We may as well include the U-Boot release information in the type-0 table
since it is designed for that purpose.
U-Boot uses release versions based on the year and month. The year cannot
fit in a byte, so drop the century.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This type is not used outside the smbios.c file so there is no need for it
to be in the header file. Move it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Bug fixes:
* do not allow creating of files with filenames on FAT file system
* install UEFI System Partition GUID on ESP handle
* in dtbdump.efi test tool use GUID to find ESP handle
Documentation:
* man-page for load command
* describe end of life of plat_auto
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmAcTmoACgkQxIHbvCwF
GsT0ag/6AjtRtGd8ySYix9lytmDphyztvTTHrd/Bz+UWi64iEIOH6t/RIAPG0yb0
WJBvTe9eGxbNx5VOx426YtPUGFfzAakMyRaAL5Y4wkQsKgseq3q2sE55wzG4nTiR
nmweR7TPslSkGtqQQehGGtdMJn//M/alABtTQs5eyjOkJPEc4DzATeksfA64t2Dj
ijaU4dWbKVHy8spz3xH9cIdF1fvCJGxvSvXCVculN5bfgCf/MJYq6gb2VgXyLL1w
+6GNklzNKRY8Lk9C4hqq2ktK4dQ4R0qKgqxtihwuSdbZmhV6cScKvmNPCqdYx/1l
p5ywE067KRm16Hl/41QhKPMVleqn33Td3U4I+CWvO9DPnsH7pY9iRymM6zfRm9+j
nO4f8++OqG/YXL+oABLkSIZaoYWqGmZd5Nc1bq9sTXthUXHZeC6/V19n0TJYVIV5
HtIPFJbqn4S4uKjTFxyvudE6OfeW4+HpsY7bQHDRXWY1Kma0fgMYbhFZdUeNyr+6
N8EFXZ5nKVWqLH9zlAIPOn0AEXzOfvsWad+NU0bILY8f60SqW0AydjvzG8z9CU3e
vqxx+NxcG26SYscIcANvMI7HxtB6mblBYF2vSqBAkSrQ23Om+dnKkLhHO8pkkNtn
J4rLpAxEAA1yaqKK/1n67D6pSqvjdWQqOfgL/3E1sqgAGYYOBrc=
=rQaL
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-04-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-04-rc2
Bug fixes:
* do not allow creating of files with filenames on FAT file system
* install UEFI System Partition GUID on ESP handle
* in dtbdump.efi test tool use GUID to find ESP handle
Documentation:
* man-page for load command
* describe end of life of plat_auto
The Load File2 protocol exposes a device path with a VenMedia() node. Hence
our implementation of the device path to text protocol should support this
node.
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If dtbdump.efi is loaded from memory when calling LoadImage the loaded
image protocol will not indicate the partition from where it was loaded.
In this case use the EFI system partition for the 'load' and 'save'
commands.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the handle for the UEFI System Partition we must install the System
Partition GUID (with a NULL interface).
Let the efidebug command display the GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the implementation of the EFI_DT_FIXUP_PROTOCOL:
* Only check the buffer size when EFI_DT_APPLY_FIXUPS is set.
* In this case the field totalsize of the device-tree may not exceed the
buffer size.
* Install device-tree only if EFI_DT_INSTALL_TABLE is set.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At present prior_stage_fdt_address is declared as phys_addr_t. On
a 32-bit platform where phys_addr_t can be 64-bit, assigning its
value to gd->fdt_blob which is a pointer, can cause warnings.
Cast it to uintptr_t before the assignment.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
binman fixes support for symbols in sub-sections
support for additional cros_ec commands
various minor fixes / tweaks
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmAV6K8RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYERgf/QbwOL87yPbf9SyXBQ0EMTmn1ve9HCiv9
yeXrijvA0/wtTVoM44d/z7THb+7Zqw6LbsVOXUSicdGqaogy10xIuz5we0CoGJm6
iwYWV6kaAqjCxDTlSToGnR/TCjiOVgXC6u5QPCZC0LGbAmDbAl4jyCuQxxq2eXYD
hrLSzZPHDe0s2BeWZKRQJ26qyPfWIribXNJXG78/FsvDrdWPPc5K+/ZEb2IWawWR
nEZ8GTEYZpik/niEJ3gFozwCwpJQi3PyukjZvzTGn6tBqg12YXE4dbSzcj48Uj4o
prwUFAGKRR97zFB6c4+NUvd3VBUgPtPdZrtzZ1nNCppiMq1E4BKiDg==
=kijh
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-30jan21' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm
tpm fixes for coral
binman fixes support for symbols in sub-sections
support for additional cros_ec commands
various minor fixes / tweaks
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.
With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().
Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the field Media->IoAlign of the EFI block IO protocol is zero, no
alignment is required. Our code required 4 GiB alignment in this case.
Don't check buffer alignment if Media->IoAlign == 0.
Fixes: f59f0825e8 ("efi_loader: parameter checks BLOCK_IO_PROTOCOL")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The field Media->LastBlock of the EFI_BLOCK_IO_PROTOCOL must be filled
with the index of the last logical block (LBA) for the block device that
our test driver provides.
After calling ConnectController() U-Boot exposes the block IO protocol for
the partition check that the value of Media->LastBlock equals the partition
size minus one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some images may have multiple copies of the same thing, e.g. two versions
of the read/write U-Boots. It is necessary to read data from one or other
of these under selection of the verified-boot logic. Add a function to
select the subnode to use.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this logic out of the main init function so it is available for
other purpose.
Use a different error when multiple-images is in use but no subnode is
available. This makes it easier to determine what is wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
Unfortunately the toolchain often brings in the crc32 table even if the
function is not actually used. For now, exclude it from the TPL build,
which is very sensitive to size.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this code uses a simple printf() format if running in SPL. But
SPL can use the full printf. Use USE_TINY_PRINTF instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This includes information about sandbox which is not relevant for most
boards. Drop it.
Also add the address to help figure out the problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The field Media.LastBlock of the EFI_BLOCK_IO_PROTOCOL.Media was filled
incorrectly both for block devices as well as for partitions.
The field must be filled with the index of the last logical block (LBA):
* block devices: device size minus 1
* partitions: partition size minus 1
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires event notification levels to be
> TPL_APPLICATION and <= TPL_HIGH_LEVEL.
With the patch the CreateEvent() and CreatedEventEx() services are changed
to check that the notification level is not TPL_APPLICATION.
Reference:
UEFI Specification 2.8 Errata B, table 27 "TPL Restrictions",
"Event Notification Levels"
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CID 316361 says:
> Passing argument "count * 8UL /* sizeof (*files) */" to
> function "dlmalloc" and then casting the return value to "u16 **" is
> suspicious. In this particular case "sizeof (u16 **)" happens to be equal
> to "sizeof (u16 *)", but this is not a portable assumption.
> > 767 tmp_files = malloc(count * sizeof(*files));
The change in this patch fixes the ambiguity.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316361
For readability use *tmp_files instead of tmp_files[0]
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use the correct GUID when closing the file load protocol.
Remove an unnecessary check (Coverity CID 316363).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Provide a test tool for initial RAM disk provided via load file2 protocol.
* Make more items configurable to reduce code size:
* Boot manager
* EFI_DT_FIXUP_PROTOCOL
* EFI_DEVICE_PATH_UTILITIES_PROTOCOL
* Bug fixes
* avoid EFI runtime symbols in global symbol table
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmAIHfIACgkQxIHbvCwF
GsSz8g/+No9xNYiAK1pY0Fjus6ZSfBhMCY9NGwkEkyzFwXZG+ckmlWwMd+auk8Oz
noU5vVBkr4JdrdpACdgiCdCeAfsYwxPy7/GulgVMLpptMlrLfbOhA/n7uOzhAilV
QDt3BouOuvW+sVlxoxD2FNkpw4vFS6CasFgBj1+tWunARoXqIRxD4MbFp1zwApHb
qC67jomsDS6MvQtrebZ3Erqkp67W0RVtD6X4KGq8+6g+8akVAan5zl7/gPj9Z8h6
M1AXG/pLqDMrG+3RFGMyqncPOlxPVL85BQAAJVB8/SQcAQ726R4z/ia+3VBFBWWf
N9rmzNJ9KnbAr3OHZnfqYITe/E2xgiRVqTYl5IL8701E41qhEjRiBWFF+U+QG/8b
3IByp4FZXVbVxjsjK8dIi5aTmBvznwb0HcrlcbwJRonTvBCBOZCVIoAn2PalZUFW
4zc4hGaoWVTdwRXaiiQKQuAfA52B3tfPqfWyUsm1E+crf/JYngstQe4A88FDorV6
ozISWNXb5RzYdNluewJl2c1rfWcUiWHbbnKMt+YbDvE4OTy6lbJC9oY0mNfPE7nK
7cq/Tk8WNhrMIv95nqzDBCv78naa0iQF5P+tHk6/r3IJ/wFFyD6f4ZvGijvCK+9o
vgnmK0kz9Qd53m+g4L54xpTsyoCXaU2N9zzD1QgwV3HjW2JyjxY=
=yVF7
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-04-rc1-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-04-rc1-2
* Provide a test tool for initial RAM disk provided via load file2 protocol.
* Make more items configurable to reduce code size:
* Boot manager
* EFI_DT_FIXUP_PROTOCOL
* EFI_DEVICE_PATH_UTILITIES_PROTOCOL
* Bug fixes
* avoid EFI runtime symbols in global symbol table
EFI applications must use CR LF as line endings.
Provide a print() function to reduce code size.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide an UEFI application to save the initial RAM disk provided by U-Boot
via the Load File2 protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. It was however required to run the UEFI Self Certification Test
(SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of
running the SCT.
As the SCT does not need the protocol anymore it is time for removal.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.
On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move all load options related functions to a new module. So that they can
be compiled independently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
- Update qemu-riscv.rst build instructions.
- Add support for SPI on Kendryte K210.
- Add Microchip PolarFire SoC Icicle Kit support.
- Add support for an early timer.
- Select TIMER_EARLY to avoid infinite recursion for Trace.
When tracing functions is enabled this adds calls to
__cyg_profile_func_enter() and __cyg_profile_func_exit() to the traced
functions.
__cyg_profile_func_enter() and __cyg_profile_func_exit() invoke
timer_get_us() to record the entry and exit time.
initr_dm() will make gd->dm_root = NULL and gd->timer = NULL, so
timer_get_us() -> get_ticks() -> dm_timer_init() will lead to an
indefinite recursion.
So select TIMER_EARLY when tracing got enabled.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Change 2 typo error in CONFIG_LIB_ELF description:
- Supoort => Support
- fir => for
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Building fails with DEBUG=1:
lib/aes.c: In function ‘debug_print_vector’:
lib/aes.c:622:45: error:
cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
622 | printf("%s [%d] @0x%08x", name, num_bytes, (u32)data);
Pointers can only be cast to (uintptr_t). But anyway we have
%p for printing pointers.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
A common use of memmove() can be handled by memcpy(). Also memcpy()
includes an optimization for large sizes: it copies a word at a time. So
we can get a speed-up by calling memcpy() to handle our move in this case.
Update memmove() to call also memcpy() if the source don't overlap
the destination (src + count <= dest).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
When setting aside a GPT partition for holding the U-Boot environment,
having a partition type GUID [1] indicating "Linux filesystem" (as
most tools default to) is somewhat misleading - and there's no other
well-known type GUID that is better suited. So to have a canonical
value to put into the type field, define
3de21764-95bd-54bd-a5c3-4abe786f38a8
to mean a partition holding a U-Boot environment.
This is a v5 namespace-name GUID [2], generated [3] from a namespace
of "25cbcde0-8642-47c6-a298-1a3a57cd256b" and name "U-Boot
environment".
Should future type GUIDs be defined in the context of U-Boot, it's
sensible to use that same namespace GUID.
[1] https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs
[2] https://en.wikipedia.org/wiki/Universally_unique_identifier#Versions_3_and_5_(namespace_name-based)
[3] https://www.uuidtools.com/v5
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
There's no reason to require an appropriately sized output parameter
for the string, that's error-prone should the table ever grow an
element with a longer string. We can just return the const char*
pointer directly.
Update the only caller accordingly, and get rid of pointless ifdeffery
in the header so that the compiler always sees a declaration and can
thus do type-checking, whether or not PARTITION_TYPE_GUID is enabled
or not.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
The dtbdump.efi binary can already be used to dump the configuration table
with the device-tree to a file.
With this patch a device-tree file can be loaded. The EFI_DT_FIXUP_PROTOCOL
is called to
* apply U-Boot's fix-ups
* let U-Boot make memory reservations as required by the device-tree
* install the new device-tree as configuration table
In a next step this configuration table can be dumped.
A dtbdump.efi session would look like:
DTB Dump
========
=> load test.dtb
device-tree installed
=> save fixed-up.dtb
fixed-up.dtb written
=> exit
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In efi_mem_sort() adjacent memory regions of same type are coalesced.
Remove the remark "Merging of adjacent free regions is missing".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We do not want to use typedefs in U-Boot.
Do not use efi_string_t in the EFI_TEXT_OUTPUT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let helloworld.efi print the device path of the boot device and the file
path as provided by the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl/09LURHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIrebjwwf/fHRjYsAY/Yj/+y1xgo3L3sphIvQUqTDF
KkLl+kHdV5r8W/HJULxLQcF2r7pcPEI6TAQxuj3qQ5SUvm2HviS8GHGPawDEwyht
HgBp9VD56+HUadMfnbG//DVS73ycbL4XSKlYqpkINEejtnlttsCIawUXX5cTyGM/
59VkgnKrKvJQRUXvYLa8MTugTs4fkPJGDqhActBk/7SP1SImj+rfalNSqA2/dx6y
2RnPCSzB1x2231KSj+B1NgGlR3Xb8P8zgh20ijcEU/hrlXBTZyi7K7f4SJR30Efu
LYkkuj4VbxcV/25RozR0fmknqCs0QyAI+/dql6TNtbTSPC/jAfj0jQ==
=9kN3
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-5jan21' of git://git.denx.de/u-boot-dm into next
Driver model: make some udevice fields private
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
This error should not happen in normal use. Reduce the length of it to
save space in the image.
Add an empty spl.h file to sh since it appears to lack this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Most drivers use these access methods but a few do not. Update them.
In some cases the access is not permitted, so mark those with a FIXME tag
for the maintainer to check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Typedefs should not be used in U-Boot and structs should be lower case.
Update the code to use struct ns16550 consistently.
Put a header guard on the file while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Add support for enabling uefi capsule authentication. This feature is
enabled by setting the environment variable
"capsule_authentication_enabled".
The following configs are needed for enabling uefi capsule update and
capsule authentication features on the platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When a new event is queued we have to process the event queue by calling
efi_process_event_queue(). But there is not reason to call the function
when the event is not queueable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.
So let's add an extra argument with the buffer size and check that
before doing any copying.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we install the EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader only falls back to the cmdline interpreted initrd if the
protocol is not installed.
This creates a problem for EFI installers, since they won't be able to
load their own initrd and start the installation.
A following patch introduces a different logic where we search for an
initrd path defined in an EFI variable named 'Initrd####'.
If the bootmgr is used to launch the EFI payload, we'll will try to match
the BootCurrent value and find the corresponding initrd
(i.e Boot0000 -> Initrd0000 etc). If the file is found, we'll install
the required protocol which the kernel's efi-stub can use and load our
initrd.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
dm.h and env.h serve no purpose here. Remove them and sort the
remaining in alphabetical order.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not use data from the loaded image object after deleting it.
Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().
Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.
Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.
Make the size of the memory buffer for UEFI variables customizable.
Reported-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Do not use data from the loaded image object after deleting it.
Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().
Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.
Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
While assigning the sequence number to subsystem instances by reading the
aliases property, only DT nodes names are compared and not the complete
path. This causes a problem when there are two DT nodes with same name but
have different paths.
In arch/arm/dts/k3-am65-main.dtsi there are two USB controllers with the
same device tree node name but different path. When aliases are defined for
these USB controllers then fdtdec_get_alias_seq() fails to pick the correct
instance for a given index.
fdt_path_offset() function is slow and this would effect the U-Boot
startup. To avert the time penalty on all boards, apply this extra check
only when required by using a config option.
Fix it by comparing the phandles of DT nodes after the node names match,
under a config option.
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix whitespace error in Kconfig:
Signed-off-by: Simon Glass <sjg@chromium.org>
Implement a reset function that we can call after ExitBootServices(),
when all driver model devices are gone.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.
Make the size of the memory buffer for UEFI variables customizable.
Reported-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There is no-longer any need to check if sequence numbers are valid, since
this is ensured by driver model. Drop the unwanted logic.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.
The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test that causes an illegal instruction to occur.
The test can be run with the following commands:
=> setenv efi_selftest exception
=> bootefi selftest
This might be the output:
Executing 'exception'
EFI application triggers exception.
Illegal instruction
pc = 0x1444d016, pc_reloc = 0xffffaa078e8dd016
UEFI image [0x0000000000000000:0xffffffffffffffff] '/\selftest'
UEFI image [0x000000001444b000:0x0000000014451fff] pc=0x2016 '/bug.efi'
Resetting ...
It would tell us that the exception was triggered by an instruction
0x2016 bytes after the load address of the binary with filename /bug.efi.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
We provide a UEFI driver for block devices. When ConnectController() is
called for a handle with the EFI_BLOCK_IO_PROTOCOL this driver creates the
partitions. When DisconnectController() is called the handles for the
partitions have to be deleted. This requires that the child controllers
(partitions) open the EFI_BLOCK_IO_PROTOCOL of the controller (block IO
device) with attribute EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A unit test is supplied to test the support for the EFI_LOAD_FILE_PROTOCOL
and the EFI_LOAD_FILE2_PROTOCOL by the LoadImage() boot service.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_load_image_from_file() should read via either of:
* EFI_SIMPLE_FILE_SYSTEM_PROTOCOL
* EFI_LOAD_FILE_PROTOCOL
* EFI_LOAD_FILE2_PROTOCOL
To make the code readable carve out a function to load the image via the
file system protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implementing support for loading images via the EFI_LOAD_FILE_PROTOCOL
requires the boot policy as input for efi_load_image_from_path().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.
Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.
Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.
Fixes: 2bc27ca8a0 ("efi_loader: define UpdateCapsule api")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:
* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
concluding '\0'.
The solution for the following bug is split of into a separate patch:
* Short file names must be unique.
This patch only provides the loop over possible short file names.
Fixes: c30a15e590 ("FAT: Add FAT write feature")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At present this function returns 1 on success and 0 on failure. But in
the latter case it provides no indication of what went wrong.
If an attempt is made to delete a non-existent variable, the caller may
want to ignore this error. This happens when setting a non-existent
variable to "", for example.
Update the function to return 0 on success and a useful error code on
failure. Add a function comment too.
Make sure that env_set() does not return an error if it is deleting a
variable that doesn't exist. We could update env_set() to return useful
error numbers also, but that is beyond the scope of this change.
Signed-off-by: Simon Glass <sjg@chromium.org>
wip
In this commit, a very simple firmware management protocol driver
is implemented. It will take a binary image in a capsule file and
apply the data using dfu backend storage drivers via dfu_write_by_alt()
interface.
So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this commit, a very simple firmware management protocol driver
is implemented. It will take a common FIT image firmware in a capsule
file and apply the data using dfu backend storage drivers via
update_fit() interface.
So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.
Fit image is a common file format for firmware update on U-Boot, and
this protocol works neatly just as a wrapper for one.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A capsule tagged with the guid, EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID,
is handled as a firmware update object.
What efi_update_capsule() basically does is to load any firmware management
protocol (or fmp) drivers contained in a capsule, find out an appropriate
fmp driver and then invoke its set_image() interface against each binary
in a capsule.
In this commit, however, loading drivers is not supported.
The result of applying a capsule is set to be stored in "CapsuleXXXX"
variable, but its implementation is deferred to a fmp driver.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Capsule data can be loaded into the system either via UpdateCapsule
runtime service or files on a file system (of boot device).
The latter case is called "capsules on disk", and actual updates will
take place at the next boot time.
In this commit, we will support capsule on disk mechanism.
Please note that U-Boot itself has no notion of "boot device" and
all the capsule files to be executed will be detected only if they
are located in a specific directory, \EFI\UpdateCapsule, on a device
that is identified as a boot device by "BootXXXX" variables.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this commit, skeleton functions for capsule-related API's are
added under CONFIG_EFI_UPDATE_CAPSULE configuration.
Detailed implementation for a specific capsule type will be added
in the succeeding patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the previous patches we only introduced a minimal subset of the
EFI_TCG2_PROTOCOL protocol implementing GetCapability().
So let's continue adding features to it, introducing the
GetEventLog() and HashLogExtendEvent() functions.
In order to do that we first need to construct the eventlog in memory,
specifically in EFI_BOOT_SERVICES_DATA memory and a configuration table
from EFI_ACPI_MEMORY_NVS.
U-Boot won't currently add any events to the log or measure any
components, but will expose the necessary EFI APIs for applications
to do so.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The current tpm2_pcr_extend is hardcoded using SHA256.
Let's make the actual command to the TPM2 configurable so we can support
a wider range of algorithms and keep the current command line as-is i.e
limited to SHA256 only
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use logging functions instead of printf() and debug().
Change logging messages for uclass creation and destruction to log_debug().
Reported-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The origin patch didn't have this change and it was caused by manual
resolution where additional backslash was added.
Fixes: 6723b4c6ca ("binman: Call helper function binman_set_rom_offset() to fill offset")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()")
introduces a check using u16_strnlen(). This code is used on EFI
runtime variables as well, so unless we mark it as runtime, the kernel
will crash trying to access it.
Fixes: 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Enable EFI_SET_TIME on the sandbox and QEMU ARM to ensure that we compile
and test the relevant code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If GetNextVariableName() is called with a non-existing combination of
VariableName and VendorGuid, return EFI_INVALID_PARAMETER.
If GetNextVariableName() is called with a string that is not zero
terminated, return EFI_INVALID_PARAMETER.
Reformat a line over 80 characters.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.
This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When copying a string with must allocate a byte for the terminating '\0' in
the target buffer.
Fixes: fbe4c7df00 ("efi_loader: enable file SetInfo()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add missing newline to log messages in efi_rng_register() otherwise
something like below would be shown
Scanning disk virtio-blk#31...
Found 2 disks
Missing RNG device for EFI_RNG_PROTOCOLNo EFI system partition
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When calling ExitBootServices during out unit tests we should not detach
devices as we need console output for runtime tests.
Fixes: 529441ca89 ("efi_loader: Disable devices before handing over control")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For implementing the EFI_TCG2_PROTOCOL we need the count field returned by
the TPM when reading capabilities via tpm2_get_capability().
Adjust the implementation of the 'tpm2 get_capability' command accordingly.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For validating the fixed up device tree we need a tool to need to save it
to a file.
dtbdump.efi copies the configuration table with the device tree to a file
on the same partition from which dtbdump.efi was invoked. The file name can
be entered on the console.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When deleting a non-volatile variable it was deleted from memory but the
deletion was not persisted to the file system.
SetVariable() may be called with attributes == 0 to delete a variable. To
determine if the deletion shall be persisted we have to consider the
non-volatile flag in the attributes of the deleted variable and not the
value passed in the call parameter.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
patman showing email replies from Patchwork
sandbox poweroff command
minor fixes in binman, tests
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl+kJL8RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreaDpAf+MajyuxlmGmFTjpyiB026aWiYE4rAn4AE
bXEDxHpOTIH4hDX7kYVWPmuKivHJo2hF0WUpIFBEAgtc2dOfjOP+mrDjBzG1Pikl
z5yuilG7eHwC1kTIkPv/tPHwDWRBI5VNwTYq0VTtffMKr8LCBo96wEYEbeYK0xdQ
kpNa9d4G+tpx20BCRgPLeOMk2pg5SVszkCCkmmPd12rO2zJ9+wWa8fwA759E93Rw
RshoRCtLNo2nEA3uJVG2aN9n3eAdM/iupDVdBLg50SFKabUxt7OcvGOC8NzGdAmT
9UbB8scvQJyI/kylGT+ghH3o2RqQGvuIRXmDyETckdkpiqK0SQvysg==
=eOGz
-----END PGP SIGNATURE-----
Merge tag 'dm-pull5nov20' of git://git.denx.de/u-boot-dm
patman status subcommand to collect tags from Patchwork
patman showing email replies from Patchwork
sandbox poweroff command
minor fixes in binman, tests
Now that we can use devicetree to specify this information, drop the old
CONFIG options.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Some boards want to specify the manufacturer or product name but do not
need to have their own sysinfo driver.
Add a default driver which provides a way to specify this SMBIOS
information in the devicetree, without needing any board-specific
functionality.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The current tables only support a subset of the available fields defined
by the SMBIOS spec. Add a few more.
We could use CONFIG_SYS_CPU or CONFIG_SYS_SOC as a default for family, but
the meaning of that value relates more to the whole system rather than
just the SoC.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Support a way to put SMBIOS properties in the device tree. These can be
placed in a 'board' device in an 'smbios' subnode.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
As a first step to obtaining SMBIOS information from the devicetree, add
an ofnode parameter to the writing functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
If there is no reset line, this still emits ACPI code for the reset GPIO.
Fix it by updating the check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present all tables are placed starting at address f0000 in memory, and
can be up to 64KB in size. If the tables are very large, this may not
provide enough space.
Also if the tables point to other tables (such as console log or a ramoops
area) then we must allocate other memory anyway.
The bloblist is a nice place to put these tables since it is contiguous,
which makes it easy to reserve this memory for linux using the 820 tables.
Add an option to put some of the tables in the bloblist. For SMBIOS and
ACPI, create suitable pointers from the f0000 region to the new location
of the tables.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: squashed in http://patchwork.ozlabs.org/project/uboot/patch/
20201105062407.1.I8091ad931cbbb5e3b6f6ababdf3f8d5db0d17bb9@changeid/]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
There is prepared function for filing rom_offset. That's why use it instead
of copying content of it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a very simple API to be able to access SMBIOS strings
like vendor, model and bios version.
Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The series contains the following enhancements
* preparatory patches for UEFI capsule updates
* initialization of the emulated RTC using an environment variable
and a bug fix
* If DisconnectController() is called for a child controller that is the
only child of the driver, the driver must be disconnected.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl+e1WUACgkQxIHbvCwF
GsRHhQ//X/hQiow1/3YwskyZkC89QPLE+TDeGcRHdy7W2rjfJlOBJtsI1tzvsTWw
8etgIuoh1MKebJZZQk/ZxKdWOaN3RWP7wL/9c6PHpkkML+WzyLWShf5UgLMWeo3w
a7t0LW4kfxbzmhg/f4x0Gi3qUh0SiS6T8Q5X/SlJOX091IvCmCOTkGUT6dBogm78
WnISQvgP3uApOt2s66hVVtFaH4zbXDYwDnQhhUoonRF1AfuE3jTyr39IoNsCdPOx
vEbTqNKQQnt4yIIaPJlV+KX//jtCCnyLBPrZA1tI2QPyBjADmNcau2OjlBZyJpr0
1awgSueXgBtMCAp6bHMl9p3eSKYv2f0BvPGljgKrs9dfIZk+XN0w62VuSYwRi7TU
ZEppINMisM1hC9+7jKNGn0nE9y3UldBSNThWxk8ykpWL+Btv5KeArHK4+916nadQ
a7t+6Ow7hiVI1Y/3TWaLvCi7xfqsU87QH6dx0nozgBUotuujIqa5lAeSGR9Rc6N2
PSblEGf8AA8+oGAdBhNvDncHiRLWkUoBqFsaaAk4EiaHQk60InZ9CpQdeMqHErcx
uLL9JcOCZeStcWF+vWmyU2L49O88HRHvboM7zA+gqLIUilwgKxmlOocoq+0jtA4l
Bg72F3cI7+g+aTidskEOGo2v2cj0dh32ub5CqRHLdt3PUzP6qhs=
=mCEL
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-01-rc2 (2)
The series contains the following enhancements
* preparatory patches for UEFI capsule updates
* initialization of the emulated RTC using an environment variable
and a bug fix
* If DisconnectController() is called for a child controller that is the
only child of the driver, the driver must be disconnected.
Some commands can get very unweildy if they have too many positional
arguments. Adding options makes them easier to read, remember, and
understand.
This implementation of getopt has been taken from barebox, which has had
option support for quite a while. I have made a few modifications to their
version, such as the removal of opterr in favor of a separate getopt_silent
function. In addition, I have moved all global variables into struct
getopt_context.
The getopt from barebox also re-orders the arguments passed to it so that
non-options are placed last. This allows users to specify options anywhere.
For example, `ls -l foo/ -R` would be re-ordered to `ls -l -R foo/` as
getopt parsed the options. However, this feature conflicts with the const
argv in cmd_tbl->cmd. This was originally added in 54841ab50c ("Make sure
that argv[] argument pointers are not modified."). The reason stated in
that commit is that hush requires argv to stay unmodified. Has this
situation changed? Barebox also uses hush, and does not have this problem.
Perhaps we could use their fix?
I have assigned maintenance of getopt to Simon Glass, as it is currently
only used by the log command. I would also be fine maintaining it.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
This function will be used from several places in UEFI subsystem
to generate some specific form of utf-16 variable name.
For example, L"Capsule0001"
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Move function to separate module.
Use char * as argument instead of u16 *.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If this option, CONFIG_EFI_SETUP_EARLY, is enabled, the initialisation
of UEFI subsystem will be done as part of U-Boot initialisation.
Please note that this option won't be enabled explicitly by users,
instead, should be enabled implicitly by other configuration options.
Specifically, this feature will be utilised in implementing capsule-on-disk
feature.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If ChildHandle indicates the sole child of the driver, disconnect the
driver.
This fixes the test results for UEFI SCT 2.6 A
sub-tests 5.1.3.12.43, 5.1.3.12.44, 5.1.3.12.45.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for multiple images, since these are used on x86 now. Select
the first image for now, since that is generally the correct one. At some
point we can add a way to determine which image is currently running.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a function to read the ROM offset so that we can store the value
in one place and clients don't need to store it themselves after calling
binman_set_rom_offset().
Signed-off-by: Simon Glass <sjg@chromium.org>
common:
- Add support for 64bit loadables from SPL
xilinx:
- Update documentation and record ownership
- Enable eeprom board detection based legacy and fru formats
- Add support for FRU format
microblaze:
- Optimize low level ASM code
- Enable SPI/I2C
- Enable distro boot
zynq:
- Add support for Zturn V5
zynqmp:
- Improve silicon detection code
- Enable several kconfig options
- Align DT with the latest state
- Enabling security commands
- Enable and support FPGA loading from SPL
- Optimize xilinx_pm_request() calling
versal:
- Some DTs/Kconfig/defconfig alignments
- Add binding header for clock and power
zynq-sdhci:
- Add support for tap delay programming
zynq-spi/zynq-qspi:
- Use clock framework for getting clocks
xilinx-spi:
- Fix some code issues (unused variables)
serial:
- Check return value from clock functions in pl01x
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCX5rH/QAKCRDKSWXLKUoM
IRPAAJ9SvHR3w1qTc5W+Q5CWBUH5wJbNYQCaA4PpqZCdvyu1+nF5luL6JHhbDgw=
=hOd7
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.01-v2' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2021.01-v2
common:
- Add support for 64bit loadables from SPL
xilinx:
- Update documentation and record ownership
- Enable eeprom board detection based legacy and fru formats
- Add support for FRU format
microblaze:
- Optimize low level ASM code
- Enable SPI/I2C
- Enable distro boot
zynq:
- Add support for Zturn V5
zynqmp:
- Improve silicon detection code
- Enable several kconfig options
- Align DT with the latest state
- Enabling security commands
- Enable and support FPGA loading from SPL
- Optimize xilinx_pm_request() calling
versal:
- Some DTs/Kconfig/defconfig alignments
- Add binding header for clock and power
zynq-sdhci:
- Add support for tap delay programming
zynq-spi/zynq-qspi:
- Use clock framework for getting clocks
xilinx-spi:
- Fix some code issues (unused variables)
serial:
- Check return value from clock functions in pl01x
Adjust the SetTime() and GetTime() runtime services to correctly convert
the daylight saving time information when communicating with the RTC.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot Driver Model is supposed to remove devices with either
DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting.
Our bootm command does that by explicitly calling calling
"dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any
USB devices.
The EFI equivalent is doing none of those at the moment. As a result
probing an fTPM driver now renders it unusable in Linux. During our
(*probe) callback we open a session with OP-TEE, which is supposed to
close with our (*remove) callback. Since the (*remove) is never called,
once we boot into Linux and try to probe the device again we are getting
a busy error response. Moreover all uclass (*preremove) functions won't
run.
So let's fix this by mimicking what bootm does and disconnect devices
when efi_exit_boot_services() is called.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Order header files according to https://www.denx.de/wiki/U-Boot/CodingStyle
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
An UEFI application may change the value of the register that gd lives in.
But some of our functions like get_ticks() access this register. So we
have to set the gd register to the U-Boot value when entering a trace
point and set it back to the application value when exiting the trace
point.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
int zynq_pow_mod(u32 *keyptr, u32 *inout);
^~~
__u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
int zynq_pow_mod(u32 *keyptr, u32 *inout);
^~~
__u32
Fixes: 37e3a36a54 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
In the International System of Units (SI) the prefix kilo is abbreviated as
'k' not 'K'. 'K' is the symbol for Kelvin.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
The sandbox is built with the SDL2 library with invokes the X11 library
which in turn calls getc(). But getc() in glibc is defined as
int getc(FILE *)
This does not match our definition.
int getc(void)
The sandbox crashes when called with parameter -l.
Rename our library symbol getc() to getchar().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
With DM enabled the ethernet code will receive a packet, call
the push method that's set by the EFI network implementation
and then free the packet. Unfortunately the push methods only
sets a flag that the packet needs to be handled, but the code
that provides the packet to an EFI application runs after the
packet has already been freed.
To rectify this issue, adjust the push method to accept the packet
and store it in a temporary buffer. The EFI application then gets
the data copied from that buffer. This way the packet is cached
until is is needed.
The DM Ethernet stack tries to receive 32 packets at once, thus
we better allocate as many buffers as the stack.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
get_ticks does not always succeed. Sometimes it can be called before the
timer has been initialized. If it does, it returns a negative errno.
This causes the timer to appear non-monotonic, because the value will
become much smaller after the timer is initialized.
No users of get_ticks which I checked handle errors of this kind. Further,
functions like tick_to_time mangle the result of get_ticks, making it very
unlikely that one could check for an error without suggesting a patch such
as this one.
This patch panics if we ever get an error. There are two cases in which
this can occur. The first is if we couldn't find/probe the timer for some
reason. One reason for this is if the timer is not available so early. This
likely indicates misconfiguration. Another reason is that the timer has an
invalid/missing device tree binding. In this case, panicing is also
correct. The second case covers errors calling get_count. This can only
occur if the timer is missing a get_count function (or on RISC-V, but that
should be fixed soon).
Fixes: c8a7ba9e6a
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit fdf0819afb (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.
However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.
To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].
Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.
If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.
This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
We assign first_deleted = 0. There is no need to check its value without
any further assignment in between.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is sometimes useful to output hex dumps in SPL. Add a config option to
allow this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The result of fdt_node_offset_by_phandle is negative for error,
so this patch corrects the check of this result in
fdtdec_parse_phandle_with_args.
This patch allows to have the same behavior with or without OF_LIVE
for the function dev_read_phandle_with_args with cell_name = NULL and
with invalid phandle.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.
Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we do not execute a test requiring ExitBootServices do not reset the
system after testing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Print the CRC32 loaded via the EFI_LOAD_FILE2_PROTOCOL as a hexadecimal
number.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
U-Boot offers a EFI_LOAD_FILE2_PROTOCOL which the Linux EFI stub can use to
load an initial RAM disk. Update the function comments of the
implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.
Only install the EFI_RNG_PROTOCOL if we have a RNG device.
Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add an implementation of the DBG2 (Debug Port Table 2) ACPI table.
Adjust one of the header includes to be in the correct order, before
adding more.
Note that the DBG2 table is generic but the PCI UART is x86-specific at
present since it assumes an ns16550 UART. It can be generalised later
if necessary.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function to generate ACPI code for a _DSM method for a device.
This includes functions for starting and ending each part of the _DSM.
Signed-off-by: Simon Glass <sjg@chromium.org>
[bmeng: fix the "new blank line at EOF" git warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
A 'Power Resource for Wake' list the resources a device depends on for
wake. Add a function to generate this.
Signed-off-by: Simon Glass <sjg@chromium.org>
OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.
Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.
Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.
No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On RISC-V check that the /chosen node has a boot-hartid property.
To run the test configure with CONFIG_CMD_BOOTEFI_SELFTEST=y and issue
setenv efi_selftest device tree
setenv serial# myserial
bootefi selftest
If the test succeeds, it reports the boot-hartid, e.g.
boot-hartid: 1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allow specifying the node on which a property is searched.
Test the device tree consistency more rigorously.
Some efi_st_printf() calls have been converted to efi_st_error().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Refine text for overlap_only_ram description to
match to what exactly flag does and aling description
with other functions.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair incorrectly negated condition in the original patch which broke
DT memory node parsing on everything which has more than one DT memory
node, e.g. R-Car3.
In case multiple valid memory nodes are present in the DT, the original
patch would complete parsing cycle for the first memory node, then move
on to the next one, identify it as a valid, and end the parsing. The fix
is to invert the condition, to make the code behave as it did before the
livetree conversion, so it would continue parsing the subsequent memory
nodes as well.
Fixes: c2f0950c33 ("lib: fdt: Convert fdtdes_setup_mem..() to livetree API")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Tested-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Before calling do_reset() in the EFI selftest we must restore the global
data pointer.
Fixes: fa63753f86 ("efi_selftest: substitute ResetSystem() by do_reset()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_var_mem_notify_exit_boot_services() is invoked when ExitBootServices()
is called by the UEFI payload.
efi_var_mem_notify_exit_boot_services() should not be defined as
__efi_runtime as it is invoking EFI_ENTRY() and EFI_EXIT() which themselves
are not __efi_runtime.
Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Fixes: e01aed47d6 ("efi_loader: Enable run-time variable support for tee based variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes problem for unaligned 32bit big-endian access in
lib/rsa/rsa-keyprop.c.
Exchanges br_i32_decode() with get_unaligned_be32().
This will keep the unaligned access for architectures capable and will do
some byte-shift magic for the not so capable ones.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-by: Robert Reither <robert.reither@external.thalesgroup.com>
Remove unused include.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.
Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
After allocating to pointer ctx we should check that pointer and not
another pointer already checked above.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since commit 86cf1c8285 ("configs: Migrate CONFIG_NR_DRAM_BANKS") &
commit 999a772d9f ("Kconfig: Migrate CONFIG_NR_DRAM_BANKS"),
CONFIG_NR_DRAM_BANKS is always defined with a value (4 is default).
It makes no sense to still carry code that is guarded with
"#ifndef CONFIG_NR_DRAM_BANKS" (and similar). This patch removes
all these unreferenced code paths.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
- Add basic Marvell/Cavium OcteonTX/TX2 support (Suneel)
- Infrastructure changes to PCI uclass to support these SoC's (Suneel)
- Add PCI, MMC & watchdog driver drivers for OcteonTX/TX2 (Suneel)
- Increase CONFIG_SYS_MALLOC_F_LEN for qemu-x86 (Stefan)
Cleaning up the following:
ERROR: do not use assignment in if condition
#281: FILE: drivers/xen/pvblock.c:260:
+ if ((err = xenbus_switch_state(XBT_NIL, nodename,
CHECK:COMPARISON_TO_NULL: Comparison to NULL could be written "err"
#52: FILE: drivers/xen/pvblock.c:298:
+ if (err != NULL) {
ERROR: do not use assignment in if condition
#176: FILE: drivers/xen/gnttab.c:103:
+ if ((flags = nflags) & (GTF_reading | GTF_writing)) {
WARNING: Missing or malformed SPDX-License-Identifier tag in line 1
#329: FILE: include/xen/gnttab.h:1:
+/*
WARNING: Misplaced SPDX-License-Identifier tag - use line 1 instead
#330: FILE: include/xen/gnttab.h:2:
+ * SPDX-License-Identifier: GPL-2.0
ERROR: do not use assignment in if condition
#630: FILE: lib/sscanf.c:558:
+ if ((n = inr) < width) {
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bootxxxx variables are provided by the user and therefore cannot be
trusted. We have to validate them before usage.
A device path provided by a Bootxxxx variable must have an end node within
the indicated device path length.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We need to check that device paths provided via UEFI variables are not
malformed.
Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The unit test will reset the system by calling the ResetSystem() runtime
service before or after ExitBootServices() according to the users choice
by setting environment variable efi_selftest to:
* 'reset system' or
* 'reset system runtime'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If ResetSystem() is not implemented at runtime, it should return instead
of hanging in an endless loop. This allows the operating system to reset
the system by other means as Linux does. It also matches what EDK II
suggests in comments for functions ResetShutdown() and ResetWarm() in
OvmfPkg/Library/ResetSystemLib/ResetSystemLib.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Convert fdtdec_setup_mem_size_base(), get_next_memory_node(),
fdtdec_setup_memory_banksize() and fdtdec_setup_mem_size_base_lowest() to
livetree API.
Tested on ZynqMP zcu104 board.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
New function should be called from board dram_init() because it initialized
gd->ram_base/ram_size. It finds the lowest available memory.
On systems with multiple memory nodes finding out the first memory node by
fdtdec_setup_mem_size_base() is not enough because this memory can be above
actual U-Boot VA mapping. Currently only mapping till 39bit is supported
(Full 44bit mapping was removed by commit 7985cdf74b ("arm64: Remove
non-full-va map code")).
If DT starts with the first memory node above 39bit address then system can
be unpredictable.
The function is available only when multiple memory bank support is
enabled.
Calling fdtdec_setup_memory_banksize() from dram_init() is not possible
because fdtdec_setup_memory_banksize() is saving dram information to bd
structure which is placed on stack but not initialized at this time. Also
stack is placed at location setup in dram_init().
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This series includes bug fixes for:
* UEFI secure boot - images with multiple signatures
* UEFI secure boot - support for intermediate certificates
* corrections for UEFI unit tests
* missing loadaddr on MAIX board
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl82zyEACgkQxIHbvCwF
GsR8GQ/9FzCCfmhu2VhVI1cUKIT2B/FhAXbADAAhmBFk1SezhnKrsWUFFUbHeD+v
c0+QKBldIARxpD40M68FNP7QVA35iaU2+Z5jBQ7r5ZUuTuZkxeFavtHRXlSCL02R
rmdsKTtwPTRgve3IxEFJcxc4jpvAhNH+QLveK+PA+gUGjd2UoYWoGknJ4n8oe2rG
uDX4em8Sy1LXrkJLCf5Ae8+M3FBOtsBAFif1tX5cWnH5kP3DbL9A5A5JHxlVJEQi
SBC8NuJW+At89VlckEGpREt8itFMicdbLT/dSKDU3kh+l/h6zTbd9fGmoKLKXDdw
O/qwC2kwsKg/jrfZwYOTzUIpRt3jhe+CwrEajVJY12jIQzAW4kvj2mo9AeBEydHO
umFfbExGH8zwZgynrhhbjHdNxcGBahUGLoKLCkJI51I7EwCMCrN5rtUpUzxVybTE
VJKyTqlyUSIZGU4AsQT3KflLGRGU/HNS2ariQWjEbKWcCC03Q7dXH1RQMUxTlqL3
Owhqv/NI07WIvQZD3oWPkn3Z8tiQMzF370qO2gb/AwM7U0P3ggkcUxAs7mCIj5x6
81PP65di4+zRzCyU1IHCILem7LHxGR6drGatbHspGBYAJrPduyM2cYAa0eXUOCvX
Hz1GURhlVGwBdBAwaZ+g13/NtisrkRBQQYZO8jiEBqhnWoc3514=
=0ZD1
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-10-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc3 (2)
This series includes bug fixes for:
* UEFI secure boot - images with multiple signatures
* UEFI secure boot - support for intermediate certificates
* corrections for UEFI unit tests
* missing loadaddr on MAIX board
Port sscanf implementation from mini-os and introduce new
Kconfig option to enable it: CONFIG_SSCANF. Disable by default.
Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.
Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
Multiple signatures are allowed to exist in the binary’s certificate
table (as per PE/COFF Section “Attribute Certificate Table”). Only
one hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx.
This patch makes the semantics of signature verification compliant with
the specification mentioned above.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.
This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.
This patch fixes the order of variable initialization and secure state
initialization.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 5f7dcf079d ("efi_loader: UEFI variable persistence")
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.
What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.
pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.
A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().
So the buffer should be kept valid until the authentication process
is finished.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).
Factor out a common function efi_set_load_options().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some amount of code was moved/derived from efi_variable.c regarding
UEFI secure boot, in particluar in the commit 012c56ac76 ("efi_loader:
restructure code for TEE variables").
So add the orignal author's copyright notice.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Dump lmb status from the bdinfo command. This is useful for seeing the
reserved memory regions from the u-boot cmdline.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Two files relies on efi_driver.h to include common.h and dm.h which is
incorrect. The former should always be included in a non-host C file and
the latter should be included if driver model is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
Do not execute the block device test if CONFIG_DOS_PARTITION=n.
Imply CONFIG_DOS_PARTITION in Kconfig.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The Kconfig symbol CONFIG_STACK_SIZE is used both by ARM and Microblaze
with the same meaning. Move it to menu 'General setup' so that we can use
it for all architectures.
Use the value of CONFIG_STACK_SIZE instead of a hard coded 16 MiB value for
reserving memory in the UEFI sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We recently added functions for storing/restoring variables
from a file to a memory backed buffer marked as __efi_runtime_data
commit f1f990a8c9 ("efi_loader: memory buffer for variables")
commit 5f7dcf079d ("efi_loader: UEFI variable persistence")
Using the same idea we now can support GetVariable() and GetNextVariable()
on the OP-TEE based variables as well.
So let's re-arrange the code a bit and move the commmon code for
accessing variables out of efi_variable.c. Create common functions for
reading variables from memory that both implementations can use on
run-time. Then just use those functions in the run-time variants of the
OP-TEE based EFI variable implementation and initialize the memory
buffer on ExitBootServices()
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Remove superfluous conversion to (u8 *) for memcpy argument.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This option marks any U-Boot variable which does not have explicit 'w'
writeable flag set as read-only. This way the environment can be locked
down and only variables explicitly configured to be writeable can ever
be changed by either 'env import', 'env set' or loading user environment
from environment storage.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add configuration option which prevents the environment hash table to be
ever cleared and reloaded with different content. This is useful in case
the first environment loaded into the hash table contains e.g. sensitive
content which must not be dropped or reloaded.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
This reverts commit 3ebe09d09a.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 118f4d4559.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."
To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.
We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.
In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
When the file, x509_public_key.c, was imported from linux code in
commit b4adf627d5 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.
Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.
While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.
So simply re-implement it here instead of re-using the code.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use logging instead of printf() for messages occurring when scanning block
devices during the initialization of the UEFI sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed
size before doing the actual read.
So move the buffer!=NULL check to after the buffer size has been checked.
This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now
boots out of the box.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion
Fixes 23a397d2e2: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_var_mem_del() is in __efi_runtime because it would be needed for a
runtime implementation of SetVariable(). memmove() is not in __efi_runtime.
So we should not use it in efi_var_mem_del().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable efi_current_var is a pointer to a physical memory address that
becomes invalid after SetVirtualAddressMap(). Instead of converting it via
ConvertPointer() simply set it to NULL.
Fixes: b02a707152 ("efi_loader: enable UEFI variables at runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reverts commit 3ebe09d09a.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 118f4d4559.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:
It's a **mistake** to use typedef for structures and pointers.
Besides, using typedef for structures is annoying when you try to make
headers self-contained.
Let's say you have the following function declaration in a header:
void foo(bd_t *bd);
This is not self-contained since bd_t is not defined.
To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>
#include <asm/u-boot.h>
void foo(bd_t *bd);
Then, the include direcective pulls in more bloat needlessly.
If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:
struct bd_info;
void foo(struct bd_info *bd);
Right, typedef'ing bd_t is a mistake.
I used coccinelle to generate this commit.
The semantic patch that makes this change is as follows:
<smpl>
@@
typedef bd_t;
@@
-bd_t
+struct bd_info
</smpl>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
This fixes the CVE-2016-9840. Commit imported from [1].
inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.
[1]: 6a043145ca
Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Booting an lz4-compressed kernel image fails on our powerpc board with
-EPROTONOSUPPORT. Adding a bit of debug prints, we get
magic: 0x184d2204
flags: 0x64
reserved0: 1
has_content_checksum: 1
has_content_size: 0
has_block_checksum: 0
independent_blocks: 1
version: 0
block_descriptor: 70
reserved1: 7
max_block_size: 0
reserved2: 0
So the magic is ok, but the version check fails, also some reserved
bits are apparently set. But that's because the code interprets the
"flags" and "block_descriptor" bytes wrongly:
Using bit-fields to access individual bits of an "on the wire" format
is not portable, not even when restricted to the C flavour implemented
by gcc. Quoting the gcc manual:
* 'The order of allocation of bit-fields within a unit (C90 6.5.2.1,
C99 and C11 6.7.2.1).'
Determined by ABI.
and indeed, the PPC Processor ABI supplement says
* Bit-fields are allocated from right to left (least to most
significant) on Little-Endian implementations and from left to
right (most to least significant) on Big-Endian implementations.
The upstream code (github.com/lz4/lz4) uses explicit shifts and masks
for encoding/decoding:
/* FLG Byte */
*dstPtr++ = (BYTE)(((1 & _2BITS) << 6) /* Version('01') */
+ ((cctxPtr->prefs.frameInfo.blockMode & _1BIT ) << 5)
+ ((cctxPtr->prefs.frameInfo.blockChecksumFlag & _1BIT ) << 4)
+ ((unsigned)(cctxPtr->prefs.frameInfo.contentSize > 0) << 3)
+ ((cctxPtr->prefs.frameInfo.contentChecksumFlag & _1BIT ) << 2)
+ (cctxPtr->prefs.frameInfo.dictID > 0) );
/* Flags */
{ U32 const FLG = srcPtr[4];
U32 const version = (FLG>>6) & _2BITS;
blockChecksumFlag = (FLG>>4) & _1BIT;
blockMode = (FLG>>5) & _1BIT;
contentSizeFlag = (FLG>>3) & _1BIT;
contentChecksumFlag = (FLG>>2) & _1BIT;
dictIDFlag = FLG & _1BIT;
/* validate */
if (((FLG>>1)&_1BIT) != 0) return err0r(LZ4F_ERROR_reservedFlag_set); /* Reserved bit */
if (version != 1) return err0r(LZ4F_ERROR_headerVersion_wrong); /* Version Number, only supported value */
}
Do the same here, and while at it, be more careful to use unaligned
accessors to what is most likely unaligned. Also update the comment to
make it clear that it only refers to the lz4.c file, not the following
code of lz4_wrapper.c.
This has been tested partly, of course, by seeing that my
lz4-compressed kernel now boots, partly by running the (de)compression
test-suite in the (x86_64) sandbox - i.e., it should still work just
fine on little-endian hosts.
Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Allow writing named integers and strings to the generated ACPI code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix the "new blank line at EOF" warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>