key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
also just returns such a void-pointer and inside the devicetree the 64bit
exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
can lead to false reads.
So just use the already existing rsa_convert_big_endian() to do the actual
conversion from the dt's big-endian to the needed uint64 value.
Fixes: fc2f4246b4 ("rsa: Split the rsa-verify to separate the modular exponentiation")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If we want to restore variables from disk, we need to initialize block
devices before variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_set_volatile_variable() and
efi_set_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_get_volatile_variable() and
efi_get_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
"if (left < esl->signature_size)" is not reachable in a while loop.
But it is still valuable in case that a given signature database is
somehow corrupted. So fix the while loop condition.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The most basic printf("%i", value) formating string was missing,
add it for the sake of convenience.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6qkUQACgkQxIHbvCwF
GsRGkQ//R1VltRXNk4RrYiKbsU33biNAIWQB4IhQpm6w1SgsrPAb7yWJEg1xhJ3P
qhujDlVlW2s2Cz+sMkQOTd5/ln55IegJZ4LFlQuOhJCO22TzEenP8bkziMU7UBu8
YtbhtV5cru2DBMg8uBQCazw9Lue5WUktzHgWhiNy+yBY5g6j+vkQHjy/+BjpC6RD
7KT4qfyh+hyhss+O2lLjQYwobVwVxnCfQikWSdfMRqptC8N/lYMGNjiNk42HJssX
cWy44TNUePgCE5pES1krXmR3q7fT/ocuWW2g8QynEJIqjZSWVTmZqLgdba3pd5Di
kfleoByXLS0/HS6AgjdJNv+vwRuOot1RBXfbVYnDwb7flFThvu3xBzy55IMHa6uH
eHDt3v1W3ZSwGnxiTzdbHISH5JidBUJAq+h+S3Zy52plbkgMWplPgFptSscM6+yo
YrCTlzuj019X/Lm1JfO2X7NqhGPX9/MiMDwfvE+BGnWRhwOHNSu/S6+Iu1XUBrXN
Q/tnHJxK1FGcoq73a/5VgiSkfnEl1+YdjdAUM8+nJdUPCL5xCWX1jXNxE0vq0l4U
Y3zsjCj5lM4TnDUJvbOacMM4ltjxSMpBwmkGdleYOcKJxU8WD0YNuhUL2nnUFuDx
7MYHonEPz5s3T+IiMoNAtYr3BHKcxedHNkmpoJsaPS69zMGq7dM=
=38oT
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc2
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
It is useful to dump ACPI tables in U-Boot to see what has been generated.
Add a command to handle this.
To allow the command to find the tables, add a position into the global
data.
Support subcommands to list and dump the tables.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Put this in the context along with the other important pointers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
We always write three basic tables to ACPI at the start. Move this into
its own function, along with acpi_fill_header(), so we can write a test
for this code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this code to a generic location so that we can test it with sandbox.
This requires adding a few new fields to acpi_ctx, so drop the local
variables used in the original code.
Also use mapmem to avoid pointer-to-address casts which don't work on
sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The current code uses an address but a pointer would result in fewer
casts. Also it repeats the alignment code in a lot of places so this would
be better done in a helper function.
Update write_acpi_tables() to make use of the new acpi_ctx structure,
adding a few helpers to clean things up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
A device may want to write out ACPI tables to describe itself to Linux.
Add a method to permit this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
=H2KE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm
Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch enables LZMA decompression support for SPL build
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c
Migrate to a simple wrapper like the other files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Add a helper function for this operation. Update the strtoul() tests to
check upper case as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SPL should not be enlarged by building with CONFIG_HEXDUMP=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The OID registry is only used by crypto functions that are not built in
SPL. So we should not build it in SPL.
Fixes: a9b45e6e83 ("lib: add oid registry utility")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The tool need to use fdtdec_get_child_count(), make it available for
HOST_CC.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
The callback member of struct env_entry is always NULL for an SPL
build. Removing it thus saves a bit of run-time memory in the
SPL (when CONFIG_SPL_ENV_SUPPORT=y) since struct env_entry is embedded
in struct env_entry_node - i.e. about 2KB for the normal case of
512+change hash table entries.
Two small fixups are needed for this, all other references to the
callback member are already under !CONFIG_SPL_BUILD: Don't initialize
.callback in set_flags() - hsearch_r doesn't use that value
anyway. And make env_callback_init() initialize ->callback to NULL for
a new entry instead of relying on an unused or deleted entry having
NULL in ->callback.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In SPL, environment callbacks are not supported, so e->callback is
always NULL. Removing this makes the SPL a little smaller (about 400
bytes in my ppc build) with no functional change.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is preparation for compiling out the "call the callback" code and
associated error handling for SPL, where ->callback is always NULL.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In U-Boot, the reserved memory end address is considered as a inclusive
address. This notion is followed while adding a reserved memory node to
the DT.
For example:
end_address = start_address + size - 1
Follow the same notion and fix the end address computation while checking
for existing nodes.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
There is no way to select BZIP2 compression method.
Add it under library/compression config where all other
compression related configs are present.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
=+ZDZ
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6YdaMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYLRwf8C+vKmERVLLcrMZMMiLctbY2kVflJV8zG
RjFwBcazZDPYjtHqClFZtJyIDYzgkVQRo+QPcdLxjcA+gjSXdteeRa0XTsBTXOZQ
kbs7yBkL+rCIO2WyXtuyajsmDMQtqM5vYgeBdTeYnJu7NVxwRMYrUqqAKLolNpIN
SKNYz+a8OEOG2EetbTdwwrmSpNy/cZ3wDGYK25DFTte8/vCZMRBTPiiNSrLp/RsM
xIojRcLqzARwpvPfFZ8psASKei9+5oIICUrNvwwQGtjepvZwdFQEl90SKaHw8kMf
sP9rxuqlEN5ec6xnMTUgwfnyBZgNIMSeb4KVPP1rxN2eAa5+bK1OlQ==
=gyyY
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-10apr20-take2' of git://git.denx.de/u-boot-dm
Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The DMA Remapping Reporting (DMAR) table contains information about DMA
remapping.
Add a version simple version of this table with only the minimum fields
filled out. i.e. no entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Each ACPI table has its own version number. Add the version numbers in a
single function so we can keep them consistent and easily see what
versions are supported.
Start a new acpi_table file in a generic directory to house this function.
We can move things over to this file from x86 as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This file is potentially useful to other architectures saddled with ACPI
so move most of its contents to a common location.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
supported by the platform firmware
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
Currently we support
* authentication based on db and dbx,
so dbx-validated image will always be rejected.
* following signature types:
EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.
Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.
It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.
Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().
Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Base autodetection is failing for this case:
if test 257 -gt 3ae; then echo first; else echo second; fi
It is because base for 3ae is recognized by _parse_integer_fixup_radix() as
10. The code detects the first char which is not between 'a'/'A' or 'f'/'F'
to change base from dec to hex.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Shiril Tichkule <shirilt@xlinx.com>
These are used in multiple places so update them to use a shared #define.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
'vendor' is both an input and an output parameter. So it cannot be
constant.
Fixes: 0bda81bfdc ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For EFI binaries we have to provide an implementation of memmove() in
efi_freestanding.c.
Before this patch the memmove() function was copying in the wrong
direction.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GetNextVariableName should report the length of the variable including the
final 0x0000 in bytes.
Check this in the unit test.
Increase the buffer size for variable names. 40 bytes is too short.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.
Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:
EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36
U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18
Provide correct length in GetNextVariable().
Fixes: d99a87f84b ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
K3 J721E:
* OSPI boot support
* Support for loading remote cores in R5 SPL
* PMIC ESM Support
* Minor fixes for R5F and C7x remoteproc drivers
K3 AM654:
* Update AVS class 0 voltages.
* Add I2C nodes
DRA7xx/AM57xx:
* Fixed Android boot on AM57xx
AM33/AM43/Davinci:
* switch to driver model for the net and mdio driver for baltos
* Add DM/DTS support for omap video driver
* Enable fastboot on am335x-evm
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function, and hence rsa_verify(), will perform RSA verification
with two essential parameters for a RSA public key in contract of
rsa_verify_with_keynode(), which requires additional three parameters
stored in FIT image.
It will be used in implementing UEFI secure boot, i.e. image authentication
and variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL
for the calculation.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently, if GetMemoryMap API returns EFI_BUFFER_TOO_SMALL, it doesn't
set valid values to other parameters, descriptor_size and
descriptor_version, except memory_map_size.
Some efi applications, however, may use those value; in particular,
xen uses descriptor_size to calculate a size of buffer to be allocated.
While UEFI specification is ambiguous in this point, it would be better
to address this issue proactively to maximize the compatibility with
existing efi applications.
With this patch, for example, xen.efi (and hence linux kernel) can be
started via bootefi without modification.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the generic elf loading/validating functions to lib/
so that they can be re-used and accessed by code existing
outside cmd.
While at it remove the duplicate static version of load_elf_image_phdr
under arch/arm/mach-imx/imx_bootaux.c.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Suggested-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Provide a unit test loading an initial ramdisk using the
EFI_LOAD_FILE2_PROTOCOL. The test is only executed on request.
An example usage - given a file image with a file system in partition 1
holding file initrd - is:
* Configure the sandbox with
CONFIG_EFI_SELFTEST=y
CONFIG_EFI_LOAD_FILE2_INITRD=y
CONFIG_EFI_INITRD_FILESPEC="host 0:1 initrd"
* Run ./u-boot and execute
host bind 0 image
setenv efi_selftest load initrd
bootefi selftest
This would provide a test output like:
Testing EFI API implementation
Selected test: 'load initrd'
Setting up 'load initrd'
Setting up 'load initrd' succeeded
Executing 'load initrd'
Loaded 12378613 bytes
CRC32 2997478465
Executing 'load initrd' succeeded
Now the size and CRC32 can be compared to the provided file.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present devres.h is included in all files that include dm.h but few
make use of it. Also this pulls in linux/compat which adds several more
headers. Drop the automatic inclusion and require files to include devres
themselves. This provides a good indication of which files use devres.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Anatolij Gustschin <agust@denx.de>
In upstream libfdt, 6dcb8ba4 "libfdt: Add helpers for accessing
unaligned words" introduced changes to support unaligned reads for ARM
platforms and 11738cf01f15 "libfdt: Don't use memcpy to handle unaligned
reads on ARM" improved the performance of these helpers.
In practice however, this only occurs when the user has forced the
device tree to be placed in memory in a non-aligned way, which in turn
violates both our rules and the Linux Kernel rules for how things must
reside in memory to function.
This "in practice" part is important as handling these other cases adds
visible (1 second or more) delay to boot in what would be considered the
fast path of the code.
Cc: Patrice CHOTARD <patrice.chotard@st.com>
Cc: Patrick DELAUNAY <patrick.delaunay@st.com>
Link: https://www.spinics.net/lists/devicetree-compiler/msg02972.html
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Patrice Chotard <patrice.chotard@st.com>
As hinted by GCC 9, there is a return statement that returns
an uninitialized variable in optee_copy_firmware_node().
This patch addresses this.
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
drivers/rng/sandbox_rng.c requires rand() to be defined but configuration
option CONFIG_CONFIG_LIB_RAND selected in drivers/rng/Kconfig does not
exist.
test/lib/test_aes.c requires rand() to be defined.
Fix the selection criteria for choice "Pseudo-random library support type".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CONFIG_SPL_RSA is meant to control if lib/rsa/* is used for SPL. Adjust
lib/Makefile to consider this setting.
This was correctly setup with commit 51c14cd128 ("verified-boot: Minimal
support for booting U-Boot proper from SPL") and got lost with commit
089df18bfe ("lib: move hash CONFIG options to Kconfig").
Fixes: 089df18bfe ("lib: move hash CONFIG options to Kconfig")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct some function comments. Convert to Sphinx style.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is not really a CONFIG since it is not intended to be set by boards.
Move it into the compiler header with other similar defines, and rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Until now, we only support aes128. This commit add the support
of aes192 and aes256.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the code, we use the size of the key for the
size of the block. It's true when the key is 128 bits,
but it become false for key of 192 bits and 256 bits.
So to prepare the support of aes192 and 256,
we introduce a constant for the iaes block size.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
UEFI programs like GRUB make change terminal colors which requires support
for ANSI escape sequences.
Let CONFIG_EFI_LOADER=y imply CONFIG_VIDEO_ANSI.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use the correct protocol in efi_uc_stop() when detaching the driver from
the controller.
Change the block IO unit test for the block device driver to throw an error
instead of a todo if teardown fails.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For automating testing we should be able to power off the test system.
The implementation of EFI_RESET_SHUTDOWN requires the do_poweroff()
function which is only available if CONFIG_CMD_POWEROFF=y.
Enable CONFIG_CMD_POWEROFF if PSCI reset is available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for the EFI_RNG_PROTOCOL.
The list of algorithms is read. Two random numbers are generated. The test
checks that the two numbers differ.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Install the EFI_RNG_PROTOCOL implementation for it's subsequent use by
the kernel for features like kaslr.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for the EFI_RNG_PROTOCOL routines for the qemu arm64
platform. EFI_RNG_PROTOCOL is an uefi boottime service which is
invoked by the efi stub in the kernel for getting random seed for
kaslr.
The routines are platform specific, and use the virtio-rng device on
the platform to get random data.
The feature can be enabled through the following config
CONFIG_EFI_RNG_PROTOCOL
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Changed SPDX header to use /* instead of //.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot can be compiled with function tracing enabled.
When compiling with FTRACE __cyg_profile_func_enter() is called when a
function is entered and __cyg_profile_func_exit() when the function is
left.
To avoid a crash we have to define these function for the free-standing
UEFI binaries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On a VT100 terminal <ESC>[2J should be enough to both clear the whole
screen and set the cursor to position (1, 1). But the Linux console does
not behave like this. So send an extra <ESC>[H. For reference see the
console_codes(4) man page.
Add a function description.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the following file to .gitignore
efi_miniapp_file_image_exception.h
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use efi_miniapp_*.h instead of file enumeration.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the GetInfo() method of the EFI_FILE_PROTOCOL is called to retrieve
the file system info we claim that the volume is read only and has no free
space. This leads to failures in programs that check this information
before writing to the volume like SCT's InstallSct.efi.
Currently there is no function to determine these parameters in U-Boot. So
let's return optimistic values:
Return that the volume is writable.
Return the volume size as free space.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI applications like GRUB and SCT assume that function keys are enabled
on the keyboard.
Let EFI_LOADER imply USB_KEYBOARD_FN_KEYS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On x86 platforms the timer is reset to 0 when the SoC is reset. Having
this as the timer base is useful since it provides an indication of how
long it takes before U-Boot is running.
When U-Boot sets the timer base to something else, time is lost and we
no-longer have an accurate account of the time since reset. This
particularly affects bootstage.
Change the default to not read the timer base, leaving it at 0. Add an
option for when U-Boot is the secondary bootloader.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
These functions are used by code outside the network support, so move them
to lib/ to be more accessible.
Without this, the functions are only accessible in SPL/TPL only if
CONFIG_SPL/TPL_NET are defined. Many boards do not enable those option but
still want to do checksums in this format.
Fix up a few code-style nits while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
SPL and TPL can access information about binman entries using link-time
symbols but this is not available in U-Boot proper. Of course it could be
made available, but the intention is to just read the device tree.
Add support for this, so that U-Boot can locate entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Even if not communicating over the network in U-Boot, code may be manipulating
and storing IP or MAC addresses to pass to Linux, etc.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Part of the env cleanup moved this out of the environment code and into
the net code. However, this helper is sometimes needed even when the net
stack isn't included.
Move the helper to lib/net_utils.c like it's similarly-purposed
string_to_ip(). Also rename the moved function to similar naming.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reported-by: Ondrej Jirman <megous@megous.com>
Imported from linux kernel v5.3:
pkcs7.asn1 without changes
pkcs7.h with changes marked as __UBOOT__
pkcs7_parser.h without changes
pkcs7_parser.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
x509.asn1 without changes
x509_akid.asn1 without changes
x509_parser.h without changes
x509_cert_parser.c with changes marked as __UBOOT__
x509_public_key.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
rsapubkey.asn1 without changes
rsa.h without changes
rsa_helper.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
asymmetric-type.h with changes marked as __UBOOT__
asymmetric_type.c with changes marked as __UBOOT__
public_key.h with changes marked as __UBOOT__
public_key.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
build_OID_registry without changes
oid_registry.h without changes
oid_registry.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
asn1.h without changes
asn1_ber_bytecode.h without changes
asn1_decoder.h without changes
asn1_compiler.c without changes
This host command will be used to create a ASN1 parser, for example,
for pkcs7 messages or x509 certificates. More specifically, it will
generate *byte code* which will be interpreted by asn1 decoder library.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will be used in lib/crypto/x509_cert_parser.c, which
will also be imported from linux code in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the next commit, rtc_mktime(), for compatibility with linux, will be
implemented using rtc_mktime(), which is no longer drivers/rtc specific.
So move this file under lib/.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
linux_compat.c is the best place for kmemdup(), which is currenly used
only in ubifs.c, but will also be used when other kernel files
(in my case, lib/crypto/x509_cert_parser.c and pkcs7_parser.c) will be
imported. So just move it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
27084c03d3 ("spl: Allow tiny printf() to be controlled in SPL and
TPL") split this option in two for TPL and SPL, but didn't change the
Kconfig names, making them hard to set quickly.
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Move this function into init.h which seems to be designed for this sort
of thing. Also update the header to declare struct global_data so that it
can be included without global_data.h being needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Move these two functions into the irq_funcs.h header file. Also move
interrupt_handler_t as this is used by the irq_install_handler() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This function belongs in time.h so move it over and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a header file to house the lz4 compression function. Add a comment
while we are here, since it not even clear from the name what the function
actuall does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present this function sits in its own file but it does not really
justify it. There are similar string functions in vsprintf.h, so move it
there. Also add the missing function comment.
Use the vsprintf.h include file explicitly where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
These don't need to be in common.h so move them out into a new header.
Also add some missing comments.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Drop inclusion of crc.h in common.h and use the correct header directly
instead.
With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some of these have a space before the bracket. Drop it to fix the style.
Add some missing function comments while here.
Note that u32 and u8 cannot be used here since crc.h is included on the
host side.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Create a new rand.h header file and move functions into it, to reduce
the size of common.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some of the ARM11 boards have tight limits on the size of U-Boots. Hence
use EFI_LOADER=n as default on ARM11.
Set EFI_LOADER=y for the Raspberry Pi and Raspberry Pi Zero as these boards
have sufficient storage on the SD card.
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With an implementation for allow_unaligned() available for arm1136 and
arm1176 UEFI can be supported on these architectures.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
fatload USB was reported to fail on the Sheevaplug. Debugging showed that
this was caused by an incorrect unaligned write to memory in
path_to_uefi().
UEFI on ARM requires that unaligned memory access is enabled.
* ARMv5 does not support unaligned access at all.
* ARMv6 supports unaligned access when we clear the A flag and set the
U flag.
* On ARMv7 unaligned access is possible when clearing the aligned flag,
which we do in function allow_unaligned() (arch/arm/cpu/armv7/sctlr.S).
For none of the other cpus in arch/arm/cpu/ we have implemented a
similar function.
* ARMv8 allows unaligned access.
Let EFI_LOADER on ARM depend on SYS_CPU=armv7 or SYS_CPU=armv8.
Once we have implemented allow_unaligned() for other ARM CPUs we can add
these to Kconfig.
Reported-by: Gray Remlin <gryrmln@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The loading convention for optee or any other tee on arm64 is as bl32
parameter to the trusted-firmware. So TF-A gets invoked with the TEE as
bl32 and main u-boot as bl33. Once it has done its startup TF-A jumps
into the bl32 for the TEE startup, returns to TF-A and then jumps to bl33.
All of them get passed a devicetree as parameter and all components often
get loaded from a FIT image.
OP-TEE will create additional nodes in that devicetree namely a firmware
node and possibly multiple reserved-memory nodes.
While this devicetree is used in main u-boot, in most cases it won't be
the one passed to the actual kernel. Instead most boot commands will load
a new devicetree from somewhere like mass storage of the network, so if
that happens u-boot should transfer the optee nodes to that new devicetree.
To make that happen introduce optee_copy_fdt_nodes() called from the dt
setup function in image-fdt which after checking for the optee presence
in the u-boot dt will make sure a optee node is present in the kernel dt
and transfer any reserved-memory regions it can find.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
The phandlep pointer returning the phandle to the caller is optional
and if it is not set when calling fdtdec_add_reserved_memory() it is
highly likely that the caller is not interested in a phandle to the
created reserved-memory area and really just wants that area added.
So just don't create a phandle in that case.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The change adding fdtdec_add_reserved_memory() already protected the added
phandle against the phandlep being NULL - making the phandlep var optional.
But in the early code checking for an already existing carveout this check
was not done and thus the phandle assignment could run into trouble,
so add a check there as well, which makes the function still return
successfully if a matching region is found, even though no-one wants to
work with the phandle.
Fixes: c9222a08b3 ("fdtdec: Implement fdtdec_add_reserved_memory()")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As we can build relocation code for the sandbox now we should enable the
unit tests that had to be disabled up to now.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the sandbox the UEFI binaries must match the host architectures.
Adjust the Makefiles. Provide the PE/COFF header and relocation files.
Allow building helloworld.efi on the sandbox.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the sandbox we should mark the stack area as EFI runtime memory like we
do on any other architecture.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, a whole disk without any partitions is not associated
with EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. So even if it houses some
file system, there is a chance that we may not be able to access
it, particularly, when accesses are to be attempted after searching
that protocol against a device handle.
With this patch, EFI_SIMPLE_FILE_SYSTEM_PROTOCOL is installed
to such a disk if part_get_info() shows there is no partition
table installed on it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Only if no partition table exists, check for a file system on disk level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correctly check the return value of efi_dp_from_file().
If we can determine device path for the file, should not depend on the
device path for the device being requested.
Provide a function description for efi_dp_from_name().
Reported-by: Coverity CID 273159, CID 273158
Fixes: 08c51fff30 ("efi_loader: device_path: check against file path length")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Bring over the fdt from this commit:
430419c (origin/master) tests: fix some python warnings
adding in the 'assumptions' series designed to reduce code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
For better or worse libfdt recent grew a lot of code that checks the
validity of the device tree in great detail. When using unsigned or
unverified data this makes things safer, but it does add to code size.
Add some controls to select the trade-off between safety and code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl25wUcACgkQxIHbvCwF
GsQ16w/+IibWYFw2t6AdI8DLWOvlHR/PVAOrbF9cBi1vZPr4drEH6m1ymRWAKjRt
E4u8siBiIs5yhD7laL09JK4p/veTnoHCVrCdli9iPhIJUFGKz9uuXh4ruZgRnGIn
+j0ra0tkTRHeGX4bMtTpMVySQqIuLQ+2ZrMMnfKfnTTlLmhv436xUyBZ/CFl7k4J
7sFj/FfjRCYpe7nfHTqUGidJtJG1cc+hw26c1YrfiKB6piVdH43myOB5sPDW24g3
OPptJyUFqbQjjV6Eq0EOVJt103rVtXpQc0e4Oa/mDDkmrQZ1pUhXi3zhxmzMRDQu
k+9gX0IoSNJcW+e7DrcQsx5SmOnlvoC4euCypzhWEWvES89ftAHIitEAz9oTs6Gc
etwXFomvH797ZOoBztrja9XsfnLFHBQHaAiExqEVVFi/1nhDsYdj+xEDHjDU+cZx
E3UcrRNXcfA2+oaXpNBguzAOrMPX8UbrR1kkaMDTuJfA32Pe7RLz3aMfXyx1rAOU
t7GWSROOYtoNf5IU/Jha1F8231WRPJnWm1LQdzNLaGSmbG/H7vFgW4dpdxEyLn4m
C0Goj0GzmBIQxRL+38sCOKLVxPEpGoU/GzonC9bU0O+UyN57rAiwn9ZbTa6ZvJqG
/2tPoKiutJRueUH3IDWViMhyW/w0h0tj0BUiV5lAQ9X9vW4E1YQ=
=f0m8
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-01-rc2
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
Bootstage improvements for TPL, SPL
Various sandbox and dm improvements and fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl24zDoRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRiwf+Mf7oG//zjiZcHaPP6KOFb1CjwqLSuiaI
eCYB6GEZXuSpc8MjAw+baAfIw8MMFuaCfPsUQ5dDo391neK0sW9kkEsdcXnQBpB3
GdJYcewLN1UuJZovriGobIisGc0GQHh8gmRcVGWSKoEt+gAQauRtVYBIUPuS3JG+
ihZgYmVgICa+3tqavIbP2oZdXLuLAxR65mfiQHtiJwdCN3OOzyls2v0T0slQX9GV
ln6EvTk8OMIudBmkB7YiTmJF7AB+3PH/uBaiYyTKO9gtjLhnmCFvG5HxJTRFOKvU
F4oVWZJDEcqfZvYgWg8i5vgokMP41nzLfBr7j5ifUX1f3xwCHy/Tpw==
=S4XI
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-29oct19' of git://git.denx.de/u-boot-dm
- Fix for patman with email addresses containing commas
- Bootstage improvements for TPL, SPL
- Various sandbox and dm improvements and fixes
After updating libavb to most recent version from AOSP/master, two new
warnings appear:
Warning #1:
lib/libavb/avb_cmdline.c: In function 'avb_append_options':
lib/libavb/avb_cmdline.c:365:15: warning: 'dm_verity_mode' may be
used uninitialized in this function
[-Wmaybe-uninitialized]
new_ret = avb_replace(
^~~~~~~~~~~~
slot_data->cmdline, "$(ANDROID_VERITY_MODE)", dm_verity_mode);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/libavb/avb_cmdline.c:374:8: warning: 'verity_mode' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
if (!cmdline_append_option(
^~~~~~~~~~~~~~~~~~~~~~
slot_data, "androidboot.veritymode", verity_mode)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Warning #2:
lib/libavb/avb_slot_verify.c: In function 'avb_slot_verify':
lib/libavb/avb_slot_verify.c:1349:23: warning: 'ret' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
AvbSlotVerifyResult ret;
^~~
Fix those by providing default return values to affected functions.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Update libavb to commit 5fbb42a189aa in AOSP/master, because new version
has support for super partition [1], which we need for implementing
Android dynamic partitions. All changes from previous patches for libavb
in U-Boot are accounted for in this commit:
- commit ecc6f6bea6 ("libavb: Handle wrong hashtree_error_mode in
avb_append_options()")
- commit 897a1d947e ("libavb: Update SPDX tag style")
- commit d8f9d2af96 ("avb2.0: add Android Verified Boot 2.0 library")
Tested on X15:
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
read_rollback_index not supported yet
read_is_device_unlocked not supported yet
Verification passed successfully
AVB verification OK.
Unit test passes:
$ ./test/py/test.py --bd sandbox --build -k test_avb
test/py/tests/test_android/test_avb.py ss..s.
[1] 49936b4c01
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
malloc_cache_aligned() might return zero, so fix potential NULL pointer
access if __GFP_ZERO flag is set.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Add a simple implementation of this function, to allow logging to be
enabled in the SPL or TPL for systems that rely on the tiny printf()
implementation.
To keep the code size small,
- The function is built only when logging is enabled, as it
(currently) is not needed otherwise; and
- Like the existing implementation of snprintf(), its buffer-size
parameter is ignored.
Signed-off-by: Simon South <simon@simonsouth.net>
Macro ERRNO_MSG() ignores the error number but we should still use the same
constants as in include/linux/errno.h.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If errno_str() is called with an unsupported error number, do not return a
random pointer but a reasonable text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add get_timer_us(), which is useful e.g. when we need higher
precision timestamps.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Fixup arch/arm/mach-bcm283x/include/mach/timer.h]
Signed-off-by: Tom Rini <trini@konsulko.com>
'make tests' on an 32bit ARM system leads to
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:364:7: error: conflicting types for ‘memset’
void* memset(void*, int, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:103:15:
note: previous declaration of ‘memset’ was here
extern void * memset(void *,int,__kernel_size_t);
^~~~~~
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:365:7: error: conflicting types for ‘memcpy’
void* memcpy(void*, const void*, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:106:15:
note: previous declaration of ‘memcpy’ was here
extern void * memcpy(void *,const void *,__kernel_size_t);
^~~~~~
Use common.h as first include as recommended by the U-Boot coding style
guide.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With a bit of code reordering we can support %p using the existing code
for ulong.
Move the %p code up and adjust the logic accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is used in the bootstage report which may be trigged in TPL
or TPL. Add a very basic implication of this function so that it builds.
There is no attempt to get the formatting right, since this would add too
much code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The ctype array is brought into the image, adding 256 bytes, when it is
unlikely to be needed. The extra code for %p is only present when DEBUG
is defined, so let's drop ctype as well unless DEBUG is defined.
Signed-off-by: Simon Glass <sjg@chromium.org>
In the current implementation, EFI_SIMPLEFILE_SYSTEM_PROTOCOL is always
installed to all the partitions even if some of them may house no file
system.
With this patch, that protocol will be installed only if any file system
exists.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
device_path strcuture has 2 bytes of "length" field, and so
file path length should not exceed this limit, 65535.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, if image verification with a required key fails, rsa_verify()
code tries to find another key to verify the FIT image. This however, is
not the intended behavior as the documentation says that required keys
"must be verified for the image / configuration to be considered valid".
This patch fixes the issue by making rsa_verify() return immediately if
the verification of a required key fails.
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
- Rename existing FSP code to fsp1
- Add fsp2 directory in preparation to support FSP 2.0
- Various x86 platform codes update
- Various bug fixes and updates in dm core, sandbox and spl
This function ise effectively replaced by ofnode_read_pci_addr() which
works with flat tree. Delete it to avoid code duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present there is only one control for this and it is used for both SPL
and TPL. But SPL might have a lot more space than TPL so the extra cost of
a full printf() might be acceptable.
Split the option into two, providing separate SPL and TPL controls. The
TPL setting defaults to the same as SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
We don't have a console in SPL so it doesn't make sense to check for
Ctrl-C when printing a memory dump. Skip this so that print_buffer() can
be used in SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This allows our EFI API to create a device path node for NVMe
devices. It adds the necessary device path struct, uses the
nvme namespace accessor to retrieve the id and eui64, and also
provides support for the device path text protocol.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec has this sentence:
"Variables that have runtime access but that are not nonvolatile are
read-only data variables once ExitBootServices() is performed."
At least EDK2 therefore treats variable PlatformLangCodes only as read-only
at runtime. Nowhere do we make this variable read-only in U-Boot.
Do not use variable PlatformLangCodes for testing if the read only
attribute of variables is observed before ExitBootServices().
Fixes: 5a24239c95 ("efi_loader: selftest: enable APPEND_WRITE tests")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Errors should not only be announced as text but should also result in
EFI_ST_FAILURE being returned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Appending to a non-existent variable must result in an error of type
EFI_NOT_FOUND.
Fixes: 09c76b79a9db ("efi_loader: SetVariable() deleting variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reads the low cell of the PCI address from the wrong cell. Fix it.
Also fix the function that this code came from.
Fixes: 9e51204527 (dm: core: Add operations on device tree references)
Fixes: 4ea5243a3a (fdt: fix fdtdec_get_pci_addr() for CONFIG_PHYS_64BIT)
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
APPEND_WRITE with data length zero is allowable according to the UEFI
specification.
The EDK2 interpretation of no access attributes is attributes = 0. As
the UEFI specification is vague in this respect let's stick to EDK2 here.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We always have to return via EFI_EXIT() from EFIAPI functions.
Coverity reported an unreachable line and a resource leak.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Reported-by: Coverity Scan CID 253575, CID 184095
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove outdated TODO for efi_stri_coll(). efi_stri_coll() is already using
the Unicode capitalization table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
u16 version of strcmp(): u16_strncmp() works like u16_strcmp() but only
at most n characters (in u16) are compared.
This function will be used in my UEFI secure boot patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Now that APPEND_WRITE is supported,
the result check for the only existing test case should be changed to
'todo' to 'error', while two more test cases are added.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_VARIABLE_APPEND_WRITE is specified in attributes at
efi_set_variable(), specified data will be appended to the variable's
original value. Attributes other than APPEND_WRITE should not be
modified.
With this patch, APPEND_WRITE test in 'variables' selftest will pass.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
DisconnectController() should never return EFI_NOT_FOUND.
If EFI_DRIVER_BINDING_PROTOCOL.Stop() fails, return EFI_DEVICE_ERROR.
If the driver handle does not expose the EFI_DRIVER_BINDING_PROTOCOL
return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Sandbox's "host" devices are currently described as UCLASS_ROOT udevice
with DEV_IF_HOST block device. As the current implementation of
efi_device_path doesn't support such a type, any "host" device
on sandbox cannot be seen as a distinct object.
For example,
=> host bind 0 /foo/disk.img
=> efi devices
Scanning disk host0...
Found 1 disks
Device Device Path
================ ====================
0000000015c19970 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
0000000015c19d70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
=> efi dh
Handle Protocols
================ ====================
0000000015c19970 Device Path, Device Path To Text, Device Path Utilities, Unicode Collation 2, HII String, HII Database, HII Config Routing
0000000015c19ba0 Driver Binding
0000000015c19c10 Simple Text Output
0000000015c19c80 Simple Text Input, Simple Text Input Ex
0000000015c19d70 Block IO, Device Path, Simple File System
As you can see here, efi_root (0x0000000015c19970) and host0 device
(0x0000000015c19d70) have the same representation of device path.
This is not only inconvenient, but also confusing since two different
efi objects are associated with the same device path and
efi_dp_find_obj() will possibly return a wrong result.
Solution:
Each "host" device should be given an additional device path node
of "vendor device path" to make it distinguishable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We do not support volume label changes. No parameter checks are needed
here.
When the info for as file is changed the buffer must always contain a file
name.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters of EFI_FILE_PROTOCOL.GetInfo() to avoid possible NULL
dereference.
Check the buffer size for EFI_FILE_SYSTEM_INFO.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot determine the volume name in U-Boot. Instead of providing a dummy
volume name in case of EFI_FILE_SYSTEM_INFO and EFI_UNSUPPORTED in case of
EFI_FILE_SYSTEM_VOLUME_LABEL consistently return an empty string.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires to implement version 2 of the
EFI_FILE_PROTOCOL. Provide the missing functions as stubs.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The file size has to be determined in multiple places. Factor out a common
function.
If on entry into EFI_FILE_PROTOCOL.Read() the current position is beyond
the end of the file, return EFI_DEVICE_ERROR.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_FILE_PROTOCOL.Read() is used both to read files and directories.
When reaching the end of a directory we always have to return buffer size
zero irrespective of the incoming buffer size. (The described scenario for
a Shim quirk cannot arise because every directory has at least '.' and '..'
as entries.)
Even when the buffer_size is too small multiple times we have to keep a
reference to our last read directory entry.
When we return to the start of the directory via SetPosition() we must
remove the reference to a previously kept directory entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
ascii2unicode() can only convert characters 0x00-0x7f from UTF-8 to UTF-16.
Use utf8_utf16_strcpy() instead.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters passed to Write():
* cannot write to directories (UEFI SCT 2017, 5.7.3.5.15)
* cannot write to file opened read only (UEFI SCT 2017, 5.7.3.5.16)
Add missing comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot do anything in EFI_BLOCK_IO_PROTOCOL.Reset() but this does not
justify to return an error.
Let EFI_BLOCK_IO_PROTOCOL.Reset() return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_PRINT() offers indention of debug messages. Adjust the debug messages
of the BLOCK_IO_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check parameters of ReadBlocks() and WriteBlocks().
If the buffer size is not a multiple of the block size, we have to return
EFI_BAD_BUFFER_SIZE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.SetMode() should return EFI_UNDEFINED if a
screen mode is not available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
When backspacing in column 0 do no set the column index to ULONG_MAX.
Ensure that the row number is not set to ULONG_MAX even if the row count is
advertised as 0.
Ignore control characters other the 0x08, 0x0a, 0x0d when updating the
column.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct the name of the partition size component in struct
efi_device_path_cdrom_path.
Render entry, start, and size when converting a CD-ROM device path node to
text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Vendor device paths may contain data. When converting vendor device paths
to text this binary data has to be rendered.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Adding a conventional memory region to the memory map may require ram_top
limitation and it can be also commonly used. Extract adding a conventional
memory to the memory map in a separate routine for generic use.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the MCastIPtoMAC service of the simple network protocol.
It converts an multicast IPv4 (or IPv6) address to a multicast Ethernet
address.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The network should start in status EfiSimpleNetworkStopped.
Add and correct status checks in the simple network protocol.
Correct the unit test:
* Shutdown() and Stop() during setup if needed
* invoke Shutdown() before Stop() when tearing down
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fill the media header in EFI_SIMPLE_NETWORK.Transmit().
Check that the buffer size is large enough for the header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check that when the WaitForPacket event occurs
EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT is set.
Check the return value of Receive().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GetStatus() must clear the interrupt status.
Transmit() should set the TX interrupt.
Receive() should clear the RX interrupt.
Initialize() and Start() should clear the interrupt status.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To fully demonstrate crash outputs for UEFI images provide a standalone
UEFI application that tries to invoke an illegal opcode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current preprocessor logic prevents CONFIG_OF_PRIOR_STAGE from being
used in U-Boot SPL. Change the logic to also make it available in U-Boot
SPL.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Commit 7f95104d91 ("efi_loader: detach runtime in ExitBootServices()")
added a call to efi_runtime_detach() to ExitBootServices() but did not
remove the call in SetVirtualAddressMap().
Remove the superfluous function call.
Correct a comment referring to efi_runtime_detach().
Fixes: 7f95104d91 ("efi_loader: detach runtime in ExitBootServices()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters DescriptorSize and DescriptiorVersion of
SetVirtualAddressMap() as prescribed by the UEFI specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot implements the EFI_PXE_BASE_CODE_PROTOCOL because GRUB uses the mode
information for booting via PXE. All function pointers in the protocol were
NULL up to now which will cause immediate crashes when the services of the
protocol are called.
Create function stubs for all services of the protocol returning
EFI_UNSUPPORTED.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This file contains lots of internal details about the environment. Most
code can include env.h instead, calling the functions there as needed.
Rename this file and add a comment at the top to indicate its internal
nature.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fixup apalis-tk1.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Avoid using a typedef here which is unnecessary. Add an 'env_' prefix to
both the enum and its members to make it clear that these are related to
the environment.
Add an ENV prefix to these two flags so that it is clear what they relate
to. Also move them to env.h since they are part of the public API. Use an
enum rather than a #define to tie them together.
Signed-off-by: Simon Glass <sjg@chromium.org>
This typedef does not need to be defined in the search.h header since it
is only used in one file (hashtable.c). Remove it from the header and
change it to a struct.
Signed-off-by: Simon Glass <sjg@chromium.org>
U-Boot is not supposed to use typedef for structs anymore. Also this name
is the same as the ENTRY() macro used in assembler files, and 'entry'
itself is widely used in U-Boot (>8k matches).
Drop the typedef and rename the struct to env_entry to reduce confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
As part of the effort to remove things from common.h, create a new header
for the gzip functions. Move the function declarations to it and add
missing documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Use efi_uintn_t where the UEFI spec uses UINTN. Use efi_uintn_t also for
the result of the division of two efi_uintn_t.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We read the address map before assigning the memory for the pages that will
be mapped to virtual addresses. So these pages will overlap with the entry
for EFI_CONVENTIONAL_MEMORY. We have to ensure that every page is described
at most once in the map.
Remove EFI_CONVENTIONAL_MEMORY from the map that we pass to
SetVirtualAddressMap().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GRUB on ARM 32bit prior to version 2.04 lacks proper handling of caches.
In U-Boot v2019.04 a workaround for this was inadvertently removed.
The workaround is currently also needed for booting on systems with caches
that cannot be managed via CP15 (e.g. with an i.MX6 CPU).
Re-enable the workaround and make it customizable.
Fixes: f69d63fae2 ("efi_loader: use efi_start_image() for bootefi")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Packed structures like struct uuid are not aligned. GCC 9.1 therefore
throws an error when trying to compile gen_rand_uuid().
lib/uuid.c: In function ‘gen_rand_uuid’:
lib/uuid.c:244:2: error: converting a packed ‘struct uuid’ pointer
(alignment 1) to a ‘unsigned int’ pointer (alignment 4) may result in
an unaligned pointer value [-Werror=address-of-packed-member]
244 | unsigned int *ptr = (unsigned int *)&uuid;
| ^~~~~~~~
Generate the uuid in a properly aligned buffer.
The byte order of a random number should not matter. Do not call
cpu_to_be32() to change the byte order.
Reported-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
* Address errors of type -Werror=address-of-packed-member when building
with GCC9.1
* Fix an error when adding memory add addres 0x00000000.
* Rework some code comments for Sphinx compliance.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl0vSQEACgkQxIHbvCwF
GsQfxQ//d/i5Ix7V5rtm9U1ew2lkaQw5O1/E//Ta//0AeWLaEnFf0ln1Fx5jLF6E
f70uE6iDRgnxfZWD/rnCqv7HZrokpy3GuXnUfAZTgEvsngqicw8dAAU9Ql9Q62i9
N302GhaCGkbBp3MBOLRBXJmKuTnnzfU7jkeYo1tZbZe3AoqSNtI8ND86DHSotuUM
9Ck5367LdcG5O86N8gIxBtCcnthq94GgS/tY69iuPhhKqN3oV6MbzjqmI4wtkVH6
RhJSQspTsmyKTSivbcgpgIPXJJnTwh0nZcQWmzC81ehU3LF9i1M1J4SAqsZ7kpgt
jWY959iXnd7iNfwFiCTLpf+mDrviyPzntt/aE8ras5IwbQdiwZONeQ/mhkP2Snoo
RDX+dB3JqpyO/T+4uMdq+2saYBtKZ9CUKclqqh/xwvv5Bs63qHGC3KKYnjQx1sKA
k5QD3XSOPDLYbqQBIcgiB9T5TWkO1igJVEWRxPtExl31DTkSXy6f7G1F7sZ+Ey+5
gugIhNeTCme4a9bSIc7FjFaZSvPR2SNd8azUkSfso6Vqd9bNRShBF7pImlrCRmj8
Xc0sknW824LOdeM6ZC54J7lYKyLfL3HljzYSiM7KExt21mAjNHWXt312hINr6SOA
gz+/Osdyrv8GniP86Zw3kACto6Chaw51PEV1WReYPT3LNwinvoU=
=aj4j
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-10-rc1-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for v2019.10-rc1 (2)
* Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
* Address errors of type -Werror=address-of-packed-member when building
with GCC9.1
* Fix an error when adding memory add addres 0x00000000.
* Rework some code comments for Sphinx compliance.
Commit c7b3a7ee53 ("optee: adjust dependencies and default values for
dram") makes the TZDRAM defines for OPTEE show up for all configs as a
side-effect. While not harmful its not what we really want.
This patch makes the following defines contingent on CONFIG_OPTEE=y
CONFIG_OPTEE_TZDRAM_BASE
CONFIG_OPTEE_TZDRAM_SIZE
Rightly, if you don't have CONFIG_OPTEE=y you don't care about the above
two defines.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Acked-by: Rui Miguel Silva <rui.silva@linaro.org>
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.
Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>
The device path structure is packed. So no assumption on the alignment is
possible. Copy the file name in efi_file_from_path() to assure there is no
unaligned access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Change comment for struct efi_pool_allocation to match Sphinx style.
Describe all structure fields.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add missing parameter descriptions.
Remove an invalid link.
Correct the formatting of a function comment.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
scripts/kernel-doc pointed out some errors in the function comments in
efi_boottime.c.
Add missing and remove superfluous parameter descriptions.
Escape * in a function description.
Add empty lines for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.
This patch does the following:
- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()
Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for SetVirtualAddressMap() and ConvertPointer().
As ConvertPointer() is not implemented yet this will spit out some
warnings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
This requires allocating the event and the event list from runtime data.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_set_virtual_address_map_runtime() must be of type __efi_runtime.
Fixes: ee8ebaaaae ("efi_loader: split off detaching SetVirtualAddress()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Boot services are not available after calling ExitBootServices(). So we
should not try to close an event here.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
The USE_TINY_PRINTF symbol only changes things within SPL and TPL
builds, so make it depend on that support. Next, make it default as
within these cases we should rarely have need of more advanced print
formats outside of the debug context.
To do this, in a few cases we need to correct our Kconfig dependencies
as we had cases of non-SPL targets select'ing this symbol. Finally, in
the case of a few boards we really do need the full printf
functionality.
Signed-off-by: Tom Rini <trini@konsulko.com>
There is no good reason to limit the trace buffer to 2GiB on a 64bit
system. Adjust the types of the relevant parameters.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Up to now we had hard coded values for the call depth up to which trace
records are created: 200 for early tracing, 15 thereafter. UEFI
applications reach a call depth of 80 or above.
Provide customizing settings for the call trace depth limit and the early
call trace depth limit. Use the old values as defaults.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
An UEFI application may change the value of the register that gd lives in.
But some of our functions like get_ticks() access this register. So we
have to set the gd register to the U-Boot value when entering a trace
point and set it back to the application value when exiting the trace
point.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Free the memory allocated to store the test FDT upon test completion to
avoid leaking the memory. We don't bother cleaning up on test failure
since the code is broken in that case and should be fixed, in which case
the leak would also go away.
Reported-by: Tom Rini <tom.rini@gmail.com>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It doesn't make a lot of sense to hang on sandbox when hang() is called,
since the only way out is Ctrl-C. In fact, Ctrl-C does not work if the
terminal is in raw mode, which it will be if the command-line has not been
reached yet. In that case, Ctrl-Z / kill -9 must be used, which is not
very friendly.
Avoid all of this by quiting when hang() is called.
Signed-off-by: Simon Glass <sjg@chromium.org>
Linux can be called with a command line parameter efi=novamap, cf.
commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be
omitted"). In this case SetVirtualAddressMap() is not called after
ExitBootServices().
OpenBSD 32bit does not call SetVirtualAddressMap() either.
Runtime services must be set to an implementation supported at runtime
in ExitBootServices().
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Suggested-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The runtime services SetVirtualAddress() and ConvertPointer() become
unavailable after SetVirtualAddress(). Other runtime services become
unavailable after ExitBootServices.
Move the update of SetVirtualAddress() and ConvertPointer() to
efi_relocate_runtime_table().
Use functions with the correct signature when detaching.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for the variable services at runtime.
Currently we expect EFI_UNSUPPORTED to be returned as the runtime
implementation is still missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Unimplemented runtime services should always return EFI_UNSUPPORTED as
described in the UEFI 2.8 spec.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Our variable services are only provided at boottime. Therefore when
leaving boottime the variable function are replaced by dummy functions
returning EFI_UNSUPPORTED. Move this patching of the runtime table to the
variable services implementation. Executed it in ExitBootServices().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The detaching of the runtime will have to move to ExitBootServices() to
encompass operating system that do not call SetVirtualAddressMap().
This patch changes the logic for the relocation of the pointers in the
runtime table such that the relocation becomes independent of the entries
in the detach list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some entries in the system table are set to NULL in ExitBootServices(). We
had them in the runtime detach list to avoid relocation of NULL. Let's
instead assign the pointers dynamically in efi_initialize_system_table() to
avoid the relocation entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let's keep similar things together.
Move efi_query_variable_info() to lib/efi_loader/efi_variable.c
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current short description has a typo. Let it stand out clear that we
provide unit tests.
Improve the description of the CMD_BOOTEFI_SELFTEST configuration option.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
This pull request provides error fixes for the graphical output protocol,
the text output protocol, and the extended text input protocol.
Setting the boot device for the bootefi command is now not only supported
by the 'load' command but also for the file system specific commands like
'fatload'.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl0NDgQACgkQxIHbvCwF
GsQ5wBAAgUPlH9jb9wokgMht8cOjNMJk5QHiiZr65iyXIPHWQ+c+Pu4QyQu5J3tO
avOjWvtwW4aGPBTkSl0dA8w2RF738YWIOskg04YxBlFL46D3op61OJ2DgSqglDiy
ugotkg/MZPkNr2gWTtNw9RWvehb9gnBn7w8OSQ/ffnC+8YoSvBvmaWHtSepgvRXn
3hPh2YsSe8u74cLN/P3gxWnUIdpwHRsBwIc8b7/PNIviWLcjyQE6B1qBIZWIspvo
qlqadijJIs331zeJXEaoXRdgV2VEdA0eHEAzeC4cswc/KpSmfH5XmxWjOU2o/TiM
V2FgN9ud4JwuNnhAJKkXSdVHuzKsbtt3XRkUdKgLG+PYYBsRGfCkyrPPjI6z7VtA
5yh+kN65UuLCxrWskZQrdwTqSZ9WMPhGFDt727vuOHdvbAoZ7cuqMtvoDj3hJ4ig
kb1++il5lQ5sXwEiB9+WrDTXCT0TwZw4qiVL72IDpeGlXRTfxvb/s5pLDU7O0rfV
Pfp4rDDl0hGMP4guch4fJDEW1jYMQATowzh3PNkpw+vvjtofRFoVNtS9lhx1vXCN
kxG9I8m4F5Iexe9eFfx7gAYiqM42fd/VbSNAsJKyl/q4OFK4ebbCK7lwRqpZKPg4
5jVR8pPKVTqxRolsWa4ikIGG/pVAecLWO+TawLeq//brp2PJ/a8=
=GvWF
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc5-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc5 (3)
This pull request provides error fixes for the graphical output protocol,
the text output protocol, and the extended text input protocol.
Setting the boot device for the bootefi command is now not only supported
by the 'load' command but also for the file system specific commands like
'fatload'.
When build SPL_OF_PLATDATA on i.MX6, meet issue the fdtdec_get_int
not defined, however fdtdec.c will use fdtdec_get_int, so let's
compile fdtdec_common.c when OF_LIBFDT selected.
Since there is also SPL_OF_LIBFDT, so need to use
CONFIG_$(SPL_TPL_)OF_LIBFDT.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If EFI_FILE_PROTOCOL.Delete() fails, always close the handle and return
EFI_WARN_DELETE_FAILURE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If no matching package list is found in ListPackageLists(), return
EFI_NOT_FOUND.
If we do not support a package type, we will not find a matching package
list. Remove the unreachable EFI_PRINTF() statements.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_GRAPHICS_OUTPUT_PROTOCOL.QueryMode() must allocate a buffer for the
mode information structure.
Adjust the unit test to free the buffer.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_GRAPHICS_OUTPUT_PROTOCOL.SetMode() is called with an invalid mode,
return EFI_UNSUPPORTED.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_GRAPHICS_OUTPUT_PROTOCOL.Blt() is called with an invalid value of
BltOperation return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The SetAttribute() service and the Reset() service of the simple text
output protocol must update the attribute value in the mode information.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct the check of the mode number in SetMode() service of the simple
text output protocol.
Clear the screen in SetMode().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This variable is defined in UEFI specification 2.8, section 8.1.
Its value should be updated whenever we add any usable runtime services
function.
Currently we only support SetVirtualAddress() for all systems and
ResetSystem() for some.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Return EFI_INVALID_PARAMETER if the variable name has zero length or the
variable has runtime access but not boottime access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification does not specify if the characters that have to be
replaced by underscore in function StrToFat() of the Unicode collation
protocol are those forbidden in FAT long names or those in FAT short names.
EDK2 and UEFI SCT assume it is those forbidden in FAT 8.3 short names.
Adjust the list of forbidden characters.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
It must be possible to allocate memory at address 0 with AllocatePages().
Move a NULL pointer check.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If an image already has been started, return EFI_INVALID_PARAMETER when
StartImage() is called for the same handle again.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we have only been using a flag queued for events. But this does
not satisfy the requirements of the UEFI spec. Events must be notified in
the sequence of decreasing TPL level and within a TPL level in the sequence
of signaling.
Implement a queue for signaled events.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If any member of the event group is signaled, all members must be set to
signaled and their notification functions have to be queued.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
ExitBootServices() has to stop timer related activity before calling the
events of the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. But our
current implementation was stopping all other events.
All events have to observe the task priority level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If an event is already in the signaled state, SignalEvent should not queue
the notification function but simply return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In a following patch efi_signal_event() will only queue an event if it is
not signaled.
Set the is_signaled status to false before signaling the event.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bulk of these changes are an effort to unify Tegra186 builds with
builds of prior 64-bit Tegra generations. On top of that there are
various improvements that allow data (such as the MAC address and boot
arguments) to be passed through from early firmware to the kernel on
boot.
In the UEFI context GUIDs are expected to be rendered in upper case.
The patch uses the formerly unused bit 1 of the parameter str_format
of function uuid_bin_to_str() to indicate if we need upper or lower case
output.
Function uuid_string() in vsprint.c is adjusted to correctly set the bit
depending on the print format code.
%pUb: 01020304-0506-0708-090a-0b0c0d0e0f10
%pUB: 01020304-0506-0708-090A-0B0C0D0E0F10
%pUl: 04030201-0605-0807-090a-0b0c0d0e0f10
%pUL: 04030201-0605-0807-090A-0B0C0D0E0F10
Up to this point only a diagnostic message in mount_ubifs() using '%pUB' is
concerned by the change. Further patches are needed to adjust the UEFI
subsystem.
A unit test is provided inside the ut_print command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Support for managing the non-volatile attribute of UEFI variables
is added though we do not have a backend for persistence yet.
Error messages for changes of UEFI variables are provided.
UEFI boottime service implementations are corrected.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAlz3mYcACgkQxIHbvCwF
GsTNgw/8DSxiFXvOF6eTWd2POYfu9wjZXCcMtpsfuLA3b58AjF0VfYhoXgQoel1B
BnP6wzaIajIM8yafvia38EBloa2ZkBPjqUD/dtvs/hYe9x9kMCqLpsbOgHmjKF4b
X6w4j4OOvOaEuKnsi6faWmXfsOWA5laYz6/u1Ewau+0P5SMnt/0piVMqkLofFO1i
TcUzzn8MyfuCOu6UH+nqMZMguPaLkiCZX+aS6Q6tDfd5wfVRDtGTMGrMO/X42tLB
vqAgW6qRV8U4H08gBx8u2+xiO67soiH+7AVuhc+/6inMCPyAXBwVlr79YihNi75o
FOftPJ3hcJ+YkLNSVpwayKzrPa9GCCB2PGVDPCWQMwejIgQMkLPq2xRbFCPmLC4N
WM4E11lqLSDL4xUTqhn+bJfRofaIpV9t79VVNAOkwHD7Wj0mnOVWjnpY+bB3n3hN
LAneXPiUoQXSy9d3F2dd6J3emQMSTK4TPchGwWyfFwTe8VszynvHbWU8AGyCjbop
/XAlBHYfuTLjvB+j8WLfua7ocmMtvIAU3CLC8OJ6bvga/VIPtG17rGAiQ1RP9W0u
JZ4QKOnU2M8NiOrq45GIQEUV/UocNDJ2g5fZshLIzNk1it90RFEQ7kR6WYZZg4Hq
zHSVjKijqxUcqKfQbSukJInDYI8xS1F+jKgB3HdGCg49ZZb/y74=
=mCc9
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc4-2' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc4-2
Support for managing the non-volatile attribute of UEFI variables
is added though we do not have a backend for persistence yet.
Error messages for changes of UEFI variables are provided.
UEFI boottime service implementations are corrected.
This function can be used to set the local MAC address for the default
Ethernet interface in its device tree node. The default interface is
identified by the "ethernet" alias.
One case where this is useful is for devices that store their MAC
address in a custom location. Once extracted, board code can store the
MAC address in U-Boot's control DTB so that it will automatically be
used by the Ethernet uclass.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
The attribute, EFI_VARIABLE_NON_VOLATILE, should be encoded as "nv" flag
in U-Boot variable if specified.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the memory map is changed signal events of the
EFI_EVENT_GROUP_MEMORY_MAP_CHANGE event group.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a user defines BootNext but not BootOrder and loading from BootNext
fails, you will see only a message like this:
BootOrder not defined
This may confuse a user. Adding an error message will be helpful.
An example output looks like this:
=> efidebug boot add 0001 label1 scsi 0:1 "\path1\file1.efi" "--option foo"
=> efidebug boot add 0002 label2 scsi 0:1 "\path2\file2.efi" "--option bar"
=> efidebug boot add 0003 label3 scsi 0:1 "\path3\file3.efi" "--option no"
=> efidebug boot order 0001 0002
=> efidebug boot next 0003
=> bootefi bootmgr
Loading from Boot0003 'label3' failed
Loading from BootNext failed, falling back to BootOrder
Loading from Boot0001 'label1' failed
Loading from Boot0002 'label2' failed
EFI boot manager: Cannot load any image
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust messages.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EnableCursor() service of the simple text output protocol must update
the the CursorVisible field of the output mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the UEFI Stall() boottime service we need access to usec_to_tick().
Export the function.
Remove redundant implementation in arch/arm/mach-rockchip/rk_timer.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If DisconnectController() is called and no driver is managing
ControllerHandle, return EFI_SUCCESS.
UEFI SCT II 2017, 3.3.12 DisconnectController(), 5.1.3.12.4 - 5.1.3.12.6
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test that checks that the open protocol information is
correctly updated when opening and closing protocols.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CloseProtocol() must delete all open protocol information records relating
to import parameters not only one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When a protocol is opened the open protocol information must be updated.
The key fields of the open protocol information records are ImageHandle,
ControllerHandle, and Attributes.
Consider the Attributes field when determining if an open protocol
information record has to be updated or a new one has to be created.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires that when a protocol is opened via
HandleProtocol() the agent handle is the image handle of the EFI firmware
(see chapter on EFI_BOOT_SERVICES.OpenProtocol()).
Let efi_handle_protocol() pass efi_root as agent handle to
efi_open_protocol().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The GetTime() and the SetTime() runtime services are not obligatory. So
let's make them customizable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If SetTime() is meant to set daylight saving time it will be called with
Time.Daylight == EFI_TIME_ADJUST_DAYLIGHT | EFI_TIME_IN_DAYLIGHT.
Return 0 from GetTime() if time is not in daylight because we cannot
determine if we are in a time zone with daylight saving time.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec prescribes that we check that the timestamp passed to
SetTime() is checked for validity.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When uninstalling a protocol the following steps are needed:
* request all drivers to disconnect
* close protocol for all non-drivers
* check if any open instance of the protocol exists on the handle and
return EFI_ACCESS_DENIED in this case
* remove the protocol interface
By tort we tested for remaining open protocol instances already after
requesting drivers to disconnect.
With this correction the UEFI SCT II tests for UninstallProtocolInterface()
and ReinstallProtocolInterface are passed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When trying to open a protocol exclusively attached drivers have to be
removed. This removes entries in the open protocol information linked list
over which we are looping. As additionally child controllers may have been
removed the only safe thing to do is to restart the loop over the linked
list when a driver is removed.
By observing the return code of DisconnectController() we can eliminate a
loop.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In LocateProtocol() implement searching by the registration key returned by
RegisterNotifyProtocol().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The code to check if a registration key is a valid key returned by
RegisterProtocolNotify() can be reused. So let us factor it out into a new
function efi_check_register_notify_event().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a user defines BootNext but not BootOrder and loading from BootNext
fails, you will see only a message like this:
BootOrder not defined
This may confuse a user. Adding an error message will be helpful.
An example output looks like this:
=> efidebug boot add 0001 label1 scsi 0:1 "\path1\file1.efi" "--option foo"
=> efidebug boot add 0002 label2 scsi 0:1 "\path2\file2.efi" "--option bar"
=> efidebug boot add 0003 label3 scsi 0:1 "\path3\file3.efi" "--option no"
=> efidebug boot order 0001 0002
=> efidebug boot next 0003
=> bootefi bootmgr
Loading from Boot0003 'label3' failed
Loading from BootNext failed, falling back to BootOrder
Loading from Boot0001 'label1' failed
Loading from Boot0002 'label2' failed
EFI boot manager: Cannot load any image
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust messages.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When a protocol is installed the handle should be queued for the
registration key of each registered event. LocateHandle() should return the
first handle from the queue for the registration key and delete it from the
queue.
Implement the queueing.
Correct the selftest.
With the patch the UEFI SCT tests for LocateHandle() are passed without
failure.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a variable already exists, efi_set_variable() should not change
the variable's attributes. This patch enforces it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current efi_st_variable() doesn't support EFI_VARIABLE_APPEND_WRITE
attiribute for now, and so should return an error.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fix typos is commit message.
Add TODO comment.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The error here should be marked *todo*.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since commit 226cddbe32 ("efi_loader: check device path in
InstallMultipleProtocolInterfaces") iPXE fails to access the network.
LocateDevicePath() returns EFI_SUCCESS even if a shorter path is found as a
partial match. It returns the remaining path. So to be sure that we found a
complete match we need to check that the remaining path refers to an end
node.
Provide debug output if a device path has already been installed.
Fixes: 226cddbe32 ("efi_loader: check device path in
InstallMultipleProtocolInterfaces")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec 2.8 the GetTime() runtime service should return
EFI_UNSUPPORTED if the real time clock is not available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the SetTime() runtime service.
Extend the real time clock selftest to check setting the clock.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot already defines the {upper,lower}_32_bits() macros that have the
same purpose. Use the existing macros instead of defining new APIs.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Do not write to address indicated by NULL pointer.
UEFI SCT II 2.6 (2017), 3.6.5 GetNextMonotonicCount(), 5.1.5.5.1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Not checking the parameters may lead reading or writing from NULL.
Implement the parameter checks prescribed in the UEFI spec.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec InstallMultipleProtocolInterfaces() must check
if a device path has already been installed. In this case it must return
EFI_ALREADY_STARTED.
Cf. UEFI SCT II 2.6 A (2017),
3.3.16 InstallMultipleProtocolInterfaces(), 5.1.3.16.1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. Unfortunately it is required to run the UEFI Self Certification
Test (SCT) II, version 2.6, 2017. So we implement it here for the sole
purpose of running the SCT. It can be removed once a compliant SCT is
available.
The configuration option defaults to no.
Signed-off-by: Rob Clark <robdclark@gmail.com>
Most of Rob's original patch is already merged. Only the deprecated
protocol is missing. Rebase it and make it configurable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Rename variables to make it clear they refer to the Unicode collation
protocol identified by the EFI_UNICODE_PROTOCOL2_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check buffer pointers are not NULL as required by the UEFI 2.7 spec.
Return EFI_UNSUPPORTED instead of EFI_INVALID_PARAMETER when trying to
transmit with non-zero header_size.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.7 erratum A leaves it undefined if Attributes should be set if
GetVariable() returns EFI_BUFFER_TOO_SMALL.
UEFI spec 2.8 defines that Attributes should be set if the return value is
either EFI_SUCCESS or EFI_BUFFER_TOO_SMALL.
Set Attributes if the return value is EFI_BUFFER_TOO_SMALL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol renders ACPI device nodes incorrectly.
Use capital hexadecimal numbers as shown in the UEFI spec examples.
Always output the optional UID. This matches what UEFI SCT expects and
saves us an `if`.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI SCT uses this call sequence to determine the current TPL level inside
notification functions:
OldTpl = BS->RaiseTPL(TPL_HIGH_LEVEL);
BS->RestoreTPL(OldTpl);
In RestoreTPL() we trigger the notification function of queued events. If
we do not mark the event as non-queued before calling the notification
function, this results in an infinite recursive call sequence.
Mark the event as non-queued before entering the notification function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If AllocatePages() is called with AllocateAddress, the UEFI spec requires
to return EFI_NOT_FOUND in case the memory page does not exist.
The UEFI SCT II 2017 spec additionally requires to return EFI_NOT_FOUND if
the page is already allocated.
Check that *Memory refers to an unallocated page.
UEFI SCT II (2017): AllocatePages(), 5.1.2.1.9 - 5.1.2.1.10
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI AllocatePages() has to return EFI_OUT_OF_RESOURCES if
sufficient memory is not available.
Change the return value.
UEFI SCT II (2017): 3.2.1 AllocatePages(), 5.1.2.1.8
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we call FreePages() we essentially add memory to our memory map. We
shouldn't do this for memory that does not exit.
Check if the memory that is to be freed via FreePages() or FreePool() is in
our memory map and is not EFI_CONVENTIONAL_MEMORY.
This check is mandated by the UEFI specification.
Cf. UEFI SCT II (2017), 3.2.2 FreePages(), 5.1.2.1 - 5.1.2.2
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI specification UninstallProtocolInteface() has to
return EFI_NOT_FOUND if the interface is not found.
Correct the return value.
Cf. UEFI SCT II spec (2017), 3.3.2 UninstallProtocolInterface(), 5.1.3.2.4
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A parameter check in LocateDevicePath() does not match the requirements of
the UEFI spec.
If device is NULL, only return EFI_INVALID_PARAMETER if a matching handle
is found.
Cf. UEFI SCT II specification (2017)3.3.7 LocateDevicePath(), 5.1.3.7.3
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol is not needed for EBBR compliance. So
let's make it a customizable option.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The Unicode collation protocol is not needed for EBBR compliance. So let's
make it a customizable option.
The Unicode capitalization table is only needed by this protocol. So let it
depend on the Unicode collation protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use if/endif for dependencies to give structure to the configuration menu.
Sort important settings to the top.
Abbreviate the short description of EFI_LOADER_HII.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Consistently use efi_uintn_t as type of memory keys.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <graf@amazon.com>
If the size of the source buffer is 0, return EFI_LOAD_ERROR.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.6)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the parent image handle does not refer to a loaded image return
EFI_INVALID_PARAMETER.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.1)
Mark our root node as a loaded image to avoid an error when using it as
parent image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
HandleProtocol() and OpenProtocol() have to return EFI_UNSUPPORTED if the
protocol is not installed on the handle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For correct indentation of messages in the UEFI API implementation use
EFI_PRINT() instead of debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Return EFI_INVALID_PARAMETER from CloseProtcol() if the agent handle is not
valid.
Return EFI_INVALID_PARAMETER if the optional controller handle is not
valid.
Return immediately from efi_search_obj if the handle is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The RegisterProtocolNotify() boot service registers an event to be
notified upon the installation of a protocol interface with the
specified GUID.
Add the missing implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The notification function of events of type EVT_NOTIFY_SIGNAL should always
be queued when SignalEvent() is called.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Function memcmp() is available in efi_freestanding.c. So we do not remove a
further implementation.
Replace all usages of efi_st_memcmp() by memcmp().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement unloading of images in the Exit() boot services:
* unload images that are not yet started,
* unload started applications,
* unload drivers returning an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In UnloadImage() we need to know if an image is already started.
Add a field to the handle structure identifying loaded and started images.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If LocateHandle() does not find an entry EFI_NOT_FOUND has to be returned
even if BufferSize is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CreateEventEx() does not allow the following event types:
* EVT_SIGNAL_EXIT_BOOT_SERVICES
* EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
This check is needed to pass the UEFI SCT conformance test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.
Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().
Remove unused includes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the zstd library from Linux kernel (only decompression support).
There are minimal changes to build with U-Boot, otherwise the files are
identical to Linux commit dc35da16 from March 2018, the files had not
been touched since in kernel. Also SPDX lincese tags were added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
This adds the xxhash support from Linux. Files are almost identical to
those added to Linux in commit 5d240522 ("lib: Add xxhash module") (they
haven't been touched since in Linux). The only difference is to add some
includes to be compatible with U-Boot. Also SPDX lincese tags were
added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.
Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 95f4bbd581 ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
introduced Kconfig option for gzip in U-Boot, but help text
says gzip for SPL, which is wrong. Fix this.
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Marek Vasut <marex@denx.de>
The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our
platform are always the same. Below is consistent on each cold boot:
=> ### interrupt autoboot
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
[1] https://patchwork.ozlabs.org/patch/1091802/
[2] https://patchwork.ozlabs.org/patch/1092945/
[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca
[4] commit da384a9d76 ("net: rename and refactor eth_rand_ethaddr() function")
Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>