This patch adds a new section "Launching a UEFI binary from a FIT image"
documenting the usage of the CONFIG_BOOTM_EFI extension to bootm command
that offers a verified boot alternative for UEFI binaries such as GRUB2.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch adds an example FIT image description file demonstrating
the usage of bootm command to securely launch UEFI binaries.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for booting EFI binaries contained in FIT images.
A typical usage scenario is chain-loading GRUB2 in a verified
boot environment.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.
Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:
/ {
#address-cells = <1>;
images {
efi-grub {
description = "GRUB EFI";
data = /incbin/("bootarm.efi");
type = "kernel_noload";
arch = "arm";
os = "efi";
compression = "none";
load = <0x0>;
entry = <0x0>;
hash-1 {
algo = "sha256";
};
};
};
configurations {
default = "config-grub";
config-grub {
kernel = "efi-grub";
signature-1 {
algo = "sha256,rsa2048";
sign-images = "kernel";
};
};
};
};
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we hit a matching GUID we can directly return the text. There is no
need for a check after the loop.
efi_guid_t is defined as 8 byte aligned but GUIDs in packed structures do
not follow this alignment. Do not require the argument of get_guid_text()
to be correctly aligned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Of all warning status codes up to now only EFI_WARN_DELETE_FAILURE is
defined.
The patch adds the missing definitions for later usage.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.
Free memory allocated for load options when the UEFI binary exits.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot can be compiled with function tracing enabled.
When compiling with FTRACE __cyg_profile_func_enter() is called when a
function is entered and __cyg_profile_func_exit() when the function is
left.
To avoid a crash we have to define these function for the free-standing
UEFI binaries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a comment indicating that the value of GPT_HEADER_SIGNATURE_UBOOT
equals the ASCII string 'EFI PART'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On a VT100 terminal <ESC>[2J should be enough to both clear the whole
screen and set the cursor to position (1, 1). But the Linux console does
not behave like this. So send an extra <ESC>[H. For reference see the
console_codes(4) man page.
Add a function description.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the following file to .gitignore
efi_miniapp_file_image_exception.h
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use efi_miniapp_*.h instead of file enumeration.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().
Export the efi_install_fdt() function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.
If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the GetInfo() method of the EFI_FILE_PROTOCOL is called to retrieve
the file system info we claim that the volume is read only and has no free
space. This leads to failures in programs that check this information
before writing to the volume like SCT's InstallSct.efi.
Currently there is no function to determine these parameters in U-Boot. So
let's return optimistic values:
Return that the volume is writable.
Return the volume size as free space.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI applications like GRUB and SCT assume that function keys are enabled
on the keyboard.
Let EFI_LOADER imply USB_KEYBOARD_FN_KEYS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The index (IMAGE_DIRECTORY_ENTRY_SECURITY) in a table points to
a region containing authentication information (image's signature)
in PE format.
WIN_CERTIFICATE structure defines an embedded signature format.
Those definitions will be used in my UEFI secure boot patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Consider the following test sample:
@pytest.mark.buildconfigspec('fit')
@pytest.mark.notbuildconfigspec('generate_acpi_table')
def test_sample(u_boot_console):
Whatever the argument of the 'notbuildconfigspec' is,
the test ends up being skipped with the message:
('/uboot/test/py/conftest.py', 463,
'Skipped: .config feature "fit" enabled')
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
if MULTI_DTB_FIT is enabled it is helpful to display
the value of gd->multi_dtb_fit in bdinfo.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is black magic in the file conftest.py that list
all the test unit. Then, all those test unit are called
in pytest. This call is done with the end of the name
(for example checksum if the full name is bloblist_test_checksum).
The result is that only test for dm are really executed.
by pytest, all others tests are listed but never executed.
This behaviour happens because the dm test unit only check
the end of the name and others tests checks the full name.
To fix this issue, I've added a prefix to the function
cmd_ut_category, and this prefix is removed when looking
for the unit test.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Load the optional resource table from the firmware, and write its
address in the dedicated backup register.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Since the coprocessor state is tracked in a backup register, there is
no more need for tracking it in an environment variable : remove it.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Update the dedicated backup register to track the coprocessor state and
rely on that register to compute the .is_running() value (which expects
a return value of 0 -not 1- if the processor is running).
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Reset ResourceTableAddress and CoprocessorState at cold boot, preserve
these values at standby wakeup.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Use the backup register #17 as coprocessor resource table address and
backup register #18 as coprocessor state.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Add rproc_elf_load_rsc_table(), which searches for a resource table in
an elf64/elf32 image, and if found, copies it to device memory.
Add also the elf32 and elf64 variants of this API.
Add a test for this.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
spl_fit_get_image_name() is used to get the names of the images that the
SPL must load from the FIT. It relies on the content of a property present
in the FIT. The list of images is thus statically defined in the FIT.
With this scheme, it quickly becomes hard to manage combinations of more
than a handful of images.
To address this problem, give the board driver code the opportunity to
add to the list of images. The images from the FIT property are loaded
first, and then the board_get_fit_loadable() is called to get more image
names.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If u-boot.img is a FIT image, CONFIG_OF_OVERLAY_LIST can be used to add
DT overlays to u-boot.img.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Useful to avoid #ifdef throughout the code that uses the board driver API.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This function will be used by the SPL to get the names of images to load
from the FIT. This allows to load different images based on runtime HW
detection.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Make the board driver available in the SPL too. The board driver is a way
to provide useful information about the board and that can be useful in
the SPL too.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is no need for it to be non-constant. Making it constant, allows to
return constant string without warning.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In order to apply an overlay to a DTB. The DTB must have been generated
with the option '-@'.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There are many ways the overlay application can fail.
2 of them are probably the most common:
- the application itself failed. Usually this is comes from an unresolved
reference
- DTBO not available in FIT (could be because of a typo)
In both case it is good to be more explicit about the error and at least
show which overlay is failing.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If one overlay that must be applied cannot be found in the FIT, the current
implementation stops applying the overlays. Let's make it skip only the
failing overlay instead.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If the node describing an overlay does not specify a load address, it will
be loaded at the address previously used.
Fixing it by allocating a temporary buffer that will be used as a
default load address. By default, the size of the buffer is 64kB which
should be plenty for most use cases.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Make room in the FDT before applying the overlay, otherwise it may fail if
the overlay is big. As the exact added size is not known in advance, just
add the size of the overlay.
Move after the end of the application of the overlays, the resize of the
FDT for the injection of the details on the loadables.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
doc/uImage.FIT/overlay-fdt-boot.txt is describing how to create FIT
image with DT overlays in it.
Add support for this feature to SPL.
Here is the ZynqMP fragment where dtb points to full DT and dtbo is
overlay which should be applied on the top of dtb.
config {
description = "ATF with full u-boot overlay";
firmware = "atf";
loadables = "uboot";
fdt = "dtb", "dtbo";
};
The whole feature depends on OF_LIBFDT_OVERLAY which is adding +4kB code
and 0 for platforms which are not enabling this feature.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When u-boot.img is a FIT image generated automatically by mkimage, the
configuration node has the following structure:
conf-1 {
description = "k3-am654-base-board";
firmware = "firmware-1";
loadables = "firmware-1";
fdt = "fdt-1";
};
The firmware is referenced twice. Once by the 'firmware' property and
once by the 'loadables' property. Currently this result in the firmware
being loaded twice. This is not a big problem but has an impact on the
boot time.
Fixing it by not loading a loadable image if it is also the firmware image.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Andreas Dannenberg <dannenberg@ti.com>
This has the same result but some compilers will warn about this
fall-through if there are statements as part of the label block.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
This is very similar to fit_image_get_data but has the benefit of working
on FIT images with external data unlike fit_image_get_data. This is
useful for extracting sub-images from type of FIT image as this would
previously just silently fail. Add an error message also so if this
still fails it is easier to find out why.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
The dumpimage utility errors out in a number of places without providing
sufficient feedback to allow the user to easily determine what has gone
wrong. Add additional error messages to make the cause of the failure
more obvious.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>