Do not write to address indicated by NULL pointer.
UEFI SCT II 2.6 (2017), 3.6.5 GetNextMonotonicCount(), 5.1.5.5.1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Not checking the parameters may lead reading or writing from NULL.
Implement the parameter checks prescribed in the UEFI spec.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec InstallMultipleProtocolInterfaces() must check
if a device path has already been installed. In this case it must return
EFI_ALREADY_STARTED.
Cf. UEFI SCT II 2.6 A (2017),
3.3.16 InstallMultipleProtocolInterfaces(), 5.1.3.16.1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. Unfortunately it is required to run the UEFI Self Certification
Test (SCT) II, version 2.6, 2017. So we implement it here for the sole
purpose of running the SCT. It can be removed once a compliant SCT is
available.
The configuration option defaults to no.
Signed-off-by: Rob Clark <robdclark@gmail.com>
Most of Rob's original patch is already merged. Only the deprecated
protocol is missing. Rebase it and make it configurable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Rename variables to make it clear they refer to the Unicode collation
protocol identified by the EFI_UNICODE_PROTOCOL2_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check buffer pointers are not NULL as required by the UEFI 2.7 spec.
Return EFI_UNSUPPORTED instead of EFI_INVALID_PARAMETER when trying to
transmit with non-zero header_size.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.7 erratum A leaves it undefined if Attributes should be set if
GetVariable() returns EFI_BUFFER_TOO_SMALL.
UEFI spec 2.8 defines that Attributes should be set if the return value is
either EFI_SUCCESS or EFI_BUFFER_TOO_SMALL.
Set Attributes if the return value is EFI_BUFFER_TOO_SMALL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol renders ACPI device nodes incorrectly.
Use capital hexadecimal numbers as shown in the UEFI spec examples.
Always output the optional UID. This matches what UEFI SCT expects and
saves us an `if`.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI SCT uses this call sequence to determine the current TPL level inside
notification functions:
OldTpl = BS->RaiseTPL(TPL_HIGH_LEVEL);
BS->RestoreTPL(OldTpl);
In RestoreTPL() we trigger the notification function of queued events. If
we do not mark the event as non-queued before calling the notification
function, this results in an infinite recursive call sequence.
Mark the event as non-queued before entering the notification function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If AllocatePages() is called with AllocateAddress, the UEFI spec requires
to return EFI_NOT_FOUND in case the memory page does not exist.
The UEFI SCT II 2017 spec additionally requires to return EFI_NOT_FOUND if
the page is already allocated.
Check that *Memory refers to an unallocated page.
UEFI SCT II (2017): AllocatePages(), 5.1.2.1.9 - 5.1.2.1.10
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI AllocatePages() has to return EFI_OUT_OF_RESOURCES if
sufficient memory is not available.
Change the return value.
UEFI SCT II (2017): 3.2.1 AllocatePages(), 5.1.2.1.8
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we call FreePages() we essentially add memory to our memory map. We
shouldn't do this for memory that does not exit.
Check if the memory that is to be freed via FreePages() or FreePool() is in
our memory map and is not EFI_CONVENTIONAL_MEMORY.
This check is mandated by the UEFI specification.
Cf. UEFI SCT II (2017), 3.2.2 FreePages(), 5.1.2.1 - 5.1.2.2
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI specification UninstallProtocolInteface() has to
return EFI_NOT_FOUND if the interface is not found.
Correct the return value.
Cf. UEFI SCT II spec (2017), 3.3.2 UninstallProtocolInterface(), 5.1.3.2.4
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A parameter check in LocateDevicePath() does not match the requirements of
the UEFI spec.
If device is NULL, only return EFI_INVALID_PARAMETER if a matching handle
is found.
Cf. UEFI SCT II specification (2017)3.3.7 LocateDevicePath(), 5.1.3.7.3
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol is not needed for EBBR compliance. So
let's make it a customizable option.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The Unicode collation protocol is not needed for EBBR compliance. So let's
make it a customizable option.
The Unicode capitalization table is only needed by this protocol. So let it
depend on the Unicode collation protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use if/endif for dependencies to give structure to the configuration menu.
Sort important settings to the top.
Abbreviate the short description of EFI_LOADER_HII.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Consistently use efi_uintn_t as type of memory keys.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <graf@amazon.com>
If the size of the source buffer is 0, return EFI_LOAD_ERROR.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.6)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the parent image handle does not refer to a loaded image return
EFI_INVALID_PARAMETER.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.1)
Mark our root node as a loaded image to avoid an error when using it as
parent image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
HandleProtocol() and OpenProtocol() have to return EFI_UNSUPPORTED if the
protocol is not installed on the handle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For correct indentation of messages in the UEFI API implementation use
EFI_PRINT() instead of debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Return EFI_INVALID_PARAMETER from CloseProtcol() if the agent handle is not
valid.
Return EFI_INVALID_PARAMETER if the optional controller handle is not
valid.
Return immediately from efi_search_obj if the handle is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The RegisterProtocolNotify() boot service registers an event to be
notified upon the installation of a protocol interface with the
specified GUID.
Add the missing implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The notification function of events of type EVT_NOTIFY_SIGNAL should always
be queued when SignalEvent() is called.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Function memcmp() is available in efi_freestanding.c. So we do not remove a
further implementation.
Replace all usages of efi_st_memcmp() by memcmp().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement unloading of images in the Exit() boot services:
* unload images that are not yet started,
* unload started applications,
* unload drivers returning an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In UnloadImage() we need to know if an image is already started.
Add a field to the handle structure identifying loaded and started images.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If LocateHandle() does not find an entry EFI_NOT_FOUND has to be returned
even if BufferSize is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CreateEventEx() does not allow the following event types:
* EVT_SIGNAL_EXIT_BOOT_SERVICES
* EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
This check is needed to pass the UEFI SCT conformance test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.
Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().
Remove unused includes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the zstd library from Linux kernel (only decompression support).
There are minimal changes to build with U-Boot, otherwise the files are
identical to Linux commit dc35da16 from March 2018, the files had not
been touched since in kernel. Also SPDX lincese tags were added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
This adds the xxhash support from Linux. Files are almost identical to
those added to Linux in commit 5d240522 ("lib: Add xxhash module") (they
haven't been touched since in Linux). The only difference is to add some
includes to be compatible with U-Boot. Also SPDX lincese tags were
added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.
Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 95f4bbd581 ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
introduced Kconfig option for gzip in U-Boot, but help text
says gzip for SPL, which is wrong. Fix this.
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Marek Vasut <marex@denx.de>
The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our
platform are always the same. Below is consistent on each cold boot:
=> ### interrupt autoboot
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
[1] https://patchwork.ozlabs.org/patch/1091802/
[2] https://patchwork.ozlabs.org/patch/1092945/
[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca
[4] commit da384a9d76 ("net: rename and refactor eth_rand_ethaddr() function")
Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
