Commit graph

3173 commits

Author SHA1 Message Date
Michal Simek
b378fdd1ff fwu: Show number of attempts in Trial State
It is not visible anywhere in Trial State if this is the first, second, etc
attempt that's why show a message to be aware about status.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Michal Simek
395ab12b5f fwu: mtd: Fix dfu_alt_info generation for 2 images per bank
Code rewrites the last char of size with adding &. It is visible from
dfu_alt_info print before this patch:

Make dfu_alt_info: 'mtd nor0=bank0 raw 2320000 80000;bank1 raw 27a0000
8000&mtd nor0=bank0 raw 23a0000 4000000;bank1 raw 2820000 4000000'

And after it:
Make dfu_alt_info: 'mtd nor0=bank0 raw 2320000 80000;bank1 raw 27a0000
80000&mtd nor0=bank0 raw 23a0000 4000000;bank1 raw 2820000 4000000'

Size for bank0 and bank1 must be the same because it is the same image.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Michal Simek
a6dd927f5b fwu: Allow code to properly decode trial state
Current code after capsule update (mtd write) is not changing active_index
in mdata to previous_active_index.
On the reboot this is shown but showing message
"Boot idx 1 is not matching active idx 0, changing active_idx"
which is changing active_idx and writing mdata to flash.

But when this message is visible it is not checking which state that images
are. If they have acceptance bit setup to yes everything is fine and valid
images are booted (doesn't mean the latest one).
But if acceptance bit is no and images are in trial state in_trial variable
is never setup. Which means that from new flashed image stable image can be
rewritten because in_trial is not setup properly.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Mattijs Korpershoek
b1aade87ca lib: sparse: allocate FASTBOOT_MAX_BLK_WRITE instead of small number
Commit 62649165cb ("lib: sparse: Make CHUNK_TYPE_RAW buffer aligned")
fixed cache alignment for systems with a D-CACHE.

However it introduced some performance regressions [1] on system
flashing huge images, such as Android.

On AM62x SK EVM, we also observe such performance penalty:
Sending sparse 'super' 1/2 (768793 KB)             OKAY [ 23.954s]
Writing 'super'                                    OKAY [ 75.926s]
Sending sparse 'super' 2/2 (629819 KB)             OKAY [ 19.641s]
Writing 'super'                                    OKAY [ 62.849s]
Finished. Total time: 182.474s

The reason for this is that we use an arbitrary small buffer
(info->blksz * 100) for transferring.

Fix it by using a bigger buffer (info->blksz * FASTBOOT_MAX_BLK_WRITE)
as suggested in the original's patch review [2].

With this patch, performance impact is mitigated:
Sending sparse 'super' 1/2 (768793 KB)             OKAY [ 23.912s]
Writing 'super'                                    OKAY [ 15.780s]
Sending sparse 'super' 2/2 (629819 KB)             OKAY [ 19.581s]
Writing 'super'                                    OKAY [ 17.192s]
Finished. Total time: 76.569s

[1] https://lore.kernel.org/r/20221118121323.4009193-1-gary.bisson@boundarydevices.com
[2] https://lore.kernel.org/r/all/43e4c17c-4483-ec8e-f843-9b4c5569bd18@seco.com/

Fixes: 62649165cb ("lib: sparse: Make CHUNK_TYPE_RAW buffer aligned")
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2023-07-25 12:44:46 -04:00
Tom Rini
94e7cb181a Revert "Merge branch '2023-07-24-introduce-FF-A-suppport'"
This reverts commit d927d1a808, reversing
changes made to c07ad9520c.

These changes do not pass CI currently.

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-07-24 19:51:05 -04:00
Abdellatif El Khlifi
aabbc2f8b2 arm_ffa: efi: introduce FF-A MM communication
Add MM communication support using FF-A transport

This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.

An MM shared buffer and a door bell event are used to exchange
the data.

The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.

The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).

On such event, MM SP can read the data and updates the MM shared
buffer with the response data.

The response data is copied back to the communication buffer and
consumed by the EFI subsystem.

MM communication protocol supports FF-A 64-bit direct messaging.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
2023-07-24 15:30:03 -04:00
Abdellatif El Khlifi
5d24a43585 lib: uuid: introduce uuid_str_to_le_bin function
convert UUID string to little endian binary data

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
2023-07-24 15:30:02 -04:00
Manorit Chawdhry
dfe00b34ce lib: Kconfig: k3: Enable SHA512 for fit signature
We are using our custMpk for signing that is a 4096 bit key, 4096 bit
rsa key requires a SHA512 hashing algorithm to be enabled as per the
source. Even though it is not mandated but this is how it works and is
tested.

Enables SHA512 if fit signature is enabled on K3 platforms.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-07-21 22:07:46 -04:00
Heinrich Schuchardt
e07368ea57 efi_loader: support all uclasses in device path
On devices with multiple USB mass storage devices errors like

    Path /../USB(0x0,0x0)/USB(0x1,0x0)/Ctrl(0x0)
    already installed.

are seen. This is due to creating non-unique device paths. To uniquely
identify devices we must provide path nodes for all devices on the path
from the root device.

Add support for generating device path nodes for all uclasses.

Reported-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-20 09:12:50 +02:00
Heinrich Schuchardt
dc7a2f1d9f efi_loader: fix dp_fill() for BLKMAP, HOST, VIRTIO
Do not assume that the preceding device path contains a single VenHW node.
Instead use the return value of dp_fill() which provides the address of the
next node.

Fixes: 23ad52fff4 ("efi_loader: device_path: support Sandbox's "host" devices")
Fixes: 19ecced71c ("efi_loader: device path for virtio block devices")
Fixes: 272ec6b453 ("efi_loader: device_path: support blkmap devices")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-20 09:12:50 +02:00
Masahisa Kojima
06fc19ca4d efi_driver: fix duplicate efiblk#0 issue
The devnum value of the blk_desc structure starts from 0,
current efi_bl_create_block_device() function creates
two "efiblk#0" devices for the cases that blk_find_max_devnum()
returns -ENODEV and blk_find_max_devnum() returns 0(one device
found in this case).

This commit uses blk_next_free_devnum() instead of blk_find_max_devnum().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-20 09:12:50 +02:00
Ilias Apalodimas
21eb7c16ec efi_loader: make efi_remove_protocol() static
A previous patch is removing the last consumer of efi_remove_protocol().
Switch that to static and treat it as an internal API in order to force
users install and remove protocols with the appropriate EFI functions.

It's worth noting that we still have files using efi_add_protocol().  We
should convert all these to efi_install_multiple_protocol_interfaces()
and treat efi_add_protocol() in a similar manner

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Ilias Apalodimas
4a3baf9da6 efi_loader: use efi_install_multiple_protocol_interfaces()
The TCG2 protocol currently adds and removes protocols with
efi_(add/remove)_protocol().

Removing protocols with efi_remove_protocol() might prove
problematic since it doesn't call DisconnectController() when
uninstalling the protocol and does not comply with the UEFI specification.

It's also beneficial for readability to have protocol installations and
removals in pairs -- IOW when efi_install_multiple_protocol_interfaces()
is called,  efi_uninstall_multiple_protocol_interfaces() should be used to
remove it.  So let's swap the efi_add_protocol() as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Heinrich Schuchardt
6287021ff9 efi_loader: simplify efi_uninstall_protocol()
The call to efi_search_obj() is redundant as the function is called in
efi_search_protocol() too.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Tom Rini
13aa090b87 Merge https://source.denx.de/u-boot/custodians/u-boot-x86
- bootstd: Add a bootmeth for ChromiumOS on x86
- x86: Use qemu-x86_64 to boot EFI installers
2023-07-17 10:38:28 -04:00
Simon Glass
085f8db6b9 efi: Use the installed ACPI tables
U-Boot sets up the ACPI tables during startup. Rather than creating a
new set, install the existing ones. Create a memory-map record to cover
the tables.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-07-17 17:23:15 +08:00
Simon Glass
3710802ebf efi: Show all known UUIDs with CONFIG_CMD_EFIDEBUG
The CMD_EFIDEBUG option enables debugging so it is reasonable to assume
that all effects should be made to decode the dreaded UUIDs favoured by
UEFI.

Update the table to show them all when CONFIG_CMD_EFIDEBUG is enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-07-17 17:12:07 +08:00
Tom Rini
3a7a17dbdc Pull request efi-2023-10-rc1
Documentation:
 
 * enhance UEFI anti-rollback documentation
 
 EFI:
 
 * Reconnect drivers if UninstallProtocol fails
 * Prefer short device paths for boot options
 * Fix error handling when updating boot options for block devices
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmSyctkACgkQxIHbvCwF
 GsQowA//X8yryuuYnXu1z2/L9GWeIi/467M4xulThHgODq7NaUAZw+hOa/roQ8ND
 HbVzdkU/ZROmYlC/+nAPPCIPodYryvjrLtPflBIxQy1hf4NlVCJGFTqZM+uJGe9b
 kjXuKAd7oAUIbwsDEBF7tBg/lAKn7xhRUbajnd8LGganSWSmYC/kE5ZjPz68Upg+
 K3Smw4BwOI2bdTqJsq2XTMx97k4QDKx8qeAoTkYbHTco/eDTAmMIqKSnl3/rP1lg
 5m1SDAlkxqEvpuyTifaPrQx7chf2b0v5z0iF6yaqDCYb/07GdZLPm3lG3w4stLce
 c0BWS0uCPTW6bvX93QF8hm7ImiEdwzQNMpNl2x+8Zx6RoU0yx/gh4VdtLTTbY7tX
 904m4Tn5Ez6Mtb6/fcAAiVakzTiuf8Zogr7lkDV0jf5UghBrPCM3xqwAwyD5luCX
 huImX6QKzlmiUSM/qzr7i6+PWYp1tMgYwvzwDy9BH1zW9C910HJstiKnvaATdstw
 w3P63x7ryH8hnGV8YjeWs3GBCHHb/8WI5G88dZYjChya0Q1DPsSCA0QzBd+XRhVB
 mb6lGj6pvpmp9UqLP6EQxQpK5jGyIBk5NMs1w2wij0oT6kPeLwcOIQ0uyeKPR2bP
 S4jBa6Qx28uQpcF1R9m8Azs3QJYdeyCAIou2Qz4ndhERCpKKNIc=
 =+qF4
 -----END PGP SIGNATURE-----

Merge tag 'efi-2023-10-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request efi-2023-10-rc1

Documentation:

* enhance UEFI anti-rollback documentation

EFI:

* Reconnect drivers if UninstallProtocol fails
* Prefer short device paths for boot options
* Fix error handling when updating boot options for block devices
2023-07-15 11:19:11 -04:00
Ilias Apalodimas
d9df8a5f37 efi_selftests: add extra testcases on controller handling
We recently fixed a few issues wrt to controller handling.  Add a few
test cases to cover the new code.
- return EFI_DEVICE_ERROR the first time the protocol interface of
  the controller is uninstalled, after all the children have been
  disconnected.  This should make the drivers reconnect
- add tests to verify controllers are reconnected when uninstalling a
  protocol fails
- add tests to make sure EFI_NOT_FOUND is returned if a non existent
  interface is being removed

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
748cb553ff efi_loader: fix the return codes of UninstallProtocol
Up to now we did not check the return value of DisconnectController.
A previous patch is fixing that taking into account what happened during
the controller disconnect.  But that check takes place before our code
is trying to figure out if the interface exists to begin with.  In case a
driver is not allowed to unbind -- e.g returning EFI_DEVICE_ERROR, we
will end up returning that error instead of EFI_NOT_FOUND.

Add an extra check on the top of the function to make sure the protocol
interface exists before trying to disconnect any drivers

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
747d16d93c efi_loader: check the status of disconnected drivers
efi_uninstall_protocol() calls efi_disconnect_all_drivers() but never
checks the return value.  Instead it tries to identify protocols that
are still open after closing the ones that were opened with
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL, EFI_OPEN_PROTOCOL_GET_PROTOCOL
and EFI_OPEN_PROTOCOL_TEST_PROTOCOL.

Instead of doing that,  check the return value early and exit if
disconnecting the drivers failed.  Also reconnect all the drivers of
a handle if protocols are still found on the handle after disconnecting
controllers and closing the remaining protocols.

While at it fix a memory leak and properly free the opened protocol
information when closing a protocol.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
239d59a65e efi_loader: reconnect drivers on failure
efi_disconnect_controller() doesn't reconnect drivers in case of
failure.  Reconnect the disconnected drivers properly

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-15 11:20:41 +02:00
Raymond Mao
7aa022c797 Load option with short device path for boot vars
The boot variables automatically generated for removable medias
should be with short form of device path without device nodes.
This is a requirement for the case that a removable media is
plugged into a different port but is still able to work with the
existing boot variables.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Raymond Mao
9945bc4f86 Fix incorrect return code of boot option update
Correct the return code for out-of-memory and no boot option found

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Raymond Mao
339b527bd4 Move bootorder and bootoption apis to lib
Rename and move bootorder and bootoption apis from cmd to lib
for re-use between eficonfig and bootmgr
Fix 'unexpected indentation' when 'make htmldocs' after functions
are moved

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Christophe Leroy
ad47974707 lzma: Fix decompression speed regression
Uncompressing a 1.7Mbytes FIT image on U-boot 2023.04 takes
approx 7s on a powerpc 8xx.
The same on U-boot 2023.07-rc6 takes approx 28s unless watchdog
is disabled.

During that decompression, LzmaDec_DecodeReal() calls schedule
1.6 million times, that is every 4µs in average.

In the past it used to be a call to WATCHDOG_RESET() which was
just calling hw_watchdog_reset().

But the combination of commit 29caf9305b ("cyclic: Use schedule()
instead of WATCHDOG_RESET()") and commit 26e8ebcd7c ("watchdog:
mpc8xxx: Make it generic") results in an heavier processing.

However, there is absolutely no point in calling schedule() that
often.

By moving and keeping only one call to schedule() in the main
loop the number of calls is reduced to 1.2 million which is still
too much. So add logic to only call schedule every 1024 times.
That leads to a call to schedule approx every 6ms which is still
far enough to entertain the watchdog which has a 1s timeout on
powerpc 8xx.

powerpc 8xx being one of the slowest targets we have today in
U-boot, and most other watchdogs having a timeout of one minutes
instead of one second like the 8xx, this fix should not have
negative impact on other targets.

Fixes: 29caf9305b ("cyclic: Use schedule() instead of WATCHDOG_RESET()")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-14 15:21:08 -04:00
Oleksandr Suvorov
ef402577c2 lib/zlib: Fix a bug when getting a gzip header extra field
This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark
Adler's zlib master repo - the original fix of CVE bug [2] and
the fix for the fix [3].

[1]
https://github.com/advisories/GHSA-cfmr-vrgj-vqwv
[2]
eff308af42
[3]
1eb7682f84

Fixes: e89516f031 ("zlib: split up to match original source tree")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2023-07-14 15:21:08 -04:00
Simon Glass
a8f2ac2ae6 fdt: Allow more general use of livetree
At present livetree can only be used for the control FDT. It is useful
to be able to use the ofnode API for other FDTs, e.g. those used by
the upcoming configuration editor.

We already have most of the support present, and tests can be marked with
the UT_TESTF_OTHER_FDT flag to use another FDT as a special case. But
with this change, the functionality becomes more generally available.

Plumb in the require support.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-14 12:54:51 -04:00
Simon Glass
9cf39bbe96 fdt: Align the start of the livetree
Ensure that the block of memory used by live tree is aligned according to
the default for structures. This ensures that the root node appears at
the start of the block, so it can be used with free(), rather than being
4 bytes later in some cases.

This corrects a rather obscure bug in unflatten_device_tree().

Fixes: 8b50d526ea ("dm: Add a function to create a 'live' device tree")

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-14 12:54:51 -04:00
Tom Rini
8e21064cb3 Pull request efi-2023-07-rc7
Documentation:
 
 * Fix links to Linux kernel documentation
 
 UEFI:
 
 * Fix memory leak in efidebug dh subcommand
 * Fix underflow when calculating remaining variable store size
 * Increase default variable store size to 64 KiB
 * mkeficapsule: fix efi_firmware_management_capsule_header data type
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmSqfx0ACgkQxIHbvCwF
 GsRFeA/+O4zGJ5HnHpJtGjmJzvEzQZFv65pr8y4I72wO9wwY8RhWeBnup39j5Tlm
 hMDLPptqoDw/3eFaDEhxW8Rbi6Pz3hizSg7RP/HNzj5Efrl8sFij2aDwKyTQr7jx
 yjJNuiQZHitWg9iOSHNDzVB79pT+abMNZmvk9ASRcDDtSuiwsy7MZGBxynmBRAJX
 UP8RKa0tmC6/d5DlLRvZtCtnQ5YI4IDMWoZsgIedt1SkIVVj9lZcanHWMOD6Lcrw
 PgLZZdy/cwbK8vl6sIqsJBVpSuZSbhL3yA5ZEAFWmIQWuogcbbaH8PMeYvoHlJPP
 f8mlCTnoF9vCc2LOFUog84KlwGrtQc+qSZMfOP+hBGBgpxf1MmPA7fhhRB6+lfrJ
 27TJUNf0+wnpeuDGtQ+qr6/PXP9fFgopvWMR/G/2XWjZK2xkqsVYK+BH55/V93By
 oZrRBlrBSre5uFZHcWYGAYP5Drddif7Ex++gUJhucbb9Bp6uqGVm2r/k3gscX4kk
 HkbCl9IwRasZCBOK+xCZulJ/OVF5bzV+8zQHtMo6cN8ilz830WyLAmiaFQxROXxN
 f6eXeYTSKQikKiZegFD4+/yG5XgxAezO9YkhJZwd082JcSFuF3RdwrHzk4mKxhRC
 9IVBt855sI4HxAE3V5JlbGgufxCro4wNU7Z6abrcNGI73UxqOSA=
 =p8s8
 -----END PGP SIGNATURE-----

Merge tag 'efi-2023-07-rc7' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request efi-2023-07-rc7

Documentation:

* Fix links to Linux kernel documentation

UEFI:

* Fix memory leak in efidebug dh subcommand
* Fix underflow when calculating remaining variable store size
* Increase default variable store size to 64 KiB
* mkeficapsule: fix efi_firmware_management_capsule_header data type
2023-07-11 13:27:32 -04:00
Alper Nebi Yasak
9fd3f881c6 efi_loader: Increase default variable store size to 64KiB
Debian's arm64 UEFI Secure Boot shim makes the EFI variable store run
out of space while mirroring its MOK database to variables. This can be
observed in QEMU like so:

  $ tools/buildman/buildman -o build/qemu_arm64 --boards=qemu_arm64 -w
  $ cd build/qemu_arm64
  $ curl -L -o debian.iso \
      https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso
  $ qemu-system-aarch64 \
      -nographic -bios u-boot.bin \
      -machine virt -cpu cortex-a53 -m 1G -smp 2 \
      -drive if=virtio,file=debian.iso,index=0,format=raw,readonly=on,media=cdrom
  [...]
  => # interrupt autoboot
  => env set -e -bs -nv -rt -guid 605dab50-e046-4300-abb6-3dd810dd8b23 SHIM_VERBOSE 1
  => boot
  [...]
  mok.c:296:mirror_one_esl() SetVariable("MokListXRT43", ... varsz=0x4C) = Out of Resources
  mok.c:452:mirror_mok_db() esd:0x7DB92D20 adj:0x30
  Failed to set MokListXRT: Out of Resources
  mok.c:767:mirror_one_mok_variable() mirror_mok_db("MokListXRT",  datasz=17328) returned Out of Resources
  mok.c:812:mirror_one_mok_variable() returning Out of Resources
  Could not create MokListXRT: Out of Resources
  [...]
  Welcome to GRUB!

This would normally be fine as shim would continue to run grubaa64.efi,
but shim's error handling code for this case has a bug [1] that causes a
synchronous abort on at least chromebook_kevin (but apparently not on
QEMU arm64).

Double the default variable store size so the variables fit. There is a
note about this value matching PcdFlashNvStorageVariableSize when
EFI_MM_COMM_TEE is enabled, so keep the old default in that case.

[1] https://github.com/rhboot/shim/pull/577

Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-09 03:53:08 +02:00
Alper Nebi Yasak
d7fe913f23 efi_loader: Avoid underflow when calculating remaining var store size
The efi_var_mem_free() function calculates the available size for a new
EFI variable by subtracting the occupied buffer size and the overhead
for a new variable from the maximum buffer size set in Kconfig. This
is then returned as QueryVariableInfo()'s RemainingVariableStorageSize
output.

This can underflow as the calculation is done in and processed as
unsigned integer types. Check for underflow before doing the subtraction
and return zero if there's no space.

Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-09 03:53:08 +02:00
Tom Rini
e80f4079b3 Prepare v2023.07-rc6
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmSjExsACgkQFHw5/5Y0
 tywJ3gwAsTbr9mCmCzaKs2F/Jh6H47WEUMEz96wE8eXwuS57pfNJhml4v2rEhYpQ
 MlBjz6vTOyHDrtinRlvempJWVZEuoflMb6M2OTqVFqZPuPT3cLLuSdM4pgb5SdKS
 jNDWcxr12LqiDS0Mz+QOHdps3H8mzsCnOXeOTT+VaSeYHPOLQ+M9OV2o/aY2BsNi
 JLAGX+8i7FuZnVYZzSv6PQYYGZZV+Kvl5oLlPPJttsA7bGu4m2k8zRQQdzd+PIbu
 owAh3CHSKCy1g+y7ASn1Nd2VE06huvqGG7Qo2sj+Ypf/wbNy16qbMc2C7HDwDcul
 nrnf6BZ+MTelwxyPHBOR52ERgY6H8rgpvsCNL0arxaCHJOVddXtrUY1591vE71aB
 nGxhnyLnHwOXXdDGsPsR7p4SF16e6RzaINKmDorQ37nidRnTFLlFCxidnR8ztscR
 aUpLraqYUquGJf7lejYX2OZg2f36lvpYKy1lwuJfd9fUSgK8iyUKrE9wOJhWnTK8
 cIOnS/A+
 =DNor
 -----END PGP SIGNATURE-----

Merge tag 'v2023.07-rc6' into next

Prepare v2023.07-rc6
2023-07-05 11:28:55 -04:00
Stefano Babic
50195a2346 mkimage: ecdsa: password for signing from environment
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
2023-06-20 16:08:13 -04:00
Ilias Apalodimas
5669591dd8 efi_selftests: fix protocol repeated selftesting
Running the protocols  selftest more than one times fails with

=> setenv efi_selftest 'manage protocols' && bootefi selftest
Testing EFI API implementation
Selected test: 'manage protocols'
Setting up 'manage protocols'
Setting up 'manage protocols' succeeded
Executing 'manage protocols'
Executing 'manage protocols' succeeded
Tearing down 'manage protocols'
Tearing down 'manage protocols' succeeded
Summary: 0 failures

=> bootefi selftest
Testing EFI API implementation
Selected test: 'manage protocols'
Setting up 'manage protocols'
lib/efi_selftest/efi_selftest_manageprotocols.c(88):
ERROR: InstallProtocolInterface failed
lib/efi_selftest/efi_selftest.c(89):
ERROR: Setting up 'manage protocols' failed
Tearing down 'manage protocols'
Tearing down 'manage protocols' succeeded
Summary: 1 failures

The reason is that we don't set the handles to NULL after deleting and
freeing them.  As a result the subsequent protocol installation will try
to use an existing handle which we just removed that from our object list.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-06-16 06:48:46 +02:00
Ilias Apalodimas
3cc2b9f5b9 efi_loader: simplify efi_disk_remove
Instead of discovering the ID of the device and call two different
functions for a block device or a partition, we can rewrite
efi_disk_remove() and handle the minor differences between the two
variants internally.  As a results we can simplify efi_disk_remove()
a lot and get rid of the extra efi_disk_delete_raw/blk calls.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

If a handle is not found, return 0 to let the device be removed.

Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-06-16 06:45:20 +02:00
Ilias Apalodimas
3ae95fe21c efi_selftests: fix controllers repeated selftesting
Running the controller selftest more than one times fails with

=> setenv efi_selftest 'controllers' && bootefi selftest
Testing EFI API implementation
Selected test: 'controllers'
Setting up 'controllers'
Setting up 'controllers' succeeded
Executing 'controllers'
Executing 'controllers' succeeded
Summary: 0 failures

=> bootefi selftest
Testing EFI API implementation
Selected test: 'controllers'
Setting up 'controllers'
lib/efi_selftest/efi_selftest_controllers.c(280):
ERROR: InstallProtocolInterface failed
lib/efi_selftest/efi_selftest.c(89):
ERROR: Setting up 'controllers' failed
Summary: 1 failures

There are multiple reason for this.  We don't uninstall the binding
interface from the controller handle and we don't reset the handle
pointers either.  So let's uninstall all the protocols properly and
reset the handles to NULL on setup().

While at it add a forgotten check when uninstalling protocols from the
handle_controller and make sure the number of child controllers is 0

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-06-16 06:45:20 +02:00
Heinrich Schuchardt
a61e6ad769 efi_selftest: ReinstallProtocolInterface test
Test ReinstallProtocolInterface() more rigorously.

Replacing the sole installed protocol interface must not result in deleting
the handle and creating a new one.

Check which interface is actually installed before and after
ReinstallProtocolInterface().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-06-16 06:45:19 +02:00
Tom Rini
260d4962e0 Merge tag v2023.07-rc4 into next
Signed-off-by: Tom Rini <trini@konsulko.com>
2023-06-12 14:55:33 -04:00
Jassi Brar
a7e45415b2 fwu: provide default fwu_plat_get_bootidx
Just like fwu_plat_get_update_index, provide a default/weak
implementation of fwu_plat_get_bootidx. So that most platforms
wouldn't have to re-implement the likely case.

Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-06-09 13:52:40 -04:00
Masami Hiramatsu
4898679e19 FWU: Add FWU metadata access driver for MTD storage regions
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, on a separate
region. Add a driver for reading from and writing to the metadata
when the updatable images and the metadata are stored on a raw
MTD region.
The code is divided into core under drivers/fwu-mdata/ and some helper
functions clubbed together under lib/fwu_updates/

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-06-09 13:52:40 -04:00
Jassi Brar
1e917a69e5 fwu: rename fwu_get_verified_mdata to fwu_get_mdata
fwu_get_mdata() sounds more appropriate than fwu_get_verified_mdata()

Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2023-06-09 13:52:40 -04:00
Jassi Brar
246ec2a12c fwu: meta-data: switch to management by common code
The common code can now read, verify and fix meta-data copies
while exposing one consistent structure to users.
 Only the .read_mdata() and .write_mdata() callbacks of fwu_mdata_ops
are needed. Get rid of .get_mdata() .update_mdata() .get_mdata_part_num()
.read_mdata_partition() and .write_mdata_partition() and also the
corresponding wrapper functions.

Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2023-06-09 13:52:40 -04:00
Jassi Brar
167994f295 fwu: move meta-data management in core
Instead of each i/f having to implement their own meta-data verification
and storage, move the logic in common code. This simplifies the i/f code
much simpler and compact.

Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2023-06-09 13:49:55 -04:00
Masahisa Kojima
6ab7a6853f efi_loader: check lowest supported version
The FMP Payload Header which EDK II capsule generation scripts
insert has a firmware version.
This commit reads the lowest supported version stored in the
device tree, then check if the firmware version in FMP payload header
of the ongoing capsule is equal or greater than the
lowest supported version. If the firmware version is lower than
lowest supported version, capsule update will not be performed.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2023-06-08 09:20:36 +02:00
Masahisa Kojima
25dc7d5aed efi_loader: get lowest supported version from device tree
This commit gets the lowest supported version from device tree,
then fills the lowest supported version in FMP->GetImageInfo().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-06-08 09:20:36 +02:00
Masahisa Kojima
3cba9702d1 efi_loader: versioning support in GetImageInfo
Current FMP->GetImageInfo() always return 0 for the firmware
version, user can not identify which firmware version is currently
running through the EFI interface.

This commit reads the "FmpStateXXXX" EFI variable, then fills the
firmware version in FMP->GetImageInfo().

Now FMP->GetImageInfo() and ESRT have the meaningful version number.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-06-08 09:20:36 +02:00
Masahisa Kojima
bfaa1fbc62 efi_loader: store firmware version into FmpState variable
Firmware version management is not implemented in the current
FMP protocol.
EDK II reference implementation capsule generation script inserts
the FMP Payload Header right before the payload, FMP Payload Header
contains the firmware version and lowest supported version.

This commit utilizes the FMP Payload Header, reads the header and
stores the firmware version into "FmpStateXXXX" EFI non-volatile variable.
XXXX indicates the image index, since FMP protocol handles multiple
image indexes.
Note that lowest supported version included in the FMP Payload Header
is not used. If the platform uses file-based EFI variable storage,
it can be tampered. The file-based EFI variable storage is not the
right place to store the lowest supported version for anti-rollback
protection.

This change is compatible with the existing FMP implementation.
This change does not mandate the FMP Payload Header.
If no FMP Payload Header is found in the capsule file, fw_version,
lowest supported version, last attempt version and last attempt
status is 0 and this is the same behavior as existing FMP
implementation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2023-06-08 09:20:36 +02:00
Masahisa Kojima
cccea18813 efi_loader: add the number of image entries in efi_capsule_update_info
The number of image array entries global variable is required
to support EFI capsule update. This information is exposed as a
num_image_type_guids variable, but this information
should be included in the efi_capsule_update_info structure.

This commit adds the num_images member in the
efi_capsule_update_info structure. All board files supporting
EFI capsule update are updated.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-06-08 09:20:36 +02:00
Heinrich Schuchardt
75ebeb4d94 efi_selftest: LocateHandleBuffer return code
Check that LocateHandleBuffer() return EFI_NOT_FOUND when called with
ByRegisterNotify and all handles already have been retrieved.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-06-02 10:59:15 +02:00