Commit graph

98 commits

Author SHA1 Message Date
AKASHI Takahiro
2bc27ca8a0 efi_loader: define UpdateCapsule api
In this commit, skeleton functions for capsule-related API's are
added under CONFIG_EFI_UPDATE_CAPSULE configuration.
Detailed implementation for a specific capsule type will be added
in the succeeding patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:49 +01:00
Ilias Apalodimas
c8d0fd5825 efi_loader: Introduce eventlog support for TCG2_PROTOCOL
In the previous patches we only introduced a minimal subset of the
EFI_TCG2_PROTOCOL protocol implementing GetCapability().
So let's continue adding features to it, introducing the
GetEventLog() and HashLogExtendEvent() functions.

In order to do that we first need to construct the eventlog in memory,
specifically in EFI_BOOT_SERVICES_DATA memory and a configuration table
from EFI_ACPI_MEMORY_NVS.
U-Boot won't currently add any events to the log or measure any
components, but will expose the necessary EFI APIs for applications
to do so.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-03 21:22:40 +01:00
Heinrich Schuchardt
31cadc3635 efi_loader: enable EFI_SET_TIME on sandbox and QEMU ARM
Enable EFI_SET_TIME on the sandbox and QEMU ARM to ensure that we compile
and test the relevant code.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-29 05:18:37 +01:00
Ilias Apalodimas
c1c021052c efi_loader: Add basic EFI_TCG2_PROTOCOL support
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.

This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
AKASHI Takahiro
c57c943954 efi_loader: add option to initialise EFI subsystem early
If this option, CONFIG_EFI_SETUP_EARLY, is enabled, the initialisation
of UEFI subsystem will be done as part of U-Boot initialisation.

Please note that this option won't be enabled explicitly by users,
instead, should be enabled implicitly by other configuration options.

Specifically, this feature will be utilised in implementing capsule-on-disk
feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30 14:20:27 +01:00
Heinrich Schuchardt
4b71f6dc4e efi_loader: QEMU CONFIG_EFI_GRUB_ARM32_WORKAROUND=n
CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.

Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
7dda16343d efi_loader: pre-seed UEFI variables
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
be66b89da3 efi_loader: configuration of variables store
The file based and the OP-TEE based UEFI variable store are mutually
exclusive. Define them as choice options in Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
5f7dcf079d efi_loader: UEFI variable persistence
Persist non-volatile UEFI variables in a file on the EFI system partition.

The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.

The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
93f6201af7 efi_loader: imply FAT, FAT_WRITE
The UEFI spec requires support for the FAT file system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:56 +02:00
Ilias Apalodimas
f042e47e8f efi_loader: Implement EFI variable handling via OP-TEE
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.

So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-17 21:59:53 +02:00
AKASHI Takahiro
9bf09b5120 efi_loader: add CONFIG_EFI_SECURE_BOOT config option
Under this configuration, UEFI secure boot support will be added
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Peter Robinson
bdf329e4a3 efi_loader: enable RNG if DM_RNG is enabled
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Ilias Apalodimas
ec80b4735a efi_loader: Implement FileLoad2 for initramfs loading
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.

The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.

[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-28 19:37:14 +01:00
Heinrich Schuchardt
0e228853b5 efi_loader: EFI_RNG_PROTOCOL
Do not use quotation marks for Kconfig help text.
Replace rng abbreviation by full words.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-19 12:53:36 +01:00
Heinrich Schuchardt
faadc04180 efi_loader: imply VIDEO_ANSI
UEFI programs like GRUB make change terminal colors which requires support
for ANSI escape sequences.

Let CONFIG_EFI_LOADER=y imply CONFIG_VIDEO_ANSI.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-15 00:51:51 +01:00
Sughosh Ganu
f552fa496c efi: qemu: arm64: Add efi_rng_protocol implementation for the platform
Add support for the EFI_RNG_PROTOCOL routines for the qemu arm64
platform. EFI_RNG_PROTOCOL is an uefi boottime service which is
invoked by the efi stub in the kernel for getting random seed for
kaslr.

The routines are platform specific, and use the virtio-rng device on
the platform to get random data.

The feature can be enabled through the following config
CONFIG_EFI_RNG_PROTOCOL

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Changed SPDX header to use /* instead of //.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:22 +01:00
Heinrich Schuchardt
8876e1bc88 efi_loader: imply USB_KEYBOARD_FN_KEYS
UEFI applications like GRUB and SCT assume that function keys are enabled
on the keyboard.

Let EFI_LOADER imply USB_KEYBOARD_FN_KEYS.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:20 +01:00
Heinrich Schuchardt
b7cdecfc19 efi_loader: default EFI_LOADER=n on ARM11
Some of the ARM11 boards have tight limits on the size of U-Boots. Hence
use EFI_LOADER=n as default on ARM11.

Set EFI_LOADER=y for the Raspberry Pi and Raspberry Pi Zero as these boards
have sufficient storage on the SD card.

Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-11-23 09:19:31 +01:00
Heinrich Schuchardt
38064ee04c efi_loader: enable EFI_LOADER on arm1136 and arm1176
With an implementation for allow_unaligned() available for arm1136 and
arm1176 UEFI can be supported on these architectures.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-11-19 12:10:22 +01:00
Heinrich Schuchardt
b20bb09b21 efi_loader: restrict EFI_LOADER to armv7 and armv8 on ARM
fatload USB was reported to fail on the Sheevaplug. Debugging showed that
this was caused by an incorrect unaligned write to memory in
path_to_uefi().

UEFI on ARM requires that unaligned memory access is enabled.

* ARMv5 does not support unaligned access at all.
* ARMv6 supports unaligned access when we clear the A flag and set the
  U flag.
* On ARMv7 unaligned access is possible when clearing the aligned flag,
  which we do in function allow_unaligned() (arch/arm/cpu/armv7/sctlr.S).
  For none of the other cpus in arch/arm/cpu/ we have implemented a
  similar function.
* ARMv8 allows unaligned access.

Let EFI_LOADER on ARM depend on SYS_CPU=armv7 or SYS_CPU=armv8.

Once we have implemented allow_unaligned() for other ARM CPUs we can add
these to Kconfig.

Reported-by: Gray Remlin <gryrmln@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-11-19 12:10:22 +01:00
Heinrich Schuchardt
6f3badb67d efi_loader: re-enable GRUB workaround on 32bit ARM
GRUB on ARM 32bit prior to version 2.04 lacks proper handling of caches.
In U-Boot v2019.04 a workaround for this was inadvertently removed.

The workaround is currently also needed for booting on systems with caches
that cannot be managed via CP15 (e.g. with an i.MX6 CPU).

Re-enable the workaround and make it customizable.

Fixes: f69d63fae2 ("efi_loader: use efi_start_image() for bootefi")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-30 21:36:22 +02:00
Heinrich Schuchardt
953661a912 efi_loader: decision on EFI_RT_SUPPORTED_RESET_SYSTEM
Move the logic determining which board supports reset at runtime to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-06 21:25:32 +02:00
Heinrich Schuchardt
5ec48e38ee efi_loader: Kconfig entries for GetTime(), SetTime()
The GetTime() and the SetTime() runtime services are not obligatory. So
let's make them customizable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-06-01 04:53:13 +02:00
Heinrich Schuchardt
b1b782d306 efi_loader: implement deprecated Unicode collation protocol
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. Unfortunately it is required to run the UEFI Self Certification
Test (SCT) II, version 2.6, 2017. So we implement it here for the sole
purpose of running the SCT. It can be removed once a compliant SCT is
available.

The configuration option defaults to no.

Signed-off-by: Rob Clark <robdclark@gmail.com>

Most of Rob's original patch is already merged. Only the deprecated
protocol is missing. Rebase it and make it configurable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-19 08:10:10 +02:00
Heinrich Schuchardt
95ab381676 efi_loader: rename Unicode collation protocol 2 variables
Rename variables to make it clear they refer to the Unicode collation
protocol identified by the EFI_UNICODE_PROTOCOL2_GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-19 08:10:10 +02:00
Heinrich Schuchardt
64b5ba4d29 efi_loader: make device path to text protocol customizable
The device path to text protocol is not needed for EBBR compliance. So
let's make it a customizable option.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:22 +02:00
Heinrich Schuchardt
334997356e efi_loader: make Unicode collation protocol customizable
The Unicode collation protocol is not needed for EBBR compliance. So let's
make it a customizable option.

The Unicode capitalization table is only needed by this protocol. So let it
depend on the Unicode collation protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:22 +02:00
Heinrich Schuchardt
9363fd22df efi_loader: reword the EFI_LOADER config option
No need to mention U-Boot in brief description.
Fix several typos, mention iPXE.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:22 +02:00
Heinrich Schuchardt
5684c8d1ea efi_loader: format Kconfig
Use if/endif for dependencies to give structure to the configuration menu.

Sort important settings to the top.

Abbreviate the short description of EFI_LOADER_HII.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-12 20:54:22 +02:00
Heinrich Schuchardt
07805f203b efi_loader: fix setting PlatformLang
The UEFI variables PlatformLang and PlatformLangCodes specify the current
firmware language and the list of all available languages.

Currently their values are hard coded. With the patch a new configuration
variable EFI_PLATFORM_LANG_CODES is provided.

When initializing the UEFI subsystem this configuration variable is used to
initialize PlatformLangCodes. The value of variable PlatformLang is read.
If it is not set, the first language specified in EFI_PLATFORM_LANG_CODES
is used to initialize PlatformLang.

Suggested-by: Takahiro Akashi <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-12 22:00:42 +02:00
Heinrich Schuchardt
084f093301 efi_loader: enable HII protocols by default
As the UEFI shell requires the HII protocols let's enable them by default.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-12 22:00:41 +02:00
Alexander Graf
5fbb28958b efi_loader: Make HII a config option
Heinrich ran into issues with HII and iPXE which lead to #SErrors on
his Odroid-C2 system. We definitely do not want to regress just yet,
so let's not expose the HII protocols by default.

Instead, let's make it a config option that people can play with
This way, we can stabilize the code in tree without breaking any
users.

Once someone figures out, why this breaks iPXE (probably a NULL
dereference), we can enable it by default.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

  - Remove HII selftest as well

v2 -> v3:

  - Make config option
2019-02-13 09:40:06 +01:00
Heinrich Schuchardt
dba5148049 efi_loader: GetNextVariableName() relies on REGEX
Our implementation of GetNextVariableName() relies on
CONFIG_REGEX=y. So EFI_LOADER has to select it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2019-02-13 09:40:06 +01:00
Simon Glass
a46714ffc3 efi: sandbox: Enable EFI loader build for sandbox
This allows this feature to build within sandbox. This is useful for
testing.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-09-23 21:55:30 +02:00
Heinrich Schuchardt
b5130a8125 lib: charset: upper/lower case conversion
Provide functions for upper and lower case conversion.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-09-23 21:55:29 +02:00
Mark Kettenis
c726913a98 Revert "efi_loader: no support for ARMV7_NONSEC=y"
This reverts commit c524997acb.

Booting ARMv7 in non-secure mode using bootefi works now.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-07-25 14:57:43 +02:00
Heinrich Schuchardt
503e04fab8 efi_loader: if EFI_LOADER is enabled, enable CFB_CONSOLE_ANSI
EFI applications like GRUB issue ANSI sequences for setting colors
and for positioning. So if the EFI subsystem is enabled, we should
also enable ANSI control sequences by default.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-06-03 15:27:20 +02:00
Rick Chen
6836adbe75 efi_loader: Enable RISC-V support
We have almost all pieces needed to support RISC-V UEFI binaries in place already.
The only missing piece are ELF relocations for runtime code and
data.

This patch adds respective support in the linker script and the runtime
relocation code. It also allows users to enable the EFI_LOADER configuration
switch on RISC-V platforms.

Signed-off-by: Alexander Graf <agraf@suse.de>
2018-05-29 14:43:12 +08:00
Heinrich Schuchardt
c524997acb efi_loader: no support for ARMV7_NONSEC=y
We do not support bootefi booting ARMv7 in non-secure mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-04-23 21:34:28 +02:00
Adam Ford
1811a928c6 Move most CONFIG_HAVE_BLOCK_DEVICE to Kconfig
config_fallbacks.h has some logic that sets HAVE_BLOCK_DEVICE
based on a list of enabled options.  Moving HAVE_BLOCK_DEVICE to
Kconfig allows us to drastically shrink the logic in
config_fallbacks.h

Signed-off-by: Adam Ford <aford173@gmail.com>
[trini: Rename HAVE_BLOCK_DEVICE to CONFIG_BLOCK_DEVICE]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-02-08 19:09:03 -05:00
Adam Ford
a451bc27c9 Convert LIB_UUID to Kconfig
config_fallback.h has some logic that checks a variety of options
and selects LIB_UUID if it hasn't already been selected.  This
will all LIB_UUID in Kconfig and select this option for the list
of options to allow us to remove the logic from fallbacks

Signed-off-by: Adam Ford <aford173@gmail.com>
2018-02-08 19:08:39 -05:00
Alexander Graf
6698bb343f efi: Conflict efi_loader with different stub bitness
We have 2 users of the EFI headers: efi_loader and the EFI stub. Efi_loader
always expects that the bitness of the definitions it uses is identical to
the execution.

The EFI stub however allows to run x86_64 U-Boot on 32bit EFI and the other
way around, so it allows for different bitness of EFI definitions and U-Boot
environment.

This patch explicitly requests via Kconfig that efi_loader can only be enabled
if the bitness is identical. Because we can run efi_loader on x86_64 without
EFI stub enabled, it also ensures that this case propagates the correct ABI
constraints.

Signed-off-by: Alexander Graf <agraf@suse.de>
2018-01-28 21:37:13 +01:00
Simon Glass
58ad86288f x86: Enable EFI loader support
Enable this so that EFI applications (notably grub) can be run under U-Boot
on x86 platforms.

At present the 'hello world' EFI application is not supported for the
qemu-x86_efi_payload64 board. That board builds a payload consisting of a
64-bit header and a 32-bit U-Boot, which is incompatible with the way the
EFI loader builds its EFI application. The following error is obtained:

x86_64-linux-ld.bfd: i386 architecture of input file
   `lib/efi_loader/helloworld.o' is incompatible with i386:x86-64 output

This could be corrected with additional Makefile rules. For now, this
feature is disabled for that board.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[agraf: drop hello kconfig bits]
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-11-14 23:24:04 +01:00
Masahiro Yamada
456ca6ba04 efi_loader: fix depends on line of EFI_LOADER
This line is shown as

   depends on (ARM64 ||\302\240ARM) && OF_LIBFDT

on my Emacs.  Use ASCII characters only.

Assuming it is (ARM64 || ARM), remove the redundancy.
Unlike Linux, CONFIG_ARM includes CONFIG_ARM64 in U-Boot.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-11-14 23:24:02 +01:00
Alexander Graf
51735ae0ea efi_loader: Add bounce buffer support
Some hardware that is supported by U-Boot can not handle DMA above 32bits.
For these systems, we need to come up with a way to expose the disk interface
in a safe way.

This patch implements EFI specific bounce buffers. For non-EFI cases, this
apparently was no issue so far, since we can just define our environment
variables conveniently.

Signed-off-by: Alexander Graf <agraf@suse.de>
2016-05-27 15:39:48 -04:00
Alexander Graf
ed980b8c62 efi_loader: hook up in build environment
Now that we have all the bits and pieces ready for EFI payload loading
support, hook them up in Makefiles and KConfigs so that we can build.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
[trini: Enable only when we of OF_LIBFDT, disable on kwb and colibri_pxa270]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-15 21:30:11 -04:00