Commit graph

2889 commits

Author SHA1 Message Date
Kunihiko Hayashi
534f0fbd65 arm64: Fix relocation of env_addr if POSITION_INDEPENDENT=y
If both POSITION_INDEPENDENT and SYS_RELOC_GD_ENV_ADDR are enabled,
wherever original env is placed anywhere, it should be relocated to
the right address.

Relocation offset gd->reloc_off is calculated with SYS_TEXT_BASE in
setup_reloc() and env address gd->env_addr is relocated by the offset in
initr_reloc_global_data().

gd->env_addr
  = (orig env) + gd->reloc_off
  = (orig env) + (gd->relocaddr - SYS_TEXT_BASE)

However, SYS_TEXT_BASE isn't always runtime base address when
POSITION_INDEPENDENT is enabled. So the relocated env_addr might point to
wrong address. For example, if SYS_TEXT_BASE is zero, gd->env_addr is
out of memory location and memory exception will occur.

There is a difference between linked address such as SYS_TEXT_BASE and
runtime base address. In _main, the difference is calculated as
"run-vs-link" offset. The env_addr should also be added to the offset
to fix the address.

gd->env_addr
  = (orig env) + ("run-vs-link" offset)   + gd->reloc_off
  = (orig env) + (SYS_TEXT_BASE - _start) + (gd->relocaddr - SYS_TEXT_BASE)
  = (orig env) + (gd->relocaddr - _start)

Cc: Marek Vasut <marex@denx.de>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Marek Vasut <marex@denx.de>
Tested-by: Marek Vasut <marex@denx.de>
2021-06-28 14:47:10 -04:00
Ilias Apalodimas
70e80666f2 smbios: Fix SMBIOS tables
Commit e4f8e543f1a9("smbios: Drop the unused Kconfig options")
break SMBIOS tables.  The reason is that the patch drops the Kconfig
options *after* removing the code using them,  but that changes the semantics
of the code completely.  Prior to the change a non NULL value was used in
the 'product' and 'manufacturer ' fields.

Chapter 6.2 of the DMTF spec requires Manufacturer and Product Name to be
non-null on some of the tables. So let's add sane defaults for Type1/2/3.

* Before the patchset:

<snip>
Handle 0x0002, DMI type 2, 14 bytes
Base Board Information
        Manufacturer: Not Specified
        Product Name: Not Specified
        Version: Not Specified
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Features:
                Board is a hosting board
        Location In Chassis: Not Specified
        Chassis Handle: 0x0000
        Type: Motherboard

Invalid entry length (0). DMI table is broken! Stop.

* After the patchset:

<snip>
Handle 0x0005, DMI type 32, 11 bytes
System Boot Information
        Status: No errors detected

Handle 0x0006, DMI type 127, 4 bytes
End Of Table

Fixes: e4f8e543f1 ("smbios: Drop the unused Kconfig options")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-06-28 19:57:13 +02:00
Ilias Apalodimas
ff192304b6 smbios: Fix BIOS Characteristics Extension Byte 2
We currently define the EFI support of an SMBIOS table as the third bit of
"BIOS Characteristics Extension Byte 1". The latest DMTF spec defines it
on "BIOS Characteristics Extension Byte 2".

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Remove superfluous assignment.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-28 19:57:13 +02:00
Heinrich Schuchardt
8c6532d7c4 smbios: convert function descriptions to Sphinx style
Use 'Return:' instead of '@return:'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-28 19:57:13 +02:00
Heinrich Schuchardt
7891fe675d efi_loader: TPL_HIGH_LEVEL not allowed for CreateEvent
According to chapter 7.1 "Event, Timer, and Task Priority Services"
TPL_HIGH_LEVEL should not be exposed to applications and drivers.

According to the discussion with EDK II contributors this implies that
CreateEvent() shall not allow to create events with TPL_HIGH_LEVEL.

Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
2021-06-28 19:57:13 +02:00
Tero Kristo
7d0f3fbb93 lib: rational: copy the rational fraction lib routines from Linux
Copy the best rational approximation calculation routines from Linux.
Typical usecase for these routines is to calculate the M/N divider
values for PLLs to reach a specific clock rate.

This is based on linux kernel commit:
"lib/math/rational.c: fix possible incorrect result from rational
fractions helper"
(sha1: 323dd2c3ed0641f49e89b4e420f9eef5d3d5a881)

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Heinrich Schuchardt
b95e5edc42 efi_loader: fix Sphinx warning
Brackets '[' need to be escaped to avoid a build warning

    lib/efi_loader/efi_image_loader.c:223:
    WARNING: Inline strong start-string without end-string.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-06-09 12:35:01 +02:00
Heinrich Schuchardt
e27b0ff1b7 efi_loader: efi_capsule_delete_file() NULL dereference
If opening a file fails, the file handle pointer is not valid and must not
be dereferenced.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-09 00:16:39 +02:00
Heinrich Schuchardt
3dca77b1dc efi_loader: partition numbers are hexadecimal
If we want to address partition 15 of virtio block device 11, we have to
write:

	virtio b:f

When calling sprintf() we must use %x for the device and partition numbers.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-09 00:16:39 +02:00
Simon Glass
0cceb99ac5 display_options: Split print_buffer() into two functions
At present print_buffer() outputs a hex dump but it is not possible to
place this dump in a string. Refactor it into a top-level function which
does the printing and a utility function that dumps a line into a string.
This makes the code more generally useful.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
735dd6ef89 hexdump: Allow ctrl-c to interrupt output
If a long hexdump is initated the user may wish to interrupt it. Add
support for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
5d6d2b8838 hexdump: Support any rowsize
At present print_hex_dump() only supports either 16- or 32-byte lines.
With U-Boot we want to support any line length up to a maximum of 64.
Update the function to support this, with 0 defaulting to 16, as with
print_buffer().

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
19edf139e9 hexdump: Add support for sandbox
The current implementation outputs an address as a pointer. Update the
code to use an address instead, respecting the 32/64 nature of the CPU.

Add some initial tests copied from print_test_display_buffer(), just the
ones that can pass with the current implementation.

Note that for this case print_hex_dump() and print_bufffer() produce the
same result. For now the tests are duplicated sine we have separate
functions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
2f410fe557 hexdump: Move API to header file
Move the comments to the header file so people can find the function info
without digging in the implementation. Fix up the code style and add an
enum for the first arg.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
c7b16d830e display_options: Drop two spaces before the ASCII column
At present with print_buffer() U-Boot shows four spaces between the hex
and ASCII data. Two seems enough and matches print_hex_dump(). Change it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Patrick Delaunay
358c7789af lmb: add lmb_dump_region() function
Add lmb_dump_region() function, to simplify lmb_dump_all_force().
This patch is based on Linux memblock dump function.

An example of bdinfo output is:

.....
fdt_size    = 0x000146a0
FB base     = 0xfdd00000
lmb_dump_all:
 memory.cnt  = 0x1
 memory[0]	[0xc0000000-0xffffffff], 0x40000000 bytes flags: 0
 reserved.cnt  = 0x6
 reserved[0]	[0x10000000-0x10045fff], 0x00046000 bytes flags: 4
 reserved[1]	[0x30000000-0x3003ffff], 0x00040000 bytes flags: 4
 reserved[2]	[0x38000000-0x3800ffff], 0x00010000 bytes flags: 4
 reserved[3]	[0xe8000000-0xefffffff], 0x08000000 bytes flags: 4
 reserved[4]	[0xfbaea344-0xfdffffff], 0x02515cbc bytes flags: 0
 reserved[5]	[0xfe000000-0xffffffff], 0x02000000 bytes flags: 4
arch_number = 0x00000000
TLB addr    = 0xfdff0000
....

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-06-07 10:48:40 -04:00
Patrick Delaunay
e359a4a5c1 lmb: add lmb_is_reserved_flags
Add a new function lmb_is_reserved_flags to check if
an address is reserved with a specific flags.

This function can be used to check if an address was
reserved with no-map flags with:

lmb_is_reserved_flags(lmb, addr, LMB_NOMAP);

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-06-07 10:48:40 -04:00
Patrick Delaunay
59c0ea5df3 lmb: Add support of flags for no-map properties
Add "flags" in lmb_property to save the "no-map" property of
reserved region and a new function lmb_reserve_flags() to check
this flag.

The default allocation use flags = LMB_NONE.

The adjacent reserved memory region are merged only when they have
the same flags value.

This patch is partially based on flags support done in Linux kernel
mm/memblock .c (previously lmb.c); it is why LMB_NOMAP = 0x4, it is
aligned with MEMBLOCK_NOMAP value.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-06-07 10:48:40 -04:00
Sean Anderson
89be8e31cc fastboot: Fix overflow when calculating chunk size
If a chunk was larger than 4GiB, then chunk_data_sz would overflow and
blkcnt would not be calculated correctly. Upgrade it to a u64 and cast
its multiplicands as well. Also fix bytes_written while we're at it.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-06-01 16:48:54 -04:00
Masahisa Kojima
163a0d7e2c efi_loader: add PE/COFF image measurement
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-28 16:17:01 +02:00
Alexandru Gagniuc
464010b0be efi_loader: Work-around build issue due to missing hash_calculate()
The hash_calculate() symbol is provided by hash-checksum.c. It depends
on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y.

The issue is that hash_calculate() is used by the efi_loader,
irregardless of CONFIG_FIT_SIGNATURE. As pointed out in
commit 87316da05f ("lib: introduce HASH_CALCULATE option"),
enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect.

To resolve this, use CONFIG_HASH as the compile switch for
hash-checksum.c. This ensures that all dependencies are compiled, and
is the most natural Kconfig to use.

There is the issue of having to 'select HASH' in a couple of places
that already 'select SHA256'. This is a deeper problem with how hashes
are organized, and fixing it is beyonf the scope of this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-05-28 16:17:01 +02:00
Alexandru Gagniuc
ec0512b173 Revert "lib: introduce HASH_CALCULATE option"
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.

The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:

It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.

It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.

This reverts commit 87316da05f.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-05-28 16:17:01 +02:00
Ilias Apalodimas
38de680e58 efi_loader: Fix coverity warnings for efi tcg2 protocol
Coverity reported 3 warnings on the current code.
CID 331856, 331855, 331854 on the latest scan.

Fix the rest of the warnings by initializing the variables before
passing them to tpm2_get_pcr_info().
In order to avoid future warnings and errors initialize them to 0 within
the function as well, since the values are always OR'ed after querying the
hardware.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-28 16:17:01 +02:00
Ilias Apalodimas
1f6871df40 efi_loader: Fix -Wextra warning for EFI TCG2
Compiling with -Wextra produces a number of (harmless) warnings for the EFI
TCG2 protocol.  Let's fix those in case we ever enable the flag on the EFI
subsystem

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-25 14:33:22 +02:00
Heinrich Schuchardt
9a6b33bef2 efi_loader: path length in efi_dp_from_name()
Before this patch efi_dp_from_name() only accommodated a maximum file path
length of 31 characters. This leads to boot failures due to file name
truncation.

Allow arbitrary path lengths.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-25 13:06:57 +02:00
Masahisa Kojima
f6081a8a1e efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-25 13:06:57 +02:00
Heinrich Schuchardt
6754e24b54 efi_loader: remove weak efi_get_public_key_data()
Configuring a system with CONFIG_EFI_CAPSULE_AUTHENTICATE=y but without a
method to retrieve the public key data is a misconfiguration. We should get
a build failure for it. Therefore remove the weak efi_get_public_key_data()
implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-25 13:06:57 +02:00
Marek Behún
be1e77f286 sandbox: errno: avoid conflict with libc's errno
When building with LTO, the system libc's `errno` variable used in
arch/sandbox/cpu/os.c conflicts with U-Boot's `errno` (defined in
lib/errno.c) with the following error:
 .../ld: errno@@GLIBC_PRIVATE: TLS definition in /lib64/libc.so.6
         section .tbss mismatches non-TLS reference in
	 /tmp/u-boot.EQlEXz.ltrans0.ltrans.o

To avoid this conflict use different asm label for this variable when
CONFIG_SANDBOX is enabled.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-24 14:21:30 -04:00
Marek Behún
98e55f97af lib: crc32: put the crc_table variable into efi_runtime_rodata section
When compiling with LTO, the compiler fails with an error saying that
`crc_table` causes a section type conflict with `efi_var_buf`.

This is because both are declared to be in the same section (via macro
`__efi_runtime_data`), but one is const while the other is not.

Put this variable into the section .rodata.efi_runtime, instead of
.data.efi_runtime, via macro __efi_runtime_rodata.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Heinrich Schuchardt <xypron.gpk@gmx.de>
2021-05-24 14:21:30 -04:00
Marek Behún
ead698acbc efi_selftest: compiler flags for efi_selftest_miniapp_exception.o
Add $(CFLAGS_EFI) and remove $(CFLAGS_NON_EFI) for
efi_selftest_miniapp_exception.o.

The removal is needed when compiling with LTO - this object file needs
to be compiled without -flto.

The adding is for consistency with other miniapps.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-24 14:21:30 -04:00
Marek Behún
46c3e29219 string: make memcpy(), memset(), memcmp() and memmove() visible for LTO
It seems that sometimes (happening on ARM64, for example with
turris_mox_defconfig) GCC, when linking with LTO, changes the symbol
names of some functions, for example lib/string.c's memcpy() function to
memcpy.isra.0.

This is a problem however when GCC for a code such as this:
	struct some_struct *info = get_some_struct();
	struct some struct tmpinfo;
	tmpinfo = *info;
emits a call to memcpy() by builtin behaviour, to copy *info to tmpinfo.

This then results in the following linking error:
  .../lz4.c:93: undefined reference to `memcpy'
  .../uuid.c:206: more undefined references to `memcpy' follow

GCC's documentation says this about -nodefaultlibs option:
  The compiler may generate calls to "memcmp", "memset", "memcpy" and
  "memmove".  These entries are usually resolved by entries in libc.
  These entry points should be supplied through some other mechanism
  when this option is specified.

Make these functions visible by using the __used macro to avoid this
error.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-24 14:21:30 -04:00
Marek Behún
236f2ec432 treewide: Convert macro and uses of __section(foo) to __section("foo")
This commit does the same thing as Linux commit 33def8498fdd.

Use a more generic form for __section that requires quotes to avoid
complications with clang and gcc differences.

Remove the quote operator # from compiler_attributes.h __section macro.

Convert all unquoted __section(foo) uses to quoted __section("foo").
Also convert __attribute__((section("foo"))) uses to __section("foo")
even if the __attribute__ has multiple list entry forms.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-24 14:21:30 -04:00
Bin Meng
1621d3c434 lib: kconfig: Limit BINMAN_FDT for OF_SEPARATE or OF_EMBED
Generally speaking BINMAN_FDT makes sense for OF_SEPARATE or OF_EMBED.
For the other OF_CONTROL methods, it's quite possible binman node is
not available as binman is invoked during the build phase instead of
runtime. Let's only turn it on for OF_SEPARATE or OF_EMBED by default.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-19 17:01:50 +08:00
Masahisa Kojima
87316da05f lib: introduce HASH_CALCULATE option
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
48ee084602 efi_loader: Fix Kconfig for EFI_TCG2 protocol
EFI_TCG2 depends not only on TPMv2 but also on the underlying algorithms.
So select the missing SHA1, SHA256, SHA384 and SHA512 we currently support

Reported-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Add 'default y'.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
2052759a5e efi_loader: Don't stop EFI subsystem init if installing TCG2 fails
Up to now we are stopping the EFI subsystem if a TPMv2 exists but the
protocol fails to install.  Now that we've switched the config to 'default
y' the sandbox TPM fails, since it doesn't support all the required
capabilities of the protocol.

Not installing the protocol is not catastrophic.  If the protocol fails
to install the PCRs will never be extended to the expected values, so
some other entity later in the boot flow will eventually figure it out
and take the necessary actions.

While at it fix a corner case were the user can see an invalid error
message when the protocol failed to install.  We do have a tcg2_uninit()
which we call when the protocol installation fails.  There are cases though
that this might be called before the configuration table is installed (e.g
probing the TPM for capabilities failed).  In that case the user will see
"Failed to delete final events config table".  So stop printing it since it's
not an actual failure , simply because the config table was never installed
in the first place.

In order to stop printing it make efi_init_event_log() and create_final_event()
cleanup themselves and only call tcg2_uninit() when the protocol installation
fails.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
97f446a8ff efi_loader: Uninstall the TCG2 protocol if logging s-crtm fails
Instead of just failing, clean up the installed config table and
EventLog memory if logging an s-crtm event fails during the protocol
installation

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Eliminate label 'out:' by using return.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
b76edf6b07 efi_loader: Clean up tcg2 once in case of failure
efi_init_event_log() calls tcg2_uninit() in case of failure.
We can skip that since the function is called on efi_tcg2_register()
which also cleans up if an error occurs

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Peng Fan
bc3f465181 efi_loader: loosen buffer parameter check in efi_file_read_int
This is same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1733817,
but that fix was wrongly partial reverted.

When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
EFI_FILE_PROTOCOL.Read() with *buffer_size=0 and buffer=NULL to
obtain the needed size before doing the actual read.

So remove the check only for directory reading, file reading already
do the check by itself.

Fixes: db12f518edb0("efi_loader: implement non-blocking file services")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Stefan Sørensen <stefan.sorensen@spectralink.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Sughosh Ganu
6a2e26b95f efi_loader: capsule: Remove the check for capsule_authentication_enabled environment variable
The current capsule authentication code checks if the environment
variable capsule_authentication_enabled is set, for authenticating the
capsule. This is in addition to the check for the config symbol
CONFIG_EFI_CAPSULE_AUTHENTICATE. Remove the check for the environment
variable. The capsule will now be authenticated if the config symbol
is set.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Heinrich Schuchardt
e2ae483c3b hash: Kconfig option for SHA512 hardware acceleration
Commit a479f103dc ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-18 12:36:12 +02:00
Heinrich Schuchardt
700f68c354 efi_loader: build warning in efi_tcg2_hash_log_extend_event
Building 32bit boards with the TCG2 protocol enabled leads to a build
warning due to a missing conversion.

    lib/efi_loader/efi_tcg2.c:774:27:
    error: cast to pointer from integer of different size
    [-Werror=int-to-pointer-cast]
    774 |  ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
        |                           ^

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-18 12:36:12 +02:00
Patrick Delaunay
feb7ac457c dm: core: Add address translation in fdt_get_resource
Today of_address_to_resource() is called only in
ofnode_read_resource() for livetree support and
fdt_get_resource() is called when livetree is not supported.

The fdt_get_resource() doesn't do the address translation
so when it is required, but the address translation is done
by ofnode_read_resource() caller, for example in
drivers/firmware/scmi/smt.c::scmi_dt_get_smt_buffer() {
...
	ret = ofnode_read_resource(args.node, 0, &resource);
	if (ret)
		return ret;

	faddr = cpu_to_fdt32(resource.start);
	paddr = ofnode_translate_address(args.node, &faddr);
...

The both behavior should be aligned and the address translation
must be called in fdt_get_resource() and removed for each caller.

Fixes: a44810123f ("dm: core: Add dev_read_resource() to read device resources")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-04-29 03:23:39 -07:00
AKASHI Takahiro
2c1a684049 efi_loader: capsule: return a correct error code at find_boot_device()
In case of failure at efi_get_variable_int("BootOrder"), we should
skip examining boot option variables and return an appropriate error
code which is the one the function returned.

Fixes: CID 331153 Code maintainability issues  (UNUSED_VALUE)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Jose Marinho
3627cf4bff efi: Fix ESRT refresh after Capsule update
Indicated by Coverity Scan CID 331147

The ESRT was being refreshed in situations where the UpdateCapsule
procedure failed. In that scenario:

1) the ESRT refresh was superfluous.
2) a failed ESRT refresh return code overwrites the UpdateCapsule error
return code.

This commit ensures that the ESRT is only refreshed when the
UpdateCapsule performs successfully.

CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Tom Rini <trini@konsulko.com>
CC: Andre Przywara <andre.przywara@arm.com>
CC: nd@arm.com

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Ilias Apalodimas
6fe8b4a39d efi_loader: simplify tcg2_create_digest()
Bumping the digest list count, for all supported algorithms,  can be
calculated outside of the individual switch statements.  So let's do that
for every loop iteration instead and simplify the code a bit.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Heinrich Schuchardt
a07ee3c198 efi_loader: missing include in efi_string.c
To avoid diverging function definitions we need to include efi_loader.h.

Fixes: fe179d7fb5 ("efi_loader: Add size checks to efi_create_indexed_name()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Patrick Delaunay
6d66502bc7 lmb: Add 2 config to define the max number of regions
Add 2 configs CONFIG_LMB_MEMORY_REGIONS and CONFIG_LMB_RESERVED_REGIONS
to change independently the max number of the regions in lmb
library.

When CONFIG_LMB_USE_MAX_REGIONS=y, move the lmb property arrays to
struct lmb and manage the array size with the element 'max' of struct
lmb_region; their are still allocated in stack.

When CONFIG_LMB_USE_MAX_REGIONS=n, keep the current location in
struct lmb_region to allow compiler optimization.

Increase CONFIG_LMB_RESERVED_REGIONS is useful to avoid lmb errors in
bootm when the number of reserved regions (not adjacent) is reached:
+ 1 region for relocated U-Boot
+ 1 region for initrd
+ 1 region for relocated linux device tree
+ reserved memory regions present in Linux device tree.

The current limit of 8 regions is reached with only 5 reserved regions
in DT.

see Linux kernel commit bf23c51f1f49 ("memblock: Move memblock arrays
to static storage in memblock.c and make their size a variable")

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
4fa0150d6c lmb: move MAX_LMB_REGIONS value in Kconfig
Move MAX_LMB_REGIONS value in Kconfig, the max number of the regions
in lmb library.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
00fd8dad4d lmb: add a max parameter in the struct lmb_region
Add a max parameter in lmb_region struct to handle test
in lmb_add_region without using the MAX_LMB_REGIONS
define.

This patch allows to modify these size independently for
memory of reserved regions in the next patches.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
8f167da9c5 lmb: remove lmb_region.size
Remove the unused field size of struct lmb_region as it is initialized to 0
and never used after in lmb library.

See Linux kernel commit 4734b594c6ca ("memblock: Remove memblock_type.size
and add memblock.memory_size instead")

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
77b8cfef53 lmb: move CONFIG_LMB in Kconfig
Migrate CONFIG_LMB in Kconfig.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Karl Beldan
227c53de87 lz4: Fix unaligned accesses
Signed-off-by: Karl Beldan <karl.beldan+oss@gmail.com>
2021-04-20 07:31:12 -04:00
Masahisa Kojima
b1a7a5e0b8 efi_loader: fix possible buffer overflow
Variable "final" will have SHA512 digest, but currently
the array size is not sufficient. Let's fix it.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:32 +02:00
Heinrich Schuchardt
e8287b0fb2 efi_loader: memory leak in efi_capsule_scan_dir()
If realloc() fails, we should free the old buffer.

Fixes: c74cd8bd08: ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:32 +02:00
Sughosh Ganu
7d823747c6 efi_loader: esrt: Remove incorrect invocations of EFI_CALL macro
Remove function invocations using the EFI_CALL macro for those
functions that do not have an EFI_ENTRY call in their definition. Such
functions can use u-boot api's which rely on u-boot global data(gd)
pointer. The Arm and RiscV architectures maintain a separate gd
pointer, one for u-boot, and a separate gd for the efi application.

Calling a function through the EFI_CALL macro changes the gd pointer
to that used for the efi application, with u-boot gd being
unavailable. Any function then trying to dereference u-boot's gd will
result in an abort.

Fix this issue by removing the EFI_CALL macro for all of such
functions which do not begin by an EFI_ENTRY function call.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:31 +02:00
Chan, Donald
fbc777429f lib/rsa: Use EVP_PKEY instead of RSA
Most modern OpenSSL engines have methods overridden at the EVP level rather
than at RSA level, to make these engines work properly with mkimage, the RSA
signing code needs to switch to using EVP_* APIs as much as possible.

Signed-off-by: Donald Chan <hoiho@lab126.com>
[trini: Rebase on top of keyfile changes]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-14 17:45:04 -04:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
824ee745fb lib/rsa: Use the 'keyfile' argument from mkimage
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the RSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
4c17e5f691 lib/rsa: Make fdt_add_bignum() available outside of RSA code
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Sean Anderson
9af869c414 lib: string: Implement strlcat
This introduces strlcat, which provides a safer interface than strncat. It
never copies more than its size bytes, including the terminating nul. In
addition, it never reads past dest[size - 1], even if dest is not
nul-terminated.

This also removes the stub for dwc3 now that we have a proper
implementation.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Sean Anderson
d3358ecc54 lib: string: Fix strlcpy return value
strlcpy should always return the number of bytes copied. We were
accidentally missing the nul-terminator. We also always used to return a
non-zero value, even if we did not actually copy anything.

Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer")

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:44:55 -04:00
Joel Stanley
a479f103dc hash: Allow for SHA512 hardware implementations
Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting  CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-04-12 17:17:11 -04:00
Patrick Delaunay
a2535243e0 lib: optee: migration optee_copy_fdt_nodes for OF_LIVE support
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.

This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".

The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 14:25:31 -04:00
Ilias Apalodimas
f8cd72d1ac efi_loader: Change ptr arithmetics tcg eventlog buffer
Although ptr arithmetics are allowed with extensions in gcc, they
are not allowed by the C spec. So switch to (void *)(uintptr_t) instead

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-10 12:00:24 +02:00
Heinrich Schuchardt
8c4488677f efi_loader: esrt: wrong type for LocateHandleBuffer()
efi_locate_handle_buffer() expects no_handles to be of type efi_uintn_t *.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Heinrich Schuchardt
7631c9d0a4 efi_loader: use correct printf codes
For printing u32 use %u not %d.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Sughosh Ganu
5c3de47caa efi_loader: efi_esrt: Fix the build warning for 32 bit systems
Fix the build warning when building for 32 bit systems by using the
length modifier for size_t.

lib/efi_loader/efi_esrt.c: In function ‘efi_esrt_populate’:
include/efi_loader.h:126:8: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 8 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Sughosh Ganu
dd40cf6f1f efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule authentication is enabled
Enable building of the crypto helper functions used during capsule
authentication by selecting IMAGE_SIGN_INFO.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Ilias Apalodimas
f4dc1bc9f0 efi_loader: Cleanup get_var duplication
get_var() is defined statically in efi_bootmgr.c and doesn't properly
check a buffer allocation.  Remove it completely and use the exported
function from efi_var_common.c that does the same thing

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Tom Rini
90eba245a6 Merge branch 'next' 2021-04-05 11:29:57 -04:00
Heinrich Schuchardt
d084f20233 efi_loader: typo 'devide path'
Fix a typo in helloworld.efi.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-31 06:34:33 +00:00
Heinrich Schuchardt
0809cd5f93 efi_loader: Uart device path missing break
In the devicepath node to text conversion for Uart nodes a break statement
is missing.

Indicated by Coverity Scan CID 330038
Fixes: 62df6e9c99 ("efi_loader: Uart device path")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-31 06:22:22 +00:00
Simon Glass
f2c1442e96 bloblist: Make BLOBLIST_TABLES depend on BLOBLIST
Add an extra condition here since we cannot put x86 tables in a bloblist
when bloblists are not supported.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
dc2886b039 binman: Show a message when changing subnodes
This change seems important enough to warrant a visible message. Change
the log_debug() to log_info().

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
272e62cb83 smbios: Allow writing to the coreboot version string
When U-Boot is booted from coreboot the SMBIOS tables are written by
coreboot, not U-Boot. The existing method of updating the BIOS version
string does not work in that case, since gd->smbios_version is only set
when U-Boot writes the tables.

Add a new function which allows the version to be updated by parsing the
tables and writing the string in the correct place. Since coreboot
provides a pointer to the SMBIOS tables in its sysinfo structure, this
makes it easy to do the update.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 13:59:37 +13:00
Ilias Apalodimas
ac30aad210 efi_loader: Clean up file size calculations
We recently added a common function for calculating file size,
instead of copy pasting the code around.  Switch one of the
occurences over to the common function

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 21:03:51 +01:00
Heinrich Schuchardt
5e21958c02 efi_selfest: redefine enum efi_test_phase
Setup will always occur before ExitBootServices(). So eliminate
EFI_SETUP_AFTER_BOOTTIME_EXIT. Put the SetVirtualAddressMap() test into a
separate class so that we can execute it last.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:54:12 +01:00
Ilias Apalodimas
f69a2016b6 efi_loader: Add an S-CRTM even for firmware version
TCG PC Client Platform Firmware Profile Spec mandates that an S-CRTM
event for the version identifier using the event type EV_S_CRTM_VERSION
must be measured.

So since we are trying to add more conformance into U-Boot, let's add
the event using U_BOOT_VERSION_STRING, extend PCR[0] accordingly and log
it in the EventLog

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:45:44 +01:00
Ilias Apalodimas
d8cf113fe5 efi_loader: EFI TCG2 free efi memory on protocol failure
Current code doesn't free the efi allocated memory in case the protocol
failed to install

Fixes: c8d0fd5825 ("efi_loader: Introduce eventlog support for TCG2_PROTOCOL")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:45:41 +01:00
Jose Marinho
4ac6041c3c efi: ESRT creation tests
This commmit exercises the ESRT creation in a EFI selftest.

 A fake FMP, with TEST_ESRT_NUM_ENTRIES FW images, is installed in the
 system leading to the corresponding ESRT entries being populated.
 The ESRT entries are checked against the datastructure used to
 initialize the FMP.

Invocation from the sandbox platform:
add to sandbox_defconfig:
  +CONFIG_CMD_BOOTEFI_SELFTEST=y

 make sandbox_capsule_defconfig all
 ./u-boot -d arch/sandbox/dts/test.dtb
 bootefi selftest

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:19:42 +01:00
Jose Marinho
64a8aae15c efi: Add ESRT to the EFI system table
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().

The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.

The code ensures that every ESRT entry has a unique fw_class value.

Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:19:19 +01:00
Ilias Apalodimas
53f6a5aa86 efi_loader: Replace config option for initrd loading
Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.

This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.

So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:

"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"

When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.

This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:14:26 +01:00
Ilias Apalodimas
37c3ca5c0b efi_loader: Add helper functions for EFI
A following patch introduces a different logic for loading initrd's
based on the EFI_LOAD_FILE2_PROTOCOL.
Since similar logic can be applied in the future for other system files
(i.e DTBs), let's add some helper functions which will retrieve and
parse file paths stored in EFI variables.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:14:25 +01:00
Ilias Apalodimas
76e8acce12 efi_loader: Add device path related functions for initrd via Boot####
On the following patches we allow for an initrd path to be stored in
Boot#### variables.  Specifically we encode in the FIlePathList[] of
the EFI_LOAD_OPTIONS for each Boot#### variable.

The FilePathList[] array looks like this:
kernel - 0xff - VenMedia(initrd GUID) - initrd1 - 0x01 initrd2 - 0xff
So let's add the relevant functions to concatenate and retrieve a device
path based on a Vendor GUID.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reformat function descriptions.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:14:25 +01:00
Heinrich Schuchardt
f027222ad8 efi_loader: Uart device path
When uploading an EFI binary via the UART we need to assign a device path.

* Provide devicepath node to text conversion for Uart() node.
* Provide function to create Uart() device path.
* Add UART support to efi_dp_from_name().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:09:17 +01:00
Heinrich Schuchardt
134d3387e1 efi_loader: NULL dereference in EFI console
Even if CONFIG_DM_VIDEO=y and stdout="vidconsole", a video device may not
be available. Check the return values of the relevant functions.

If no video output device is available, assume that the serial console is
in use.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:08:57 +01:00
Simon Glass
df7d89a6fc efi: Fix compiler warnings
This occur when building on Raspberry Pi 400 (32-bit ARM). Fix them.

Examples:

cmd/efidebug.c: In function ‘do_efi_capsule_update’:
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:9: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
         ^~~
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:19: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
                   ^~~

In file included from include/common.h:20,
                 from lib/efi_loader/efi_capsule.c:9:
lib/efi_loader/efi_capsule.c: In function ‘efi_update_capsule’:
include/efi_loader.h:83:8: warning: format ‘%lu’ expects argument of type
	‘long unsigned int’, but argument 10 has type ‘size_t’
	{aka ‘unsigned int’} [-Wformat=]
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
        ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:37:21: note: in definition of macro ‘pr_fmt’
 #define pr_fmt(fmt) fmt
                     ^~~
include/log.h:229:2: note: in expansion of macro ‘log’
  log(LOG_CATEGORY, LOGL_DEBUG, fmt, ##args); \
  ^~~
include/log.h:249:2: note: in expansion of macro ‘debug_cond’
  debug_cond(_DEBUG, fmt, ##args)
  ^~~~~~~~~~
include/efi_loader.h:83:2: note: in expansion of macro ‘debug’
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
  ^~~~~
lib/efi_loader/efi_capsule.c:444:2: note: in expansion of macro ‘EFI_ENTRY’
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
  ^~~~~~~~~
lib/efi_loader/efi_capsule.c:444:19: note: format string is defined here
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
                 ~~^
                 %u

Signed-off-by: Simon Glass <sjg@chromium.org>
Replace (uintptr_t)NULL by 0.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:08:41 +01:00
Ilias Apalodimas
6f90899120 efi_selftest: Remove loadfile2 for initrd selftests
We are redefining how u-boot locates the initrd to load via the kernel
LoadFile2 protocol.  This selftest is not relevant any more, so remove
it. A new one will be added later

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:08:02 +01:00
Heinrich Schuchardt
a81978efe3 efi_selftest: illegal cast to pointer in initrddump
On 32bit systems u64 cannot directly be cast to void *.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:07:36 +01:00
Mark Kettenis
073e5db672 efi_loader: fix memory type for memory reservation block
The (yet unreleased version of the) devicetree specification clearly
states that:

  As with the /reserved-memory node, when booting via UEFI
  entries in the Memory Reservation Block must also be listed
  in the system memory map obtained via the GetMemoryMap() toi
  protect against allocations by UEFI applications. The memory
  reservation block entries should be listed with type
  EfiReservedMemoryType.

This restores the behaviour that was changed by commit 4cbb2930bd
("efi_loader: consider no-map property of reserved memory").

Fixes: 4cbb2930bd ("efi_loader: consider no-map property of reserved memory")
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:07:18 +01:00
Heinrich Schuchardt
4bad14ae79 efi_loader: disable GRUB_ARM32_WORKAROUND on ARCH_SUNXI
GRUB_ARM32_WORKAROUND can be disabled on ARCH_SUNXI as the Allwinner SoCs
only have a level 2 cache controlled via CP15 and not an architecturally
defined cache. Having the cache available speeds up booting Linux.

On ARCH_BCM283X it is already disabled via rpi_2_defconfig. But let's move
this setting to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:07:01 +01:00
Heinrich Schuchardt
62df6e9c99 efi_loader: Uart device path
When uploading an EFI binary via the UART we need to assign a device path.

* Provide devicepath node to text conversion for Uart() node.
* Provide function to create Uart() device path.
* Add UART support to efi_dp_from_name().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-19 20:54:40 +01:00
Heinrich Schuchardt
a95f4c8859 efi_loader: NULL dereference in EFI console
Even if CONFIG_DM_VIDEO=y and stdout="vidconsole", a video device may not
be available. Check the return values of the relevant functions.

If no video output device is available, assume that the serial console is
in use.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-19 20:47:25 +01:00
Simon Glass
64d809b4cb efi: Fix compiler warnings
This occur when building on Raspberry Pi 400 (32-bit ARM). Fix them.

Examples:

cmd/efidebug.c: In function ‘do_efi_capsule_update’:
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:9: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
         ^~~
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:19: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
                   ^~~

In file included from include/common.h:20,
                 from lib/efi_loader/efi_capsule.c:9:
lib/efi_loader/efi_capsule.c: In function ‘efi_update_capsule’:
include/efi_loader.h:83:8: warning: format ‘%lu’ expects argument of type
	‘long unsigned int’, but argument 10 has type ‘size_t’
	{aka ‘unsigned int’} [-Wformat=]
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
        ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:37:21: note: in definition of macro ‘pr_fmt’
 #define pr_fmt(fmt) fmt
                     ^~~
include/log.h:229:2: note: in expansion of macro ‘log’
  log(LOG_CATEGORY, LOGL_DEBUG, fmt, ##args); \
  ^~~
include/log.h:249:2: note: in expansion of macro ‘debug_cond’
  debug_cond(_DEBUG, fmt, ##args)
  ^~~~~~~~~~
include/efi_loader.h:83:2: note: in expansion of macro ‘debug’
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
  ^~~~~
lib/efi_loader/efi_capsule.c:444:2: note: in expansion of macro ‘EFI_ENTRY’
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
  ^~~~~~~~~
lib/efi_loader/efi_capsule.c:444:19: note: format string is defined here
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
                 ~~^
                 %u

Signed-off-by: Simon Glass <sjg@chromium.org>
Replace (uintptr_t)NULL by 0.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-16 09:37:04 +01:00
Ilias Apalodimas
d2ac8af95b efi_selftest: Remove loadfile2 for initrd selftests
We are redefining how u-boot locates the initrd to load via the kernel
LoadFile2 protocol.  This selftest is not relevant any more, so remove
it. A new one will be added later

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-16 09:37:04 +01:00
Heinrich Schuchardt
fbc6ceae6f efi_selftest: illegal cast to pointer in initrddump
On 32bit systems u64 cannot directly be cast to void *.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-16 09:37:04 +01:00
Mark Kettenis
9ff9f4b426 efi_loader: fix memory type for memory reservation block
The (yet unreleased version of the) devicetree specification clearly
states that:

  As with the /reserved-memory node, when booting via UEFI
  entries in the Memory Reservation Block must also be listed
  in the system memory map obtained via the GetMemoryMap() toi
  protect against allocations by UEFI applications. The memory
  reservation block entries should be listed with type
  EfiReservedMemoryType.

This restores the behaviour that was changed by commit 4cbb2930bd
("efi_loader: consider no-map property of reserved memory").

Fixes: 4cbb2930bd ("efi_loader: consider no-map property of reserved memory")
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-16 09:37:04 +01:00
Heinrich Schuchardt
8b5dea3358 efi_loader: disable GRUB_ARM32_WORKAROUND on ARCH_SUNXI
GRUB_ARM32_WORKAROUND can be disabled on ARCH_SUNXI as the Allwinner SoCs
only have a level 2 cache controlled via CP15 and not an architecturally
defined cache. Having the cache available speeds up booting Linux.

On ARCH_BCM283X it is already disabled via rpi_2_defconfig. But let's move
this setting to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-16 09:37:04 +01:00
Tom Rini
22fc991daf Prepare v2021.04-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBPhiUACgkQFHw5/5Y0
 tywChgv/RYpdSKrD5s4kCJnImfOwDznESj/CqAQK3Au5zviq7qXRrgxyTKv2e1wM
 W51vUBd0cE1YTACXqbr92wSSyqoTthLqd57KQgVele5uC2dvkqVTSvjPOUwtyIbQ
 BTPkoQnHPn30AILRdPjpEdBGfZhJDDtJFdQopn6h4GjEjPKVH8Wx1Dd+V6SD5f20
 WiksUjgdjMr1AmORY+LdwwJO8FZrGGPYgs8CDtiqxmCSwh3d7kUFFTT+G23BZdo7
 M+81+1uIUaW2Bolds7ZTPrrjr8bPwkWoTqNYhUB4bNPLp72gwnjM1rtU1X3hyiJM
 MdxSBimLHUOYPihfeSYCHSUrJaQFAAEFkuzWfZN1fgoswKEZQIVVVTzT/TomTyqf
 1DIXD+0HpXGKgVLW/Nkpl4D+UFjR865XI4kiuDxddjKI7bGbvDlbZ/k3PNelD7op
 umUswHnC3OTSw/g+A9VH/zf1rMFNLfu++vD7XJtdoWlcsl6x6/6Fh75tuC6K/X0K
 caPmehD3
 =ENym
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc4' into next

Prepare v2021.04-rc4
2021-03-15 12:15:38 -04:00
Heinrich Schuchardt
e91789e2f6 lib/charset: UTF-8 stream conversion
Provide functions to convert an UTF-8 stream to code page 437 or UTF-32.

Add unit tests.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:13 +01:00
Heinrich Schuchardt
ddbaff53da lib/charset: utf8_get() should return error
utf8_get() should return an error if hitting an illegal UTF-8 sequence and
not silently convert the input to a question mark.

Correct utf_8() and the its unit test.

console_read_unicode() now will ignore illegal UTF-8 sequences.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:13 +01:00
Heinrich Schuchardt
73bb90cabc efi_loader: carve out utf_to_cp()
Carve out a function to translate a Unicode code point to an 8bit codepage.

Provide a unit test for the new function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:13 +01:00
Heinrich Schuchardt
70616a1ed8 efi_loader: move codepage 437 table
Move the Unicode to codepage 437 table to charset.c

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:12 +01:00
Heinrich Schuchardt
997b57fc1a efi_loader: console size of vidconsole
If stdout is 'vidconsole', we correctly set the console size.
If stdout is 'vidconsole,serial', the video console is ignored.

We should always evaluate the size of vidconsole if it is the primary
console.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-07 17:37:12 +01:00
Bin Meng
e010315899 lib: kconfig: Mention CONFIG_ADDR_MAP limitation in the help
Mention that CONFIG_ADDR_MAP only works in the post-relocation phase.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:43 +05:30
Bin Meng
b561563316 lib: addr_map: Move address_map[] type to the header file
At present address_map[] is static and its type is unknown to external
modules. In preparation to create a command to list its contents, this
patch moves its type definition and declaration to the header file.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:43 +05:30
Bin Meng
56e7257ca8 lib: Fix BINMAN_FDT dependency
lib/binman.c references the following 3 ofnode APIs:
ofnode_first_subnode(), ofnode_path() and ofnode_read_bool().

These APIs get built only when DM is on. Fix the dependency then.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-03 19:17:25 -07:00
Simon Glass
63af92e837 tpm: Allow disabling platform hierarchy with TPM2
With TPM2 we don't actually lock the TPM once verified boot is finished.
Instead we disable the platform hierarchy which serves the same purpose.
Add an implementation of this so we can safely boot into the kernel.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
7785bc1d5f tpm: Add TPM2 support for write_lock
Implement this API function for TPM2.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
6719cbe31a tpm: Add TPM2 support for read/write values
Implement this API function for TPM2.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
eadcbc7896 tpm: Add an implementation of define_space
Add support for this so that the TPM can be set up for use with
Chromium OS verified boot.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
1bea7cc430 tpm: Reduce duplication in a few functions
Update tpm2_clear() and tpm2_pcr_extend() so that the command size
is not repeated twice. Add a small comment to the latter.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
b8eb9210e7 tpm: Add a basic API implementation for TPMv2
Add support for TPMv2 versions of API functions. So far this is not
complete as the standard is quite large, but it implements everything
currently available for TPMv2 in U-Boot.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
d6a885f087 tpm: Switch TPMv1 over to use the new API
Take over the plain 'tpm_...' functions for use by the new TPM API. Rename
all the TPMv1 functions so they are called from the API.

Update the TPMv1 functions so that they are called from the API. Change
existing users to use the tpm1_ prefix so they don't need to go through
the API, which might introduce uncertainty.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
bfe8fa262c tpm: Add an API that can support v1.2 and v2
There are two different TPM standards. U-Boot supports both but each has
its own set of functions. We really need a single TPM API that can call
one or the other. This is not always possible as there are some
differences between the two standards, but it is mostly possible.

Add an API to handle this. So far it is not plumbed into the build and
only supports TPMv1.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-02 15:53:37 -05:00
Simon Glass
1a39ab87b7 tpm: Add debugging of request in tpm_sendrecv_command()
The response is shown but not the request. Update the code to show both
if debugging is enabled.

Use a 'uint' type for size so it matches the register-word size on both
32- and 64-bit machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-02 15:53:37 -05:00
Heinrich Schuchardt
9c081a7eab efi_loader: limit output length for VenHw, VenMedia
VenHw and VenMedia device path nodes may carry vendor defined data of
arbitrary length. When converting a device path node to text ensure that we
do not overrun our internal buffer.

In our implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() we could first
determine the output length and then allocate buffers but that would nearly
double the code size. Therefore keep the preallocated buffers and truncate
excessive device paths instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-26 16:17:43 +01:00
Heinrich Schuchardt
992b1731e6 efi_loader: ACPI tables must be in EfiACPIReclaimMemory
The UEFI spec does not allow ACPI tables to be in runtime services memory.
It recommends EfiACPIReclaimMemory.

Remove a superfluous check that the allocated pages are 16 byte aligned.
EFI pages are 4 KiB aligned.

Fixes: 86df34d42b ("efi_loader: Install ACPI configuration tables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-26 16:17:43 +01:00
Siew Chin Lim
277b879906 lib: sha512: include "compiler.h"
Include "compiler.h" in sha512.c. This is needed by 'cpu_to_be64' macro
that used in 'sha512_base_do_finalize' function.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-24 16:51:49 -05:00
Sean Anderson
8f684bc120 lib: rsa: Add debug message on algo mismatch
Currently we fail silently if there is an algorithm mismatch. To help
distinguish this failure condition.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
2021-02-24 16:51:48 -05:00
Heinrich Schuchardt
bd3d75bb0c efi_loader: multi part device paths to text
Our current implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() truncates multi
part device paths after the first part. We should convert all parts.

Render device path instance ends as commas. This is not explicitly
described in the UEFI spec but mimics what EDK II does.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-02-21 09:21:35 +01:00
Heinrich Schuchardt
1edfc3fa9b efi_selftest: multi part device path to text
Test EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() for a multi
part device path.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-02-21 09:21:35 +01:00
Heinrich Schuchardt
512f092da2 efi_selftest: compiler flags for dtbdump.o
Fix a typo. Apply the correct compiler flags to dtbdump.o.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-21 09:21:35 +01:00
Jesper Schmitz Mouridsen
e67beffee0 Allow last block to be read
The last block is of size media->block_size

Signed-off-by: Jesper Schmitz Mouridsen <jesper@schmitz.computer>

Simplify expression.
Apply same change to efi_disk_write_blocks().

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-21 09:21:35 +01:00
Tom Rini
2ae80437fb Merge branch '2021-02-02-drop-asm_global_data-when-unused'
- Merge the patch to take <asm/global_data.h> out of <common.h>
2021-02-15 10:16:45 -05:00
Tom Rini
e31350c3c4 Revert "fdtdec: Use CONFIG_IS_ENABLED in board_fdt_blob_setup()"
On Rockchip platforms we need this area of code in TPL, but there is no
TPL_SEPARATE_BSS symbol.

This reverts commit 0a2aaab0b6.

Reported-by: Markus Reichl <m.reichl@fivetechno.de>
Reported-by: Jesper Schmitz Mouridsen <jesper@schmitz.computer>
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-15 10:06:23 -05:00
Heinrich Schuchardt
15bbcafab1 efi_loader: fix get_last_capsule()
fix get_last_capsule() leads to writes beyond the stack allocated buffer.
This was indicated when enabling the stack protector.

utf16_utf8_strcpy() only stops copying when reaching '\0'. The current
invocation always writes beyond the end of value[].

The output length of utf16_utf8_strcpy() may be longer than the number of
UTF-16 tokens. E.g has "CapsuleКиев" has 11 UTF-16 tokens but 15 UTF-8
tokens. Hence, using utf16_utf8_strcpy() without checking the input may
lead to further writes beyond value[].

The current invocation of strict_strtoul() reads beyond the end of value[].

A non-hexadecimal value after "Capsule" (e.g. "CapsuleZZZZ") must result in
an error. We cat catch this by checking the return value of strict_strtoul().

A value that is too short after "Capsule" (e.g. "Capsule0") must result in
an error. We must check the string length of value[].

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Heinrich Schuchardt
841f7a4ebb efi_loader: '.' and '..' are directories
'.' and '..' are directories. So when looking for capsule files it is
sufficient to check that the attribute EFI_FILE_DIRECTORY is not set. We
don't have to check for these special names.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Asherah Connor
9d30a941cc efi_loader: don't load beyond VirtualSize
PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Simon Glass
07c9e683a4 smbios: Allow a few values to come from sysinfo
While static configuration is useful it cannot cover every case. Sometimes
board revisions are encoded in resistor straps and must be read at
runtime.

The easiest way to provide this information is via sysinfo, since the
board can then provide a driver to read whatever is needed.

Add some standard sysinfo options for this, and use them to obtain the
required information.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:20:36 +08:00
Simon Glass
e9adaa75bb smbios: Add more options for the BIOS version string
At present the version string is obtained from PLAIN_VERSION. Some boards
may want to configure this using the device tree, since the build system
can more easily insert things there after U-Boot itself is built. Add this
option to the code.

Also in some cases the version needs to be generated programmatically,
such as when it is stored elsewhere in the ROM and must be read first.
To handle this, keep a pointer around so that it can be updated later.
This works by storing the last string in the context, since it is easier
than passing out a little-used extra parameter.

Provide a function to update the version string.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:20:27 +08:00
Simon Glass
fd3b826da8 smbios: Track the end of the string table
Add a new member to the context struct which tracks the end of the string
table. This allows us to avoid recalculating this at the end.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:20:23 +08:00
Simon Glass
0c95fff342 smbios: Drop the eos parameter
We can store this in the context and avoid passing it to each function.
This makes it easier to follow and will also allow keeping track of the
end of the string table (in future patches).

Add an 'eos' field to the context and create a function to set it up.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:18:41 +08:00
Simon Glass
1e8989ad8a smbios: Use a struct to keep track of context
At present we pass the ofnode to each function. We also pass the 'eos'
pointer for adding new strings. We don't track the current end of the
string table, so have smbios_string_table_len() to find that.

The code can be made more efficient if it keeps information in a
context struct. This also makes it easier to add more features.

As a first step, switch the ofnode parameter to be a context pointer.
Update smbios_add_prop() at the same time to avoid changing the same
lines of code in consecutive patches.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:18:41 +08:00
Simon Glass
7617f996e6 smbios: Set BIOS release version
We may as well include the U-Boot release information in the type-0 table
since it is designed for that purpose.

U-Boot uses release versions based on the year and month. The year cannot
fit in a byte, so drop the century.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:18:41 +08:00
Simon Glass
0e89b85906 smbios: Move smbios_write_type to the C file
This type is not used outside the smbios.c file so there is no need for it
to be in the header file. Move it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-06 19:18:41 +08:00
Tom Rini
55ffabec7f Pull request for UEFI sub-system for efi-2021-04-rc2
Bug fixes:
 
 * do not allow creating of files with filenames on FAT file system
 * install UEFI System Partition GUID on ESP handle
 * in dtbdump.efi test tool use GUID to find ESP handle
 
 Documentation:
 
 * man-page for load command
 * describe end of life of plat_auto
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmAcTmoACgkQxIHbvCwF
 GsT0ag/6AjtRtGd8ySYix9lytmDphyztvTTHrd/Bz+UWi64iEIOH6t/RIAPG0yb0
 WJBvTe9eGxbNx5VOx426YtPUGFfzAakMyRaAL5Y4wkQsKgseq3q2sE55wzG4nTiR
 nmweR7TPslSkGtqQQehGGtdMJn//M/alABtTQs5eyjOkJPEc4DzATeksfA64t2Dj
 ijaU4dWbKVHy8spz3xH9cIdF1fvCJGxvSvXCVculN5bfgCf/MJYq6gb2VgXyLL1w
 +6GNklzNKRY8Lk9C4hqq2ktK4dQ4R0qKgqxtihwuSdbZmhV6cScKvmNPCqdYx/1l
 p5ywE067KRm16Hl/41QhKPMVleqn33Td3U4I+CWvO9DPnsH7pY9iRymM6zfRm9+j
 nO4f8++OqG/YXL+oABLkSIZaoYWqGmZd5Nc1bq9sTXthUXHZeC6/V19n0TJYVIV5
 HtIPFJbqn4S4uKjTFxyvudE6OfeW4+HpsY7bQHDRXWY1Kma0fgMYbhFZdUeNyr+6
 N8EFXZ5nKVWqLH9zlAIPOn0AEXzOfvsWad+NU0bILY8f60SqW0AydjvzG8z9CU3e
 vqxx+NxcG26SYscIcANvMI7HxtB6mblBYF2vSqBAkSrQ23Om+dnKkLhHO8pkkNtn
 J4rLpAxEAA1yaqKK/1n67D6pSqvjdWQqOfgL/3E1sqgAGYYOBrc=
 =rQaL
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-04-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2021-04-rc2

Bug fixes:

* do not allow creating of files with filenames on FAT file system
* install UEFI System Partition GUID on ESP handle
* in dtbdump.efi test tool use GUID to find ESP handle

Documentation:

* man-page for load command
* describe end of life of plat_auto
2021-02-04 17:35:50 -05:00
Heinrich Schuchardt
02fc018a35 efi_loader: VenMedia device path node
The Load File2 protocol exposes a device path with a VenMedia() node. Hence
our implementation of the device path to text protocol should support this
node.

Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-04 20:12:41 +01:00
Heinrich Schuchardt
6bca36cee2 efi_selftest: use GUID to find ESP in dtbdump
If dtbdump.efi is loaded from memory when calling LoadImage the loaded
image protocol will not indicate the partition from where it was loaded.
In this case use the EFI system partition for the 'load' and 'save'
commands.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-04 20:09:03 +01:00
Heinrich Schuchardt
b9b0ea30c7 efi_loader: install UEFI System Partition GUID
On the handle for the UEFI System Partition we must install the System
Partition GUID (with a NULL interface).

Let the efidebug command display the GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-04 20:09:02 +01:00
Heinrich Schuchardt
1bc9fc3483 efi_loader: only check size if EFI_DT_APPLY_FIXUPS
In the implementation of the EFI_DT_FIXUP_PROTOCOL:

* Only check the buffer size when EFI_DT_APPLY_FIXUPS is set.
* In this case the field totalsize of the device-tree may not exceed the
  buffer size.
* Install device-tree only if EFI_DT_INSTALL_TABLE is set.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-04 20:09:02 +01:00
Bin Meng
d17e9d2558 fdtdec: Cast prior_stage_fdt_address with uintptr_t
At present prior_stage_fdt_address is declared as phys_addr_t. On
a 32-bit platform where phys_addr_t can be 64-bit, assigning its
value to gd->fdt_blob which is a pointer, can cause warnings.

Cast it to uintptr_t before the assignment.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-03 03:38:41 -07:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Tom Rini
242ef48ea7 tpm fixes for coral
binman fixes support for symbols in sub-sections
 support for additional cros_ec commands
 various minor fixes / tweaks
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmAV6K8RHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYERgf/QbwOL87yPbf9SyXBQ0EMTmn1ve9HCiv9
 yeXrijvA0/wtTVoM44d/z7THb+7Zqw6LbsVOXUSicdGqaogy10xIuz5we0CoGJm6
 iwYWV6kaAqjCxDTlSToGnR/TCjiOVgXC6u5QPCZC0LGbAmDbAl4jyCuQxxq2eXYD
 hrLSzZPHDe0s2BeWZKRQJ26qyPfWIribXNJXG78/FsvDrdWPPc5K+/ZEb2IWawWR
 nEZ8GTEYZpik/niEJ3gFozwCwpJQi3PyukjZvzTGn6tBqg12YXE4dbSzcj48Uj4o
 prwUFAGKRR97zFB6c4+NUvd3VBUgPtPdZrtzZ1nNCppiMq1E4BKiDg==
 =kijh
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-30jan21' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm

tpm fixes for coral
binman fixes support for symbols in sub-sections
support for additional cros_ec commands
various minor fixes / tweaks
2021-01-31 08:49:53 -05:00
Simon Glass
5e6c9029cd binman: Print a debug message when binman selects a node
Add some debugging to indicate which node the binman library is looking
at.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-30 14:25:42 -07:00
Heinrich Schuchardt
82d01f04fa efi_loader: switch to non-secure mode later
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.

With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().

Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-29 20:22:40 +01:00
Heinrich Schuchardt
688e88256f efi_loader: correct block IO alignment check
If the field Media->IoAlign of the EFI block IO protocol is zero, no
alignment is required. Our code required 4 GiB alignment in this case.

Don't check buffer alignment if Media->IoAlign == 0.

Fixes: f59f0825e8 ("efi_loader: parameter checks BLOCK_IO_PROTOCOL")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-29 20:22:40 +01:00
Heinrich Schuchardt
74a614d70a efi_selftest: test EFI_BLOCK_IO_PROTOCOL.Media->LastBlock
The field Media->LastBlock of the EFI_BLOCK_IO_PROTOCOL must be filled
with the index of the last logical block (LBA) for the block device that
our test driver provides.

After calling ConnectController() U-Boot exposes the block IO protocol for
the partition check that the value of Media->LastBlock equals the partition
size minus one.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-29 20:22:40 +01:00
Simon Glass
1e35a4d228 binman: Allow reading entries from a subnode
Some images may have multiple copies of the same thing, e.g. two versions
of the read/write U-Boots. It is necessary to read data from one or other
of these under selection of the verified-boot logic. Add a function to
select the subnode to use.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
76b54d8ca1 binman: Move selection of the binman node into a function
Move this logic out of the main init function so it is available for
other purpose.

Use a different error when multiple-images is in use but no subnode is
available. This makes it easier to determine what is wrong.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
ec5f101a37 crc32: Exclude crc32 from TPL
Unfortunately the toolchain often brings in the crc32 table even if the
function is not actually used. For now, exclude it from the TPL build,
which is very sensitive to size.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
ac42fe539c display_options: Use USE_TINY_PRINTF for SPL check
At present this code uses a simple printf() format if running in SPL. But
SPL can use the full printf. Use USE_TINY_PRINTF instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
0a2aaab0b6 fdtdec: Use CONFIG_IS_ENABLED in board_fdt_blob_setup()
This setting may be different in SPL and TPL. Update the code to check
the correct setting.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
e1d23f569b fdtdec: Update the missing-devicetree message
This includes information about sandbox which is not relevant for most
boards. Drop it.

Also add the address to help figure out the problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Philippe Reynes
040fad3791 lib: rsa: rsa-verify: don't look for keys in the FIT image
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Heinrich Schuchardt
8d0949b3ed efi_loader: correct EFI_BLOCK_IO_PROTOCOL.Media.LastBlock
The field Media.LastBlock of the EFI_BLOCK_IO_PROTOCOL.Media was filled
incorrectly both for block devices as well as for partitions.

The field must be filled with the index of the last logical block (LBA):

* block devices: device size minus 1
* partitions: partition size minus 1

Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23 07:56:54 +01:00
Heinrich Schuchardt
2cfb68fd83 efi_loader: notification with TPL_APPLICATION not allowed
The UEFI specification requires event notification levels to be
> TPL_APPLICATION and <= TPL_HIGH_LEVEL.

With the patch the CreateEvent() and CreatedEventEx() services are changed
to check that the notification level is not TPL_APPLICATION.

Reference:
UEFI Specification 2.8 Errata B, table 27 "TPL Restrictions",
"Event Notification Levels"

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23 07:56:54 +01:00
AKASHI Takahiro
8f1844c333 efi_loader: capsule: fix SIZEOF_MISMATCH warning
CID 316361 says:
> Passing argument "count * 8UL /* sizeof (*files) */" to
> function "dlmalloc" and then casting the return value to "u16 **" is
> suspicious. In this particular case "sizeof (u16 **)" happens to be equal
> to "sizeof (u16 *)", but this is not a portable assumption.
> > 767         tmp_files = malloc(count * sizeof(*files));

The change in this patch fixes the ambiguity.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316361
For readability use *tmp_files instead of tmp_files[0]
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23 07:56:53 +01:00
Heinrich Schuchardt
6e8c28cf52 efi_loader: fix efi_load_image_from_path()
Use the correct GUID when closing the file load protocol.
Remove an unnecessary check (Coverity CID 316363).

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23 07:56:53 +01:00
Tom Rini
404bbc809d Pull request for UEFI sub-system for efi-2021-04-rc1-2
* Provide a test tool for initial RAM disk provided via load file2 protocol.
 * Make more items configurable to reduce code size:
   * Boot manager
   * EFI_DT_FIXUP_PROTOCOL
   * EFI_DEVICE_PATH_UTILITIES_PROTOCOL
 * Bug fixes
   * avoid EFI runtime symbols in global symbol table
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmAIHfIACgkQxIHbvCwF
 GsSz8g/+No9xNYiAK1pY0Fjus6ZSfBhMCY9NGwkEkyzFwXZG+ckmlWwMd+auk8Oz
 noU5vVBkr4JdrdpACdgiCdCeAfsYwxPy7/GulgVMLpptMlrLfbOhA/n7uOzhAilV
 QDt3BouOuvW+sVlxoxD2FNkpw4vFS6CasFgBj1+tWunARoXqIRxD4MbFp1zwApHb
 qC67jomsDS6MvQtrebZ3Erqkp67W0RVtD6X4KGq8+6g+8akVAan5zl7/gPj9Z8h6
 M1AXG/pLqDMrG+3RFGMyqncPOlxPVL85BQAAJVB8/SQcAQ726R4z/ia+3VBFBWWf
 N9rmzNJ9KnbAr3OHZnfqYITe/E2xgiRVqTYl5IL8701E41qhEjRiBWFF+U+QG/8b
 3IByp4FZXVbVxjsjK8dIi5aTmBvznwb0HcrlcbwJRonTvBCBOZCVIoAn2PalZUFW
 4zc4hGaoWVTdwRXaiiQKQuAfA52B3tfPqfWyUsm1E+crf/JYngstQe4A88FDorV6
 ozISWNXb5RzYdNluewJl2c1rfWcUiWHbbnKMt+YbDvE4OTy6lbJC9oY0mNfPE7nK
 7cq/Tk8WNhrMIv95nqzDBCv78naa0iQF5P+tHk6/r3IJ/wFFyD6f4ZvGijvCK+9o
 vgnmK0kz9Qd53m+g4L54xpTsyoCXaU2N9zzD1QgwV3HjW2JyjxY=
 =yVF7
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-04-rc1-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2021-04-rc1-2

* Provide a test tool for initial RAM disk provided via load file2 protocol.
* Make more items configurable to reduce code size:
  * Boot manager
  * EFI_DT_FIXUP_PROTOCOL
  * EFI_DEVICE_PATH_UTILITIES_PROTOCOL
* Bug fixes
  * avoid EFI runtime symbols in global symbol table
2021-01-20 10:49:23 -05:00
Ilias Apalodimas
53e54bf50d efi_loader: Avoid emitting efi_var_buf to .GOT
Atish reports that on RISC-V, accessing the EFI variables causes
a kernel panic. An objdump of the file verifies that, since the
global pointer for efi_var_buf ends up in .GOT section which is
not mapped in virtual address space for Linux.

<snip of efi_var_mem_find>

0000000000000084 <efi_var_mem_find>:
  84:   715d                    addi    sp,sp,-80

* objdump -dr
0000000000000086 <.LCFI2>:
  86:   e0a2                    sd  s0,64(sp)
  88:   fc26                    sd  s1,56(sp)
  8a:   e486                    sd  ra,72(sp)
  8c:   f84a                    sd  s2,48(sp)
  8e:   f44e                    sd  s3,40(sp)
  90:   f052                    sd  s4,32(sp)
  92:   ec56                    sd  s5,24(sp)
  94:   00000497            auipc   s1,0x0
            94: R_RISCV_GOT_HI20    efi_var_buf
  98:   0004b483            ld  s1,0(s1) # 94 <.LCFI2+0xe>
            98: R_RISCV_PCREL_LO12_I    .L0
            98: R_RISCV_RELAX   *ABS*

* objdump -t
0000000000000084 g     F .text.efi_runtime  00000000000000b8 efi_var_mem_find

With the patch applied:

* objdump -dr
0000000000000086 <.LCFI2>:
  86:   e0a2                    sd  s0,64(sp)
  88:   fc26                    sd  s1,56(sp)
  8a:   e486                    sd  ra,72(sp)
  8c:   f84a                    sd  s2,48(sp)
  8e:   f44e                    sd  s3,40(sp)
  90:   f052                    sd  s4,32(sp)
  92:   ec56                    sd  s5,24(sp)
  94:   00000497            auipc   s1,0x0
            94: R_RISCV_PCREL_HI20  .LANCHOR0
            94: R_RISCV_RELAX   *ABS*
  98:   00048493            mv  s1,s1
            98: R_RISCV_PCREL_LO12_I    .L0
            98: R_RISCV_RELAX   *ABS*

* objdump -t
0000000000000008 l     O .data.efi_runtime  0000000000000008 efi_var_buf

On arm64 this works, because there's no .GOT entries for this
and everything is converted to relative references.

* objdump -dr (identical pre-post patch, only the new function shows up)
00000000000000b4 <efi_var_mem_find>:
  b4:   aa0003ee    mov x14, x0
  b8:   9000000a    adrp    x10, 0 <efi_var_mem_compare>
            b8: R_AARCH64_ADR_PREL_PG_HI21  .data.efi_runtime
  bc:   91000140    add x0, x10, #0x0
            bc: R_AARCH64_ADD_ABS_LO12_NC   .data.efi_runtime
  c0:   aa0103ed    mov x13, x1
  c4:   79400021    ldrh    w1, [x1]
  c8:   aa0203eb    mov x11, x2
  cc:   f9400400    ldr x0, [x0, #8]
  d0:   b940100c    ldr w12, [x0, #16]
  d4:   8b0c000c    add x12, x0, x12

So let's switch efi_var_buf to static and create a helper function for
anyone that needs to update it.

Fixes: e01aed47d6 ("efi_loader: Enable run-time variable support for tee based variables")
Reported-by: Atish Patra <atishp@atishpatra.org>
Tested-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
d56013d37c efi_selftest: use CRLF as line endings in dtbdump
EFI applications must use CR LF as line endings.

Provide a print() function to reduce code size.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
65ab48d69d efi_selftest: provide initrddump test tool
Provide an UEFI application to save the initial RAM disk provided by U-Boot
via the Load File2 protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
8644af7dc4 efi_selftest: don't compile dtbdump if GENERATE_ACPI_TABLE
If we are using ACPI tables instead of a device tree, we don't need the
dtbdump.efi test tool.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
b6f6080f56 efi_selftest: ask before overwriting in dtbdump.efi
Before overwriting an existing file ask the user.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
19ea5e66de efi_loader: remove EFI_UNICODE_COLLATION_PROTOCOL
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. It was however required to run the UEFI Self Certification Test
(SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of
running the SCT.

As the SCT does not need the protocol anymore it is time for removal.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
59593a52a3 efi_loader: EFI_DEVICE_PATH_UTILITIES_PROTOCOL configurable
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.

On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
4cb07d8d93 efi_loader: make EFI_DT_FIXUP_PROTOCOL configurable
Allow EFI_DT_FIXUP_PROTOCOL to be disabled via configuration.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
535c473e10 efi_loader: fixup protocol, avoid forward declaration
Avoid a forward declaration.

Add a missing function description.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:17:17 +01:00
Heinrich Schuchardt
ff2f532fad efi_loader: make the UEFI boot manager configurable
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:09:34 +01:00
Heinrich Schuchardt
2363effb7a efi_loader: move load options to new module
Move all load options related functions to a new module. So that they can
be compiled independently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-19 18:56:08 +01:00
Matthias Brugger
92fdad28cf lib: uuid: use RNG device if present
When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.

Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
2021-01-19 09:15:02 -05:00
Tom Rini
59e4e391df Merge https://gitlab.denx.de/u-boot/custodians/u-boot-riscv
- Update qemu-riscv.rst build instructions.
- Add support for SPI on Kendryte K210.
- Add Microchip PolarFire SoC Icicle Kit support.
- Add support for an early timer.
  - Select TIMER_EARLY to avoid infinite recursion for Trace.
2021-01-18 08:04:28 -05:00
Pragnesh Patel
a80f85138c trace: select TIMER_EARLY to avoid infinite recursion
When tracing functions is enabled this adds calls to
__cyg_profile_func_enter() and __cyg_profile_func_exit() to the traced
functions.

__cyg_profile_func_enter() and __cyg_profile_func_exit() invoke
timer_get_us() to record the entry and exit time.

initr_dm() will make gd->dm_root = NULL and gd->timer = NULL, so
timer_get_us() -> get_ticks() -> dm_timer_init() will lead to an
indefinite recursion.

So select TIMER_EARLY when tracing got enabled.

Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-01-18 11:06:32 +08:00
Patrick Delaunay
6205bbb1e0 lib: cosmetic update of CONFIG_LIB_ELF description
Change 2 typo error in CONFIG_LIB_ELF description:
- Supoort => Support
- fir => for

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 19:17:11 -05:00
Heinrich Schuchardt
986c841c8b lib: zlib: our putc() takes only one argument
In contrast to the C99 standard [1] our putc() takes only one argument.

[1] ISO/IEC 9899:1999

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-16 19:17:11 -05:00
Heinrich Schuchardt
834427d463 lib: zlib: include ctype.h
Our ctype.h is in include/linux/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-16 19:17:11 -05:00
Heinrich Schuchardt
3e50deece0 lib: aes: build failure with DEBUG=1
Building fails with DEBUG=1:

lib/aes.c: In function ‘debug_print_vector’:
lib/aes.c:622:45: error:
cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
  622 |  printf("%s [%d] @0x%08x", name, num_bytes, (u32)data);

Pointers can only be cast to (uintptr_t). But anyway we have
%p for printing pointers.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 19:17:11 -05:00
Patrick Delaunay
976a68a20d string: Use memcpy() within memmove() when we can
A common use of memmove() can be handled by memcpy(). Also memcpy()
includes an optimization for large sizes: it copies a word at a time. So
we can get a speed-up by calling memcpy() to handle our move in this case.

Update memmove() to call also memcpy() if the source don't overlap
the destination (src + count <= dest).

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-01-16 14:49:09 -05:00
Rasmus Villemoes
c0364ce1c6 doc/README.gpt: define partition type GUID for U-Boot environment
When setting aside a GPT partition for holding the U-Boot environment,
having a partition type GUID [1] indicating "Linux filesystem" (as
most tools default to) is somewhat misleading - and there's no other
well-known type GUID that is better suited. So to have a canonical
value to put into the type field, define

    3de21764-95bd-54bd-a5c3-4abe786f38a8

to mean a partition holding a U-Boot environment.

This is a v5 namespace-name GUID [2], generated [3] from a namespace
of "25cbcde0-8642-47c6-a298-1a3a57cd256b" and name "U-Boot
environment".

Should future type GUIDs be defined in the context of U-Boot, it's
sensible to use that same namespace GUID.

[1] https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs
[2] https://en.wikipedia.org/wiki/Universally_unique_identifier#Versions_3_and_5_(namespace_name-based)
[3] https://www.uuidtools.com/v5

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2021-01-16 14:49:09 -05:00
Rasmus Villemoes
31ce367cd1 lib/uuid.c: change prototype of uuid_guid_get_str()
There's no reason to require an appropriately sized output parameter
for the string, that's error-prone should the table ever grow an
element with a longer string. We can just return the const char*
pointer directly.

Update the only caller accordingly, and get rid of pointless ifdeffery
in the header so that the compiler always sees a declaration and can
thus do type-checking, whether or not PARTITION_TYPE_GUID is enabled
or not.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2021-01-16 14:49:09 -05:00
Heinrich Schuchardt
8e70f1cb3f efi_selftest: dtbdump support EFI_DT_FIXUP_PROTOCOL
The dtbdump.efi binary can already be used to dump the configuration table
with the device-tree to a file.

With this patch a device-tree file can be loaded. The EFI_DT_FIXUP_PROTOCOL
is called to

* apply U-Boot's fix-ups
* let U-Boot make memory reservations as required by the device-tree
* install the new device-tree as configuration table

In a next step this configuration table can be dumped.

A dtbdump.efi session would look like:

    DTB Dump
    ========

    => load test.dtb
    device-tree installed
    => save fixed-up.dtb
    fixed-up.dtb written
    => exit

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Heinrich Schuchardt
94686f60a2 efi_loader: implement EFI_DT_FIXUP_PROTOCOL
A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Heinrich Schuchardt
db0f298416 efi_loader: remove outdated TODO in efi_memory.c
In efi_mem_sort() adjacent memory regions of same type are coalesced.
Remove the remark "Merging of adjacent free regions is missing".

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Heinrich Schuchardt
7913c7dc57 efi_loader: typedef efi_string_t text output protocol
We do not want to use typedefs in U-Boot.

Do not use efi_string_t in the EFI_TEXT_OUTPUT_PROTOCOL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Heinrich Schuchardt
5dad05a0e6 efi_loader: carve out efi_check_pe()
Carve out a function to check that a buffer contains a PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Heinrich Schuchardt
dd860b90ff efi_loader: print boot device and file path in helloworld
Let helloworld.efi print the device path of the boot device and the file
path as provided by the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Heinrich Schuchardt
db12f518ed efi_loader: implement non-blocking file services
Implement services OpenEx(), ReadEx(), WriteEx(), FlushEx() of the
EFI_FILE_PROTOCOL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Tom Rini
b11f634b1c Driver model: make some udevice fields private
Driver model: Rename U_BOOT_DEVICE et al.
 dtoc: Tidy up and add more tests
 ns16550 code clean-up
 x86 and sandbox minor fixes for of-platdata
 dtoc prepration for adding build-time instantiation
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl/09LURHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIrebjwwf/fHRjYsAY/Yj/+y1xgo3L3sphIvQUqTDF
 KkLl+kHdV5r8W/HJULxLQcF2r7pcPEI6TAQxuj3qQ5SUvm2HviS8GHGPawDEwyht
 HgBp9VD56+HUadMfnbG//DVS73ycbL4XSKlYqpkINEejtnlttsCIawUXX5cTyGM/
 59VkgnKrKvJQRUXvYLa8MTugTs4fkPJGDqhActBk/7SP1SImj+rfalNSqA2/dx6y
 2RnPCSzB1x2231KSj+B1NgGlR3Xb8P8zgh20ijcEU/hrlXBTZyi7K7f4SJR30Efu
 LYkkuj4VbxcV/25RozR0fmknqCs0QyAI+/dql6TNtbTSPC/jAfj0jQ==
 =9kN3
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-5jan21' of git://git.denx.de/u-boot-dm into next

Driver model: make some udevice fields private
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
2021-01-05 22:34:43 -05:00
Tom Rini
720620e691 Prepare v2021.01-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAl/0YVIACgkQFHw5/5Y0
 tywtEwv/cJWlKgcSnYjuJrxwuJdauUTfXdbUgtCxOtBw/BP4dsKkbGTJPw5q5M+4
 LJJSKyksmJVTX26h1dpkzQjOpWtTDnWqm5CTIxD52oQD7pxK+zCQ9T6S+QbQD0Se
 ogHmZluzFoluxbNgo8tiO52xvMhDO3TVAzxsNDdGfkd5/tAXOHClPc34RmAkdRHU
 VsR89AKdT2q543fiUfrRZYDzdctaNWhRGXMDcJ4+QU/8hQhrpcr8EtHbF+3mWX4K
 pA01pDz150Rn4UI6S2xKEWrjSTHe55fxVj/Qj0rq9z2E/+NqGXemf5s13AR0G/z3
 PqHdVLHzDe64pbOvmyU1pVQ0aMb8vMJUnqx68SQZY3On2c+MjRWQ+7aVVaKOcPGp
 uatk6QMrggHp3Li+3yZrLBE0qPr/sNMVb7mUesdZb6lFd2VIs8siwhfeGXMS+nDI
 xePzsR43Fnn5Q5KIqqvcWUb+TTTqUDUff0wyAU8NBgCaIBIZK8h2ppS1jjnbms0I
 mr8Er2vb
 =Dfum
 -----END PGP SIGNATURE-----

Merge tag 'v2021.01-rc5' into next

Prepare v2021.01-rc5

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-01-05 16:20:26 -05:00
Simon Glass
6d1a8ebefb timer: Use a shorter error in TPL
This error should not happen in normal use. Reduce the length of it to
save space in the image.

Add an empty spl.h file to sh since it appears to lack this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-05 12:24:40 -07:00
Simon Glass
0fd3d91152 dm: Use access methods for dev/uclass private data
Most drivers use these access methods but a few do not. Update them.

In some cases the access is not permitted, so mark those with a FIXME tag
for the maintainer to check.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
2021-01-05 12:24:40 -07:00
Simon Glass
d30c7209df serial: Update NS16550_t and struct NS16550
Typedefs should not be used in U-Boot and structs should be lower case.
Update the code to use struct ns16550 consistently.

Put a header guard on the file while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-01-05 12:24:40 -07:00
Sughosh Ganu
88a2ef2720 efi_loader: Enable uefi capsule authentication
Add support for enabling uefi capsule authentication. This feature is
enabled by setting the environment variable
"capsule_authentication_enabled".

The following configs are needed for enabling uefi capsule update and
capsule authentication features on the platform.

CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Sughosh Ganu
04be98bd6b efi: capsule: Add support for uefi capsule authentication
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.

The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Sughosh Ganu
b4f20a5d83 efi_loader: Re-factor code to build the signature store from efi signature list
The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Sughosh Ganu
201b8068f3 efi_loader: Make the pkcs7 header parsing function an extern
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Sughosh Ganu
675b62e12f efi_loader: Add logic to parse EDKII specific fmp payload header
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Sughosh Ganu
4366a2440a crypto: Fix the logic to calculate hash with authattributes set
RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.

Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
Heinrich Schuchardt
b7d186f071 efi_loader: event queueing
When a new event is queued we have to process the event queue by calling
efi_process_event_queue(). But there is not reason to call the function
when the event is not queueable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:32 +01:00
Ilias Apalodimas
fe179d7fb5 efi_loader: Add size checks to efi_create_indexed_name()
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.

So let's add an extra argument with the buffer size and check that
before doing any copying.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:23 +01:00
Ilias Apalodimas
47d2b3b9c9 efi_loader: Remove unconditional installation of file2 protocol for initrd
Up to now we install the EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader only falls back to the cmdline interpreted initrd if the
protocol is not installed.

This creates a problem for EFI installers, since they won't be able to
load their own initrd and start the installation.

A following patch introduces a different logic where we search for an
initrd path defined in an EFI variable named 'Initrd####'.
If the bootmgr is used to launch the EFI payload, we'll will try to match
the BootCurrent value and find the corresponding initrd
(i.e Boot0000 -> Initrd0000 etc). If the file is found, we'll install
the required protocol which the kernel's efi-stub can use and load our
initrd.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:22 +01:00
Ilias Apalodimas
0c44452832 efi_loader: Remove unused headers from efi_load_initrd.c
dm.h and env.h serve no purpose here. Remove them and sort the
remaining in alphabetical order.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:22 +01:00
Heinrich Schuchardt
f8212f0970 efi_loader: use after free in efi_exit()
Do not use data from the loaded image object after deleting it.

Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:07 +01:00
Heinrich Schuchardt
2a0f80f058 efi_loader: efi_signal_event() fix comment typos
Add missing commas.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:07 +01:00
Heinrich Schuchardt
2a68cd492e efi_loader: avoid invalid free
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().

Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:07 +01:00
Heinrich Schuchardt
97d36f069d efi_loader: escape key handling
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.

Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:07 +01:00
Heinrich Schuchardt
db6288de85 efi_loader: missing parentheses after if
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:33:07 +01:00
Ilias Apalodimas
ffa375e6e5 efi_loader: Extra checks while opening an OPTEE session
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31 14:27:56 +01:00
Heinrich Schuchardt
c0c21d67f0 efi_loader: make variable store size customizable
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.

Make the size of the memory buffer for UEFI variables customizable.

Reported-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-31 14:27:41 +01:00
Heinrich Schuchardt
be48b0f453 efi_loader: use after free in efi_exit()
Do not use data from the loaded image object after deleting it.

Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-29 02:09:04 +01:00
Heinrich Schuchardt
34dc4a9ec9 efi_loader: efi_signal_event() fix comment typos
Add missing commas.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-29 02:09:04 +01:00
Heinrich Schuchardt
e434311dba efi_loader: avoid invalid free
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().

Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-29 02:09:04 +01:00
Heinrich Schuchardt
9abb01af74 efi_loader: escape key handling
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.

Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-29 02:09:04 +01:00
Heinrich Schuchardt
5f9b537531 efi_loader: missing parentheses after if
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-29 02:09:04 +01:00
Ilias Apalodimas
548fb67eef efi_loader: Extra checks while opening an OPTEE session
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-26 12:47:46 +01:00
Aswath Govindraju
c589132a1d fdt: Use phandle to distinguish DT nodes with same name
While assigning the sequence number to subsystem instances by reading the
aliases property, only DT nodes names are compared and not the complete
path. This causes a problem when there are two DT nodes with same name but
have different paths.

In arch/arm/dts/k3-am65-main.dtsi there are two USB controllers with the
same device tree node name but different path. When aliases are defined for
these USB controllers then fdtdec_get_alias_seq() fails to pick the correct
instance for a given index.

fdt_path_offset() function is slow and this would effect the U-Boot
startup. To avert the time penalty on all boards, apply this extra check
only when required by using a config option.

Fix it by comparing the phandles of DT nodes after the node names match,
under a config option.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix whitespace error in Kconfig:
Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-22 20:39:25 -07:00
Heinrich Schuchardt
9c54729c77 sandbox: implement runtime system reset
Implement a reset function that we can call after ExitBootServices(),
when all driver model devices are gone.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-12-22 20:39:25 -07:00
Heinrich Schuchardt
265ce19485 efi_loader: make variable store size customizable
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.

Make the size of the memory buffer for UEFI variables customizable.

Reported-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-20 17:40:06 +01:00
Simon Glass
d1e85308fe x86: Simplify acpi_device_infer_name()
There is no-longer any need to check if sequence numbers are valid, since
this is ensured by driver model. Drop the unwanted logic.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-18 20:32:21 -07:00
Simon Glass
8b85dfc675 dm: Avoid accessing seq directly
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.

The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-18 20:32:21 -07:00
Simon Glass
8a8d24bdf1 dm: treewide: Rename ..._platdata variables to just ..._plat
Try to maintain some consistency between these variables by using _plat as
a suffix for them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:09 -07:00
Simon Glass
c69cda25c9 dm: treewide: Rename dev_get_platdata() to dev_get_plat()
Rename this to be consistent with the change from 'platdata'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:09 -07:00
Simon Glass
caa4daa2ae dm: treewide: Rename 'platdata' variables to just 'plat'
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).

Rename some of the latter variables to end with 'plat' for consistency.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 16:51:08 -07:00
Simon Glass
41575d8e4c dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.

Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 08:00:25 -07:00
Heinrich Schuchardt
04cc7914f2 efi_selftest: implement exception test for sandbox
Provide a unit test that causes an illegal instruction to occur.

The test can be run with the following commands:

    => setenv efi_selftest exception
    => bootefi selftest

This might be the output:

    Executing 'exception'
    EFI application triggers exception.
    Illegal instruction
    pc = 0x1444d016, pc_reloc = 0xffffaa078e8dd016
    UEFI image [0x0000000000000000:0xffffffffffffffff] '/\selftest'
    UEFI image [0x000000001444b000:0x0000000014451fff] pc=0x2016 '/bug.efi'
    Resetting ...

It would tell us that the exception was triggered by an instruction
0x2016 bytes after the load address of the binary with filename /bug.efi.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-12-13 07:58:17 -07:00
Heinrich Schuchardt
264485131c efi_loader: link partition to block device
We provide a UEFI driver for block devices. When ConnectController() is
called for a handle with the EFI_BLOCK_IO_PROTOCOL this driver creates the
partitions. When DisconnectController() is called the handles for the
partitions have to be deleted. This requires that the child controllers
(partitions) open the EFI_BLOCK_IO_PROTOCOL of the controller (block IO
device) with attribute EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:33 +01:00
Heinrich Schuchardt
f9ad240e65 efi_loader: make efi_protocol_open() non-static
Provide efi_protocol_open() as library function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:33 +01:00
Heinrich Schuchardt
7f8e656338 efi_selftest: test EFI_LOAD_FILE_PROTOCOL
A unit test is supplied to test the support for the EFI_LOAD_FILE_PROTOCOL
and the EFI_LOAD_FILE2_PROTOCOL by the LoadImage() boot service.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:33 +01:00
Heinrich Schuchardt
6d78ca8360 efi_selftest: clean up Makefile
Bring all obj-y entries together.

Sort *.o targets.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:33 +01:00
Heinrich Schuchardt
3da0b28582 efi_loader: support EFI_LOAD_FILE_PROTOCOL
Support loading images via the EFI_LOAD_FILE_PROTOCOL and
EFI_LOAD_FILE2_PROTOCOL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
0e074d1239 efi_loader: carve out efi_load_image_from_file()
efi_load_image_from_file() should read via either of:

* EFI_SIMPLE_FILE_SYSTEM_PROTOCOL
* EFI_LOAD_FILE_PROTOCOL
* EFI_LOAD_FILE2_PROTOCOL

To make the code readable carve out a function to load the image via the
file system protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
c06c55b1f5 efi_loader: pass boot_policy to efi_load_image_from_path
Implementing support for loading images via the EFI_LOAD_FILE_PROTOCOL
requires the boot policy as input for efi_load_image_from_path().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
b6f11098c9 efi_loader: move EFI_LOAD_FILE2_PROTOCOL_GUID
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.

Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
0e9d2d7bc2 efi_loader: resequence functions in efi_boottime.c
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
861072b2a8 efi_loader: remove EFI_HII_CONFIG_ROUTING_PROTOCOL
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
470fa190f3 efi_loader: don't set EFI_RT_SUPPORTED_UPDATE_CAPSULE
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.

Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.

Fixes: 2bc27ca8a0 ("efi_loader: define UpdateCapsule api")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:15:32 +01:00
Heinrich Schuchardt
28cef9ca2e fs: fat: create correct short names
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:

* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A     ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
  concluding '\0'.

The solution for the following bug is split of into a separate patch:

* Short file names must be unique.

This patch only provides the loop over possible short file names.

Fixes: c30a15e590 ("FAT: Add FAT write feature")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10 09:14:58 +01:00
Simon Glass
96434a76fd env: Allow returning errors from hdelete_r()
At present this function returns 1 on success and 0 on failure. But in
the latter case it provides no indication of what went wrong.

If an attempt is made to delete a non-existent variable, the caller may
want to ignore this error. This happens when setting a non-existent
variable to "", for example.

Update the function to return 0 on success and a useful error code on
failure. Add a function comment too.

Make sure that env_set() does not return an error if it is deleting a
variable that doesn't exist. We could update env_set() to return useful
error numbers also, but that is beyond the scope of this change.

Signed-off-by: Simon Glass <sjg@chromium.org>

wip
2020-12-04 16:09:06 -05:00
AKASHI Takahiro
bb7e71d33c efi_loader: add firmware management protocol for raw image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a binary image in a capsule file and
apply the data using dfu backend storage drivers via dfu_write_by_alt()
interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
f27c201485 efi_loader: add firmware management protocol for FIT image
In this commit, a very simple firmware management protocol driver
is implemented. It will take a common FIT image firmware in a capsule
file and apply the data using dfu backend storage drivers via
update_fit() interface.

So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.

Fit image is a common file format for firmware update on U-Boot, and
this protocol works neatly just as a wrapper for one.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
8d99026f06 efi_loader: capsule: support firmware update
A capsule tagged with the guid, EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID,
is handled as a firmware update object.
What efi_update_capsule() basically does is to load any firmware management
protocol (or fmp) drivers contained in a capsule, find out an appropriate
fmp driver and then invoke its set_image() interface against each binary
in a capsule.
In this commit, however, loading drivers is not supported.

The result of applying a capsule is set to be stored in "CapsuleXXXX"
variable, but its implementation is deferred to a fmp driver.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
AKASHI Takahiro
c74cd8bd08 efi_loader: capsule: add capsule_on_disk support
Capsule data can be loaded into the system either via UpdateCapsule
runtime service or files on a file system (of boot device).
The latter case is called "capsules on disk", and actual updates will
take place at the next boot time.

In this commit, we will support capsule on disk mechanism.

Please note that U-Boot itself has no notion of "boot device" and
all the capsule files to be executed will be detected only if they
are located in a specific directory, \EFI\UpdateCapsule, on a device
that is identified as a boot device by "BootXXXX" variables.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:49 +01:00
AKASHI Takahiro
2bc27ca8a0 efi_loader: define UpdateCapsule api
In this commit, skeleton functions for capsule-related API's are
added under CONFIG_EFI_UPDATE_CAPSULE configuration.
Detailed implementation for a specific capsule type will be added
in the succeeding patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:49 +01:00
Ilias Apalodimas
c8d0fd5825 efi_loader: Introduce eventlog support for TCG2_PROTOCOL
In the previous patches we only introduced a minimal subset of the
EFI_TCG2_PROTOCOL protocol implementing GetCapability().
So let's continue adding features to it, introducing the
GetEventLog() and HashLogExtendEvent() functions.

In order to do that we first need to construct the eventlog in memory,
specifically in EFI_BOOT_SERVICES_DATA memory and a configuration table
from EFI_ACPI_MEMORY_NVS.
U-Boot won't currently add any events to the log or measure any
components, but will expose the necessary EFI APIs for applications
to do so.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-03 21:22:40 +01:00
Ilias Apalodimas
e926136bb2 tpm: use more than sha256 on pcr_extend
The current tpm2_pcr_extend is hardcoded using SHA256.
Let's make the actual command to the TPM2 configurable so we can support
a wider range of algorithms and keep the current command line as-is i.e
limited to SHA256 only

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-12-03 21:22:40 +01:00
Heinrich Schuchardt
fc364424ac efi_loader: replace printf by log in efi_uclass.c
Use logging functions instead of printf() and debug().

Change logging messages for uclass creation and destruction to log_debug().

Reported-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-12-03 21:22:30 +01:00
Michal Simek
a9e73d287b binman: Remove additional backslash
The origin patch didn't have this change and it was caused by manual
resolution where additional backslash was added.

Fixes: 6723b4c6ca ("binman: Call helper function binman_set_rom_offset() to fill offset")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-11-30 13:14:43 -07:00
Ilias Apalodimas
6974a4a373 charset: make u16_strnlen accessible at runtime
commit 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()")
introduces a check using u16_strnlen(). This code is used on EFI
runtime variables as well, so unless we mark it as runtime, the kernel
will crash trying to access it.

Fixes: 1fabfeef506c ("efi_loader: parameter check in GetNextVariableName()")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-29 05:18:37 +01:00
Heinrich Schuchardt
31cadc3635 efi_loader: enable EFI_SET_TIME on sandbox and QEMU ARM
Enable EFI_SET_TIME on the sandbox and QEMU ARM to ensure that we compile
and test the relevant code.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-29 05:18:37 +01:00
Heinrich Schuchardt
7e5875a856 efi_loader: parameter check in GetNextVariableName()
If GetNextVariableName() is called with a non-existing combination of
VariableName and VendorGuid, return EFI_INVALID_PARAMETER.

If GetNextVariableName() is called with a string that is not zero
terminated, return EFI_INVALID_PARAMETER.

Reformat a line over 80 characters.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-21 07:26:16 +01:00
Ilias Apalodimas
9aeb380277 efi_loader: tcg2 protocol updates
On pull reuqest
https://lists.denx.de/pipermail/u-boot/2020-November/432735.html
V4 of the patchset was sent instead of the v5.
This is the v4->v5 missing diff

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-11-21 07:26:16 +01:00
Heinrich Schuchardt
af69267c32 efi_selftest: provide unit test for the EFI_TCG2_PROTOCOL
Provide a minimal test for the EFI_TCG2_PROTOCOL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Ilias Apalodimas
c1c021052c efi_loader: Add basic EFI_TCG2_PROTOCOL support
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.

This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Heinrich Schuchardt
792aee1150 efi_loader: incorrect buffer size in efi_file_setinfo()
When copying a string with must allocate a byte for the terminating '\0' in
the target buffer.

Fixes: fbe4c7df00 ("efi_loader: enable file SetInfo()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Paulo Alcantara
337c97d935 efi_loader: Add missing newline to log_{err,warning}
Add missing newline to log messages in efi_rng_register() otherwise
something like below would be shown

	Scanning disk virtio-blk#31...
	Found 2 disks
	Missing RNG device for EFI_RNG_PROTOCOLNo EFI system partition

Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Heinrich Schuchardt
fccd3d9c42 efi_selftest: keep devices in ExitBootServices()
When calling ExitBootServices during out unit tests we should not detach
devices as we need console output for runtime tests.

Fixes: 529441ca89 ("efi_loader: Disable devices before handing over control")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14 05:05:46 +01:00
Ilias Apalodimas
a322f54f50 tpm: Change response length of tpm2_get_capability()
For implementing the EFI_TCG2_PROTOCOL we need the count field returned by
the TPM when reading capabilities via tpm2_get_capability().

Adjust the implementation of the 'tpm2 get_capability' command accordingly.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-09 17:28:18 +01:00
Heinrich Schuchardt
b1aa6fcf27 efi_selftest: add tool to download dtb
For validating the fixed up device tree we need a tool to need to save it
to a file.

dtbdump.efi copies the configuration table with the device tree to a file
on the same partition from which dtbdump.efi was invoked. The file name can
be entered on the console.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-09 17:28:17 +01:00
Heinrich Schuchardt
ab02c3fec4 efi_loader: non-volatile variable not deleted from file
When deleting a non-volatile variable it was deleted from memory but the
deletion was not persisted to the file system.

SetVariable() may be called with attributes == 0 to delete a variable. To
determine if the deletion shall be persisted we have to consider the
non-volatile flag in the attributes of the deleted variable and not the
value passed in the call parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-09 17:28:17 +01:00
Tom Rini
22ad69b798 patman status subcommand to collect tags from Patchwork
patman showing email replies from Patchwork
 sandbox poweroff command
 minor fixes in binman, tests
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl+kJL8RHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreaDpAf+MajyuxlmGmFTjpyiB026aWiYE4rAn4AE
 bXEDxHpOTIH4hDX7kYVWPmuKivHJo2hF0WUpIFBEAgtc2dOfjOP+mrDjBzG1Pikl
 z5yuilG7eHwC1kTIkPv/tPHwDWRBI5VNwTYq0VTtffMKr8LCBo96wEYEbeYK0xdQ
 kpNa9d4G+tpx20BCRgPLeOMk2pg5SVszkCCkmmPd12rO2zJ9+wWa8fwA759E93Rw
 RshoRCtLNo2nEA3uJVG2aN9n3eAdM/iupDVdBLg50SFKabUxt7OcvGOC8NzGdAmT
 9UbB8scvQJyI/kylGT+ghH3o2RqQGvuIRXmDyETckdkpiqK0SQvysg==
 =eOGz
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull5nov20' of git://git.denx.de/u-boot-dm

patman status subcommand to collect tags from Patchwork
patman showing email replies from Patchwork
sandbox poweroff command
minor fixes in binman, tests
2020-11-06 11:27:14 -05:00
Simon Glass
e4f8e543f1 smbios: Drop the unused Kconfig options
Now that we can use devicetree to specify this information, drop the old
CONFIG options.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:26:32 +08:00
Simon Glass
44c74bdd58 sysinfo: Provide a default driver to set SMBIOS values
Some boards want to specify the manufacturer or product name but do not
need to have their own sysinfo driver.

Add a default driver which provides a way to specify this SMBIOS
information in the devicetree, without needing any board-specific
functionality.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:18:20 +08:00
Simon Glass
a3f5c8ea69 smbios: Add more properties
The current tables only support a subset of the available fields defined
by the SMBIOS spec. Add a few more.

We could use CONFIG_SYS_CPU or CONFIG_SYS_SOC as a default for family, but
the meaning of that value relates more to the whole system rather than
just the SoC.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:18:20 +08:00
Simon Glass
44ffb6f0ec smbios: Allow properties to come from the device tree
Support a way to put SMBIOS properties in the device tree. These can be
placed in a 'board' device in an 'smbios' subnode.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:18:20 +08:00
Simon Glass
78227d4eda x86: Pass an ofnode into each SMBIOS function
As a first step to obtaining SMBIOS information from the devicetree, add
an ofnode parameter to the writing functions.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:18:20 +08:00
Simon Glass
be1cee11b2 acpi: Correct reset handling in acpi_device_add_power_res()
If there is no reset line, this still emits ACPI code for the reset GPIO.
Fix it by updating the check.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 09:51:30 +08:00
Simon Glass
d2cb7a22da x86: Allow putting some tables in the bloblist
At present all tables are placed starting at address f0000 in memory, and
can be up to 64KB in size. If the tables are very large, this may not
provide enough space.

Also if the tables point to other tables (such as console log or a ramoops
area) then we must allocate other memory anyway.

The bloblist is a nice place to put these tables since it is contiguous,
which makes it easy to reserve this memory for linux using the 820 tables.

Add an option to put some of the tables in the bloblist. For SMBIOS and
ACPI, create suitable pointers from the f0000 region to the new location
of the tables.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: squashed in http://patchwork.ozlabs.org/project/uboot/patch/
 20201105062407.1.I8091ad931cbbb5e3b6f6ababdf3f8d5db0d17bb9@changeid/]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 09:51:28 +08:00
Michal Simek
6723b4c6ca binman: Call helper function binman_set_rom_offset() to fill offset
There is prepared function for filing rom_offset. That's why use it instead
of copying content of it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-11-05 09:11:31 -07:00
Christian Gmeiner
415eab0655 smbios: add parsing API
Add a very simple API to be able to access SMBIOS strings
like vendor, model and bios version.

Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-05 14:58:45 +08:00
Tom Rini
41cab8edbc Pull request for UEFI sub-system for efi-2021-01-rc2 (2)
The series contains the following enhancements
 
 * preparatory patches for UEFI capsule updates
 * initialization of the emulated RTC using an environment variable
 
 and a bug fix
 
 * If DisconnectController() is called for a child controller that is the
   only child of the driver, the driver must be disconnected.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl+e1WUACgkQxIHbvCwF
 GsRHhQ//X/hQiow1/3YwskyZkC89QPLE+TDeGcRHdy7W2rjfJlOBJtsI1tzvsTWw
 8etgIuoh1MKebJZZQk/ZxKdWOaN3RWP7wL/9c6PHpkkML+WzyLWShf5UgLMWeo3w
 a7t0LW4kfxbzmhg/f4x0Gi3qUh0SiS6T8Q5X/SlJOX091IvCmCOTkGUT6dBogm78
 WnISQvgP3uApOt2s66hVVtFaH4zbXDYwDnQhhUoonRF1AfuE3jTyr39IoNsCdPOx
 vEbTqNKQQnt4yIIaPJlV+KX//jtCCnyLBPrZA1tI2QPyBjADmNcau2OjlBZyJpr0
 1awgSueXgBtMCAp6bHMl9p3eSKYv2f0BvPGljgKrs9dfIZk+XN0w62VuSYwRi7TU
 ZEppINMisM1hC9+7jKNGn0nE9y3UldBSNThWxk8ykpWL+Btv5KeArHK4+916nadQ
 a7t+6Ow7hiVI1Y/3TWaLvCi7xfqsU87QH6dx0nozgBUotuujIqa5lAeSGR9Rc6N2
 PSblEGf8AA8+oGAdBhNvDncHiRLWkUoBqFsaaAk4EiaHQk60InZ9CpQdeMqHErcx
 uLL9JcOCZeStcWF+vWmyU2L49O88HRHvboM7zA+gqLIUilwgKxmlOocoq+0jtA4l
 Bg72F3cI7+g+aTidskEOGo2v2cj0dh32ub5CqRHLdt3PUzP6qhs=
 =mCEL
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-01-rc2-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2021-01-rc2 (2)

The series contains the following enhancements

* preparatory patches for UEFI capsule updates
* initialization of the emulated RTC using an environment variable

and a bug fix

* If DisconnectController() is called for a child controller that is the
  only child of the driver, the driver must be disconnected.
2020-11-01 10:56:37 -05:00
Tom Rini
63d4607e03 of-platdata and dtoc improvements
sandbox SPL tests
 binman support for compressed sections
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl+cXssRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreaYuAgAjG05oxt8a4DXhdzGuXBCbehZv2T7X5Lg
 2+i9uwyg3MkKWp0Spm2J+0flWs+1Bynw335hgNVgq+bh29sajOQz2BtgfDKFY+Aw
 D+D16YBEiEuIbIXLzSsv+ct1va83A3JmlxxoaJ7+ZvoN/5Z3ZvJIZ7F4AzmwlAFT
 5pOFgDEfVM4MYFU4R2wZAaJMnYKQrqR5Tvrxecc6OkhvWIgq7j3elE4xOuh2hL/L
 Bz/KM+4Eq+EUALG+quyEzd+gDKoPY2rNOojxS/lg7PRsN6S8engwE+LkcAkMaNG3
 uDVrTYsA8lCJJwso0in25fUy8sEYWaCSVr/82xfRJMWksPajubem7w==
 =9u1O
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-30oct20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm

of-platdata and dtoc improvements
sandbox SPL tests
binman support for compressed sections
2020-10-30 15:24:30 -04:00
Sean Anderson
72eda5074b lib: Add getopt
Some commands can get very unweildy if they have too many positional
arguments. Adding options makes them easier to read, remember, and
understand.

This implementation of getopt has been taken from barebox, which has had
option support for quite a while. I have made a few modifications to their
version, such as the removal of opterr in favor of a separate getopt_silent
function. In addition, I have moved all global variables into struct
getopt_context.

The getopt from barebox also re-orders the arguments passed to it so that
non-options are placed last. This allows users to specify options anywhere.
For example, `ls -l foo/ -R` would be re-ordered to `ls -l -R foo/` as
getopt parsed the options. However, this feature conflicts with the const
argv in cmd_tbl->cmd. This was originally added in 54841ab50c ("Make sure
that argv[] argument pointers are not modified."). The reason stated in
that commit is that hush requires argv to stay unmodified. Has this
situation changed? Barebox also uses hush, and does not have this problem.
Perhaps we could use their fix?

I have assigned maintenance of getopt to Simon Glass, as it is currently
only used by the log command. I would also be fine maintaining it.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2020-10-30 10:56:11 -04:00
AKASHI Takahiro
077153e085 efi_loader: add efi_create_indexed_name()
This function will be used from several places in UEFI subsystem
to generate some specific form of utf-16 variable name.
For example, L"Capsule0001"

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Move function to separate module.
Use char * as argument instead of u16 *.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30 14:27:43 +01:00
AKASHI Takahiro
c57c943954 efi_loader: add option to initialise EFI subsystem early
If this option, CONFIG_EFI_SETUP_EARLY, is enabled, the initialisation
of UEFI subsystem will be done as part of U-Boot initialisation.

Please note that this option won't be enabled explicitly by users,
instead, should be enabled implicitly by other configuration options.

Specifically, this feature will be utilised in implementing capsule-on-disk
feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30 14:20:27 +01:00
Heinrich Schuchardt
314bed6c85 efi_loader: fix DisconnectController() for sole child
If ChildHandle indicates the sole child of the driver, disconnect the
driver.

This fixes the test results for UEFI SCT 2.6 A
sub-tests 5.1.3.12.43, 5.1.3.12.44, 5.1.3.12.45.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30 14:20:26 +01:00
Simon Glass
83187546ae binman: Support multiple images in the library
Add support for multiple images, since these are used on x86 now. Select
the first image for now, since that is generally the correct one. At some
point we can add a way to determine which image is currently running.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-29 14:42:17 -06:00
Simon Glass
f4f4123708 binman: Add a way to read the ROM offset
Provide a function to read the ROM offset so that we can store the value
in one place and clients don't need to store it themselves after calling
binman_set_rom_offset().

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-10-29 14:42:17 -06:00
Tom Rini
47754334b1 Xilinx changes for v2021.01-v2
common:
 - Add support for 64bit loadables from SPL
 
 xilinx:
 - Update documentation and record ownership
 - Enable eeprom board detection based legacy and fru formats
 - Add support for FRU format
 
 microblaze:
 - Optimize low level ASM code
 - Enable SPI/I2C
 - Enable distro boot
 
 zynq:
 - Add support for Zturn V5
 
 zynqmp:
 - Improve silicon detection code
 - Enable several kconfig options
 - Align DT with the latest state
 - Enabling security commands
 - Enable and support FPGA loading from SPL
 - Optimize xilinx_pm_request() calling
 
 versal:
 - Some DTs/Kconfig/defconfig alignments
 - Add binding header for clock and power
 
 zynq-sdhci:
 - Add support for tap delay programming
 
 zynq-spi/zynq-qspi:
 - Use clock framework for getting clocks
 
 xilinx-spi:
 - Fix some code issues (unused variables)
 
 serial:
 - Check return value from clock functions in pl01x
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCX5rH/QAKCRDKSWXLKUoM
 IRPAAJ9SvHR3w1qTc5W+Q5CWBUH5wJbNYQCaA4PpqZCdvyu1+nF5luL6JHhbDgw=
 =hOd7
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2021.01-v2' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze

Xilinx changes for v2021.01-v2

common:
- Add support for 64bit loadables from SPL

xilinx:
- Update documentation and record ownership
- Enable eeprom board detection based legacy and fru formats
- Add support for FRU format

microblaze:
- Optimize low level ASM code
- Enable SPI/I2C
- Enable distro boot

zynq:
- Add support for Zturn V5

zynqmp:
- Improve silicon detection code
- Enable several kconfig options
- Align DT with the latest state
- Enabling security commands
- Enable and support FPGA loading from SPL
- Optimize xilinx_pm_request() calling

versal:
- Some DTs/Kconfig/defconfig alignments
- Add binding header for clock and power

zynq-sdhci:
- Add support for tap delay programming

zynq-spi/zynq-qspi:
- Use clock framework for getting clocks

xilinx-spi:
- Fix some code issues (unused variables)

serial:
- Check return value from clock functions in pl01x
2020-10-29 11:30:15 -04:00
Heinrich Schuchardt
0eae552d18 efi_loader: daylight saving time
Adjust the SetTime() and GetTime() runtime services to correctly convert
the daylight saving time information when communicating with the RTC.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:16 +01:00
Ilias Apalodimas
529441ca89 efi_loader: Disable devices before handing over control
U-Boot Driver Model is supposed to remove devices with either
DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting.
Our bootm command does that by explicitly calling calling
"dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any
USB devices.

The EFI equivalent is doing none of those at the moment. As a result
probing an fTPM driver now renders it unusable in Linux. During our
(*probe) callback we open a session with OP-TEE, which is supposed to
close with our (*remove) callback. Since the (*remove) is never called,
once we boot into Linux and try to probe the device again we are getting
a busy error response. Moreover all uclass (*preremove) functions won't
run.

So let's fix this by mimicking what bootm does and disconnect devices
when efi_exit_boot_services() is called.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:16 +01:00
Ilias Apalodimas
19763ea0d2 efi_loader: Sort header file ordering
Order header files according to https://www.denx.de/wiki/U-Boot/CodingStyle

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:15 +01:00
Heinrich Schuchardt
d3d6afae3c trace: conserve gd register on RISC-V
An UEFI application may change the value of the register that gd lives in.
But some of our functions like get_ticks() access this register. So we
have to set the gd register to the U-Boot value when entering a trace
point and set it back to the application value when exiting the trace
point.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:15 +01:00
Michal Simek
c2a2c83278 xilinx: zynq: Change types from u32 to uint32_t
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
                 from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                  ^~~
                  __u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                               ^~~
                               __u32

Fixes: 37e3a36a54 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2020-10-27 08:13:33 +01:00
Heinrich Schuchardt
dcf16721c1 lib: print_freq() should output kHz not KHz
In the International System of Units (SI) the prefix kilo is abbreviated as
'k' not 'K'. 'K' is the symbol for Kelvin.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-10-22 09:54:54 -04:00
Heinrich Schuchardt
c670aeee3d common: rename getc() to getchar()
The sandbox is built with the SDL2 library with invokes the X11 library
which in turn calls getc(). But getc() in glibc is defined as

    int getc(FILE *)

This does not match our definition.

    int getc(void)

The sandbox crashes when called with parameter -l.

Rename our library symbol getc() to getchar().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-22 09:54:53 -04:00
Patrick Wildt
42f804fbba efi_loader: fix use after free in receive path
With DM enabled the ethernet code will receive a packet, call
the push method that's set by the EFI network implementation
and then free the packet.  Unfortunately the push methods only
sets a flag that the packet needs to be handled, but the code
that provides the packet to an EFI application runs after the
packet has already been freed.

To rectify this issue, adjust the push method to accept the packet
and store it in a temporary buffer.  The EFI application then gets
the data copied from that buffer.  This way the packet is cached
until is is needed.

The DM Ethernet stack tries to receive 32 packets at once, thus
we better allocate as many buffers as the stack.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-19 22:59:53 +02:00
Sean Anderson
4b2be78ab6 time: Fix get_ticks being non-monotonic
get_ticks does not always succeed. Sometimes it can be called before the
timer has been initialized. If it does, it returns a negative errno.
This causes the timer to appear non-monotonic, because the value will
become much smaller after the timer is initialized.

No users of get_ticks which I checked handle errors of this kind. Further,
functions like tick_to_time mangle the result of get_ticks, making it very
unlikely that one could check for an error without suggesting a patch such
as this one.

This patch panics if we ever get an error. There are two cases in which
this can occur. The first is if we couldn't find/probe the timer for some
reason. One reason for this is if the timer is not available so early. This
likely indicates misconfiguration. Another reason is that the timer has an
invalid/missing device tree binding. In this case, panicing is also
correct. The second case covers errors calling get_count. This can only
occur if the timer is missing a get_count function (or on RISC-V, but that
should be fixed soon).

Fixes: c8a7ba9e6a
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-14 11:16:34 -04:00
Heinrich Schuchardt
ec71cc34c1 lib: rsa: superfluous initialization in rsa_verify()
Remove initialization of ret with unused value.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:38 -04:00
Rasmus Villemoes
3f8808ebaa rsa: fix retrieving public exponent on big-endian systems
Commit fdf0819afb (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.

However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.

To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].

Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:38 -04:00
Matthieu CASTET
167fb1f8dc lib: rsa: check algo match in rsa_verify_with_keynode
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.

If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
2020-10-12 21:30:38 -04:00
Philippe Reynes
a6982a6f76 fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-10-12 21:30:37 -04:00
Heinrich Schuchardt
34ca77c1e1 lib/hashtable: remove superfluous check
We assign first_deleted = 0. There is no need to check its value without
any further assignment in between.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:37 -04:00
Simon Glass
26637e2e4c lib: Allow hexdump to be used in SPL
It is sometimes useful to output hex dumps in SPL. Add a config option to
allow this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-10-10 16:49:58 -04:00
Tom Rini
42378e3cd2 bloblist enhancement for alignment
Update ofnode/dev_read phandle function
 sandbox keyboard enhancements and fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQHFBAABCAAvFiEE1//at7WoVCu4umzW8Cm2NFgI+6QFAl98qrQRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQ8Cm2NFgI+6Tm5QwAnofBrQ5Y2lwJCUnaratH/J0p5aDXMu37
 SMshRdY4cQPNT1nBFf0fA8UYwTScUla48tPfMO/IxnoMwizxNRZQOH56vcm6w6ie
 73uWlOAl7paw0UGpLYnkuwGC3CoCT7wynTMy0Ap4994alq2pcTK75ra9ODLPn/Sh
 Qg4R4I1VoWbTJT4ZFYcjdMg1+B2hDPd+gVLjjGmOwazncG7aMmpYKJOcscZCuqv8
 Utg30XUxWMxclVPuzXAfREjx+Hhy0AG44ZYv3T44JaOtIAHU4Va/rzqrJRe+pR9V
 YwgjCQhAOuGRswqNJDeg5K8o64jW3vAVULG1HrOZ3gu19ZCmseAH4bNHgiy2SBMz
 CtVtapU+uXjktME2G0vX86Ip8kpxi07p1WeP83TmDFqiGnfEZxn5WH7bYc4l7KSf
 mfWhmrrY5K2ogN5iN8ahc7fGBdHziD+h/Blwn03LgTFHF8f6jxVNJlvjYiya97HN
 1LPk4NNYgPQI3mObL5szQ8FKJ69zSCFk
 =ZqpG
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-6oct20' of git://git.denx.de/u-boot-dm

bloblist enhancement for alignment
Update ofnode/dev_read phandle function
sandbox keyboard enhancements and fixes
2020-10-06 13:59:01 -04:00
Patrick Delaunay
cba487c7fc fdtdec: correct test on return of fdt_node_offset_by_phandle
The result of fdt_node_offset_by_phandle is negative for error,
so this patch corrects the check of this result in
fdtdec_parse_phandle_with_args.

This patch allows to have the same behavior with or without OF_LIVE
for the function dev_read_phandle_with_args with cell_name = NULL and
with invalid phandle.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-06 09:07:54 -06:00
Heinrich Schuchardt
4b71f6dc4e efi_loader: QEMU CONFIG_EFI_GRUB_ARM32_WORKAROUND=n
CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.

Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Sean Anderson
493a37fe86 efi: Fix typo in documentation
There is an extra space.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
eb0d1d8399 efi_selftest: avoid unnecessary reset
When we do not execute a test requiring ExitBootServices do not reset the
system after testing.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
dc374ab08f efi_selftest: print CRC32 of initrd as hexadecimal
Print the CRC32 loaded via the EFI_LOAD_FILE2_PROTOCOL as a hexadecimal
number.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
9487683821 efi_selftest: enable printing hexadecimal numbers
Add code to use %x in efi_st_print().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
e2aff337ed efi_loader: illegal free in EFI_LOAD_FILE2_PROTOCOL
strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
5cd28e1760 efi_loader: description EFI_LOAD_FILE2_PROTOCOL
U-Boot offers a EFI_LOAD_FILE2_PROTOCOL which the Linux EFI stub can use to
load an initial RAM disk. Update the function comments of the
implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Tom Rini
b7e7831e5d Merge branch 'next'
Bring in the assorted changes that have been staged in the 'next' branch
prior to release.

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-10-05 14:10:59 -04:00
Heinrich Schuchardt
b59c13d42f efi_loader: installation of EFI_RNG_PROTOCOL
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.

Only install the EFI_RNG_PROTOCOL if we have a RNG device.

Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-27 16:10:45 +02:00
Simon Glass
9c6aaf1347 acpi: Use I2cSerialBusV2() instead of I2cSerialBus()
Use the correct name of the ACPI structure being created.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:26 +08:00
Simon Glass
350c7f52b9 acpi: Add more support for generating processor tables
This adds tables relating to P-States and C-States.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:18 +08:00
Simon Glass
15403289e5 acpi: Add support for generating processor tables
ACPI has a number of CPU-related tables. Add utility functions to write
out the basic packages.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:17 +08:00
Simon Glass
f37979e7b7 x86: acpi: Support generation of the DBG2 table
Add an implementation of the DBG2 (Debug Port Table 2) ACPI table.
Adjust one of the header includes to be in the correct order, before
adding more.

Note that the DBG2 table is generic but the PCI UART is x86-specific at
present since it assumes an ns16550 UART. It can be generalised later
if necessary.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:17 +08:00
Simon Glass
23dd0ea4c7 dm: acpi: Use correct GPIO polarity type in acpi_dp_add_gpio()
This function currently accepts the IRQ-polarity type. Fix it to use the
GPIO type instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:14 +08:00
Simon Glass
88490e1979 acpi: Support generating a multi-function _DSM for devices
Add a function to generate ACPI code for a _DSM method for a device.
This includes functions for starting and ending each part of the _DSM.

Signed-off-by: Simon Glass <sjg@chromium.org>
[bmeng: fix the "new blank line at EOF" git warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-09-25 11:27:14 +08:00
Simon Glass
da7cff338f acpi: Add support for conditions and return values
Add functions to support generating ACPI code for condition checks and
return values.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:14 +08:00
Simon Glass
e0a896b88f acpi: Add support for writing a _PRW
A 'Power Resource for Wake' list the resources a device depends on for
wake. Add a function to generate this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:13 +08:00
Etienne Carriere
3e15c315f9 optee: add property no-map to secure reserved memory
OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
2020-09-22 12:54:13 -06:00
Etienne Carriere
ccaa5747bd fdtdec: optionally add property no-map to created reserved memory node
Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.

Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.

No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-09-22 12:54:13 -06:00
Tom Rini
751b18b8a1 Merge branch 'master' into next
Merge in v2020.10-rc5
2020-09-21 14:25:37 -04:00
Heinrich Schuchardt
52a8481827 efi_selftest: check for RISC-V boot-hartid in FDT
On RISC-V check that the /chosen node has a boot-hartid property.

To run the test configure with CONFIG_CMD_BOOTEFI_SELFTEST=y and issue

    setenv efi_selftest device tree
    setenv serial# myserial
    bootefi selftest

If the test succeeds, it reports the boot-hartid, e.g.

    boot-hartid: 1

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Heinrich Schuchardt
18161a8a4e efi_selftest: rework device tree test
Allow specifying the node on which a property is searched.
Test the device tree consistency more rigorously.
Some efi_st_printf() calls have been converted to efi_st_error().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Maxim Uvarov
ffbeafe7e2 efi_memory: refine overlap_only_ram description
Refine text for overlap_only_ram description to
match to what exactly flag does and aling description
with other functions.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Marek Vasut
81d0cef3b2 lib: fdt: Fix fdtdec_setup_mem..() conversion to livetree API
Repair incorrectly negated condition in the original patch which broke
DT memory node parsing on everything which has more than one DT memory
node, e.g. R-Car3.

In case multiple valid memory nodes are present in the DT, the original
patch would complete parsing cycle for the first memory node, then move
on to the next one, identify it as a valid, and end the parsing. The fix
is to invert the condition, to make the code behave as it did before the
livetree conversion, so it would continue parsing the subsequent memory
nodes as well.

Fixes: c2f0950c33 ("lib: fdt: Convert fdtdes_setup_mem..() to livetree API")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Tested-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
2020-09-16 16:54:00 -04:00
Heinrich Schuchardt
5bf12a7859 efi_selftest: restore gd before do_reset()
Before calling do_reset() in the EFI selftest we must restore the global
data pointer.

Fixes: fa63753f86 ("efi_selftest: substitute ResetSystem() by do_reset()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Heinrich Schuchardt
d68d7f47a9 efi_loader: save global data pointer on RISC-V
On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Heinrich Schuchardt
e5a31376ac efi_loader: efi_var_mem_notify_exit_boot_services
efi_var_mem_notify_exit_boot_services() is invoked when ExitBootServices()
is called by the UEFI payload.

efi_var_mem_notify_exit_boot_services() should not be defined as
__efi_runtime as it is invoking EFI_ENTRY() and EFI_EXIT() which themselves
are not __efi_runtime.

Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Fixes: e01aed47d6 ("efi_loader: Enable run-time variable support for tee based variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-09-14 23:28:52 +02:00
Robert Reither
8479333ce7 rsa: crash in br_i32_decode() called from rsa_gen_key_prop()
Fixes problem for unaligned 32bit big-endian access in
lib/rsa/rsa-keyprop.c.

Exchanges br_i32_decode() with get_unaligned_be32().

This will keep the unaligned access for architectures capable and will do
some byte-shift magic for the not so capable ones.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-by: Robert Reither <robert.reither@external.thalesgroup.com>
Remove unused include.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Tom Rini
314b9b4a38 Merge branch 'remove-config-nr-dram-banks-v9-2020-08-26' of https://gitlab.denx.de/u-boot/custodians/u-boot-marvell into next 2020-09-07 14:31:00 -04:00
Heinrich Schuchardt
d2a885720b efi_selftest: simplify Makefile
CONFIG_EFI_LOADER cannot be selected for ARMv7-M CPUs. So don't check it in
the Makefile.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
578d7cc8fa efi_loader: remove duplicate image size check
The image size is checked in efi_load_pe(). Avoid checking it twice.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
0f7878b853 efi_loader: error message if image not authenticated
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.

Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
24586059d3 efi_loader: log function in image loader
Use log_err() for error messages.
Replace debug() by EFI_PRINT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
de95930946 lib/rsa: correct check after allocation in fdt_add_bignum()
After allocating to pointer ctx we should check that pointer and not
another pointer already checked above.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-27 11:26:58 -04:00
Stefan Roese
dfaf6a5797 CONFIG_NR_DRAM_BANKS: Remove unreferenced code as its always defined
Since commit 86cf1c8285 ("configs: Migrate CONFIG_NR_DRAM_BANKS") &
commit 999a772d9f ("Kconfig: Migrate CONFIG_NR_DRAM_BANKS"),
CONFIG_NR_DRAM_BANKS is always defined with a value (4 is default).
It makes no sense to still carry code that is guarded with
"#ifndef CONFIG_NR_DRAM_BANKS" (and similar). This patch removes
all these unreferenced code paths.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-08-26 09:19:16 +02:00
Tom Rini
9f9ecd3e4d Merge https://gitlab.denx.de/u-boot/custodians/u-boot-marvell
- Add basic Marvell/Cavium OcteonTX/TX2 support (Suneel)
- Infrastructure changes to PCI uclass to support these SoC's (Suneel)
- Add PCI, MMC & watchdog driver drivers for OcteonTX/TX2 (Suneel)
- Increase CONFIG_SYS_MALLOC_F_LEN for qemu-x86 (Stefan)
2020-08-25 13:38:29 -04:00
Tom Rini
8ee3a24fdc Merge branch '2020-08-24-misc-improvements'
- Squashfs compression support
- Coverity fixes
- XEN guest updates
- Finish previous MediaTek updates
- Arm Total Compute platform support
2020-08-25 08:12:05 -04:00
Suneel Garapati
1db7ee464f fdtdec: Add API to read pci bus-range property
Add fdtdec_get_pci_bus_range to read bus-range property
values.

Signed-off-by: Suneel Garapati <sgarapati@marvell.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-25 05:41:09 +02:00
Anastasiia Lukianenko
3337b29144 xen: Code style conformity
Cleaning up the following:

ERROR: do not use assignment in if condition
#281: FILE: drivers/xen/pvblock.c:260:
+       if ((err = xenbus_switch_state(XBT_NIL, nodename,
CHECK:COMPARISON_TO_NULL: Comparison to NULL could be written "err"
#52: FILE: drivers/xen/pvblock.c:298:
+       if (err != NULL) {
ERROR: do not use assignment in if condition
#176: FILE: drivers/xen/gnttab.c:103:
+               if ((flags = nflags) & (GTF_reading | GTF_writing)) {
WARNING: Missing or malformed SPDX-License-Identifier tag in line 1
#329: FILE: include/xen/gnttab.h:1:
+/*
WARNING: Misplaced SPDX-License-Identifier tag - use line 1 instead
#330: FILE: include/xen/gnttab.h:2:
+ * SPDX-License-Identifier: GPL-2.0
ERROR: do not use assignment in if condition
#630: FILE: lib/sscanf.c:558:
+                               if ((n = inr) < width) {

Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-24 14:11:31 -04:00
Heinrich Schuchardt
15d8f008dc efi_loader: validate device path length in boot manager
Bootxxxx variables are provided by the user and therefore cannot be
trusted. We have to validate them before usage.

A device path provided by a Bootxxxx variable must have an end node within
the indicated device path length.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
5cad4a3093 efi_loader: efi_dp_check_length()
We need to check that device paths provided via UEFI variables are not
malformed.

Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
fa63753f86 efi_selftest: substitute ResetSystem() by do_reset()
If ResetSystem() is not implemented at runtime, call do_reset() after
test completion.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
c06867d7f8 efi_selftest: add a test for ResetSystem()
The unit test will reset the system by calling the ResetSystem() runtime
service before or after ExitBootServices() according to the users choice
by setting environment variable efi_selftest to:

* 'reset system' or
* 'reset system runtime'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
f03a879d67 efi_loader: ResetSystem() should not hang
If ResetSystem() is not implemented at runtime, it should return instead
of hanging in an endless loop. This allows the operating system to reset
the system by other means as Linux does. It also matches what EDK II
suggests in comments for functions ResetShutdown() and ResetWarm() in
OvmfPkg/Library/ResetSystemLib/ResetSystemLib.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Michal Simek
c2f0950c33 lib: fdt: Convert fdtdes_setup_mem..() to livetree API
Convert fdtdec_setup_mem_size_base(), get_next_memory_node(),
fdtdec_setup_memory_banksize() and fdtdec_setup_mem_size_base_lowest() to
livetree API.

Tested on ZynqMP zcu104 board.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-20 09:49:20 +02:00
Michal Simek
7fce739665 lib: fdt: Introduce fdtdec_setup_mem_size_base_lowest()
New function should be called from board dram_init() because it initialized
gd->ram_base/ram_size. It finds the lowest available memory.

On systems with multiple memory nodes finding out the first memory node by
fdtdec_setup_mem_size_base() is not enough because this memory can be above
actual U-Boot VA mapping. Currently only mapping till 39bit is supported
(Full 44bit mapping was removed by commit 7985cdf74b ("arm64: Remove
non-full-va map code")).
If DT starts with the first memory node above 39bit address then system can
be unpredictable.

The function is available only when multiple memory bank support is
enabled.

Calling fdtdec_setup_memory_banksize() from dram_init() is not possible
because fdtdec_setup_memory_banksize() is saving dram information to bd
structure which is placed on stack but not initialized at this time. Also
stack is placed at location setup in dram_init().

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-20 09:49:20 +02:00
Tom Rini
789bfb5266 Pull request for UEFI sub-system for efi-2020-10-rc3 (2)
This series includes bug fixes for:
 
 * UEFI secure boot - images with multiple signatures
 * UEFI secure boot - support for intermediate certificates
 * corrections for UEFI unit tests
 * missing loadaddr on MAIX board
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl82zyEACgkQxIHbvCwF
 GsR8GQ/9FzCCfmhu2VhVI1cUKIT2B/FhAXbADAAhmBFk1SezhnKrsWUFFUbHeD+v
 c0+QKBldIARxpD40M68FNP7QVA35iaU2+Z5jBQ7r5ZUuTuZkxeFavtHRXlSCL02R
 rmdsKTtwPTRgve3IxEFJcxc4jpvAhNH+QLveK+PA+gUGjd2UoYWoGknJ4n8oe2rG
 uDX4em8Sy1LXrkJLCf5Ae8+M3FBOtsBAFif1tX5cWnH5kP3DbL9A5A5JHxlVJEQi
 SBC8NuJW+At89VlckEGpREt8itFMicdbLT/dSKDU3kh+l/h6zTbd9fGmoKLKXDdw
 O/qwC2kwsKg/jrfZwYOTzUIpRt3jhe+CwrEajVJY12jIQzAW4kvj2mo9AeBEydHO
 umFfbExGH8zwZgynrhhbjHdNxcGBahUGLoKLCkJI51I7EwCMCrN5rtUpUzxVybTE
 VJKyTqlyUSIZGU4AsQT3KflLGRGU/HNS2ariQWjEbKWcCC03Q7dXH1RQMUxTlqL3
 Owhqv/NI07WIvQZD3oWPkn3Z8tiQMzF370qO2gb/AwM7U0P3ggkcUxAs7mCIj5x6
 81PP65di4+zRzCyU1IHCILem7LHxGR6drGatbHspGBYAJrPduyM2cYAa0eXUOCvX
 Hz1GURhlVGwBdBAwaZ+g13/NtisrkRBQQYZO8jiEBqhnWoc3514=
 =0ZD1
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-10-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-10-rc3 (2)

This series includes bug fixes for:

* UEFI secure boot - images with multiple signatures
* UEFI secure boot - support for intermediate certificates
* corrections for UEFI unit tests
* missing loadaddr on MAIX board
2020-08-15 09:01:01 -04:00
Andrii Anisov
e87dfb0526 lib: sscanf: add sscanf implementation
Port sscanf implementation from mini-os and introduce new
Kconfig option to enable it: CONFIG_SSCANF. Disable by default.

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14 15:18:30 -04:00
AKASHI Takahiro
52956e535e efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 12:28:25 +02:00
AKASHI Takahiro
f68a6d5835 efi_loader: variable: fix secure state initialization
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.

This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.

This patch fixes the order of variable initialization and secure state
initialization.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 5f7dcf079d ("efi_loader: UEFI variable persistence")
2020-08-13 22:37:42 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
AKASHI Takahiro
0658bb29b0 efi_loader: variable: keep temporary buffer during the authentication
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.

A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().

So the buffer should be kept valid until the authentication process
is finished.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
0ad64007fe efi_loader: set load options in boot manager
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
1064d04920 efi_loader: factor out efi_set_load_options()
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
AKASHI Takahiro
dd92aad81c efi_loader: add copyright notice
Some amount of code was moved/derived from efi_variable.c regarding
UEFI secure boot, in particluar in the commit 012c56ac76 ("efi_loader:
restructure code for TEE variables").
So add the orignal author's copyright notice.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
9bdbc8ef98 lib/crypto: simplify public_key_verify_signature
The variable region is filled but never used. Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:12 +02:00
Joao Marcos Costa
81014f73f0 include/u-boot, lib/zlib: add sources for zlib decompression
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-07 22:31:32 -04:00
Tero Kristo
9996cea75f lmb/bdinfo: dump lmb info via bdinfo
Dump lmb status from the bdinfo command. This is useful for seeing the
reserved memory regions from the u-boot cmdline.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
2020-08-04 23:30:02 -04:00
Simon Glass
e1e10f29f9 efi: Tidy up header includes
Two files relies on efi_driver.h to include common.h and dm.h which is
incorrect. The former should always be included in a non-host C file and
the latter should be included if driver model is used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-08-03 22:19:54 -04:00
Heinrich Schuchardt
5c2227e495 efi_selftest: block device test requires CONFIG_DOS_PARTITION
Do not execute the block device test if CONFIG_DOS_PARTITION=n.

Imply CONFIG_DOS_PARTITION in Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:39 +02:00
Heinrich Schuchardt
a1077bf582 efi_selftest: SNP test depends on network
If CONFIG_NET=n, testing the simple network protocol makes no sense.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:39 +02:00
Heinrich Schuchardt
74b869bae7 efi_loader: use CONFIG_STACK_SIZE in the UEFI sub-system
The Kconfig symbol CONFIG_STACK_SIZE is used both by ARM and Microblaze
with the same meaning. Move it to menu 'General setup' so that we can use
it for all architectures.

Use the value of CONFIG_STACK_SIZE instead of a hard coded 16 MiB value for
reserving memory in the UEFI sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:23 +02:00
Ilias Apalodimas
e01aed47d6 efi_loader: Enable run-time variable support for tee based variables
We recently added functions for storing/restoring variables
from a file to a memory backed buffer marked as __efi_runtime_data
commit f1f990a8c9 ("efi_loader: memory buffer for variables")
commit 5f7dcf079d ("efi_loader: UEFI variable persistence")

Using the same idea we now can support GetVariable() and GetNextVariable()
on the OP-TEE based variables as well.

So let's re-arrange the code a bit and move the commmon code for
accessing variables out of efi_variable.c. Create common functions for
reading variables from memory that both implementations can use on
run-time. Then just use those functions in the run-time variants of the
OP-TEE based EFI variable implementation and initialize the memory
buffer on ExitBootServices()

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:57:41 +02:00
Ilias Apalodimas
db94dfbd52 efi_loader: Trim output buffer size correctly for tee variables
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Remove superfluous conversion to (u8 *) for memcpy argument.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:57:41 +02:00
Marek Vasut
d045cbacf2 env: Add support for explicit write access list
This option marks any U-Boot variable which does not have explicit 'w'
writeable flag set as read-only. This way the environment can be locked
down and only variables explicitly configured to be writeable can ever
be changed by either 'env import', 'env set' or loading user environment
from environment storage.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-31 10:13:00 -04:00
Marek Vasut
47f3b1f243 env: Add option to only ever append environment
Add configuration option which prevents the environment hash table to be
ever cleared and reloaded with different content. This is useful in case
the first environment loaded into the hash table contains e.g. sensitive
content which must not be dropped or reloaded.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-31 10:13:00 -04:00
Michal Simek
50c7b723bd Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"
This reverts commit 3ebe09d09a.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-25 14:46:57 -06:00
Michal Simek
62897c4344 Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"
This reverts commit 118f4d4559.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-25 14:46:57 -06:00
Tom Rini
7208396bbf Revert "Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm"
This reverts commit 5d3a21df66, reversing
changes made to 56d37f1c56.

Unfortunately this is causing CI failures:
https://travis-ci.org/github/trini/u-boot/jobs/711313649

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-24 08:42:06 -04:00
Tom Rini
5d3a21df66 binman support for FIT
new UCLASS_SOC
 patman switch 'test' command
 minor fdt fixes
 patman usability improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl8V+WQRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIrebNgAgAmgHHPakg1fkJT8xZkbPD53r21t5fkF7h
 JTLVU93BKfC+Zz2bbizCEkCl9L9bdHSaSzJY5rb07E24yV/zwDcIkRApCmkDjVHN
 EHOb0P36Ht9acowSd5kN66wd2z0Q/V+7lfEdB6Adtprh0vVaWIKYtLPxogpRv6k9
 l/CaGsBCwvupmPeHZcE3pVQlflbKyYzp62VObEBI4RIJLisvDXaPRUcBa4vz904P
 yu0baIYW8hWBcZhb0Lkex/9x7ys2T1bnnw8G7WL05GtHSZfVvT46Y70o+3i5ycBh
 GAI93Lx4r1gCjol9LVE4i1bewbPiMqyNXOtKGPRt/IIvYI4HZ67lFA==
 =YIpM
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm

binman support for FIT
new UCLASS_SOC
patman switch 'test' command
minor fdt fixes
patman usability improvements
2020-07-23 15:56:06 -04:00
AKASHI Takahiro
5ee81c6e3f lib: crypto: export and enhance pkcs7_verify_one()
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:37:17 +02:00
AKASHI Takahiro
05329fa4c0 lib: crypto: add pkcs7_digest()
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:36:29 +02:00
AKASHI Takahiro
063499e38e lib: crypto: import pkcs7_verify.c from linux
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.

In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:45 +02:00
AKASHI Takahiro
6244b3c7d9 lib: crypto: enable x509_check_for_self_signed()
When the file, x509_public_key.c, was imported from linux code in
    commit b4adf627d5 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.

Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:04 +02:00
AKASHI Takahiro
b2a1049b5c lib: crypto: add public_key_verify_signature()
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:33:55 +02:00
Heinrich Schuchardt
af457cfca9 efi_loader: use logging for block device messages
Use logging instead of printf() for messages occurring when scanning block
devices during the initialization of the UEFI sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
e7d64065cb efi_loader: document efi_save_gd(), efi_restore_gd()
Provide function descriptions for efi_save_gd() and efi_restore_gd().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Stefan Sørensen
1ef1cf1f93 efi_loader: loosen buffer parameter check in efi_file_read
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed
size before doing the actual read.

So move the buffer!=NULL check to after the buffer size has been checked.

This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now
boots out of the box.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
9b87d4429c efi_loader: Check for the native OP-TEE result on mm_communicate calls
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
5d1f79ba43 efi_loader: Rename and correct values for ARM_SMC_MM_*
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion

Fixes 23a397d2e2: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
ebbad02c1b efi_loader: don't use memmove() in efi_var_mem_del()
efi_var_mem_del() is in __efi_runtime because it would be needed for a
runtime implementation of SetVariable(). memmove() is not in __efi_runtime.
So we should not use it in efi_var_mem_del().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
01fa922bbb efi_loader: efi_current_var after SetVirtualAddressMap
Variable efi_current_var is a pointer to a physical memory address that
becomes invalid after SetVirtualAddressMap(). Instead of converting it via
ConvertPointer() simply set it to NULL.

Fixes: b02a707152 ("efi_loader: enable UEFI variables at runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Michal Simek
b589b80971 Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"
This reverts commit 3ebe09d09a.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Michal Simek
d4cc6f638c Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"
This reverts commit 118f4d4559.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
b75d8dc564 treewide: convert bd_t to struct bd_info by coccinelle
The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:

  It's a **mistake** to use typedef for structures and pointers.

Besides, using typedef for structures is annoying when you try to make
headers self-contained.

Let's say you have the following function declaration in a header:

  void foo(bd_t *bd);

This is not self-contained since bd_t is not defined.

To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>

  #include <asm/u-boot.h>
  void foo(bd_t *bd);

Then, the include direcective pulls in more bloat needlessly.

If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:

  struct bd_info;
  void foo(struct bd_info *bd);

Right, typedef'ing bd_t is a mistake.

I used coccinelle to generate this commit.

The semantic patch that makes this change is as follows:

  <smpl>
  @@
  typedef bd_t;
  @@
  -bd_t
  +struct bd_info
  </smpl>

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-07-17 09:30:13 -04:00
Chin Liang See
499b7493e7 lib: zlib: Remove offset pointer optimization in inftrees.c
This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: 6a043145ca

Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
2020-07-17 08:51:29 -04:00
Rasmus Villemoes
e7885a48bb lz4: fix decompressor on big-endian powerpc
Booting an lz4-compressed kernel image fails on our powerpc board with
-EPROTONOSUPPORT. Adding a bit of debug prints, we get

  magic: 0x184d2204
  flags: 0x64
  reserved0: 1
  has_content_checksum: 1
  has_content_size: 0
  has_block_checksum: 0
  independent_blocks: 1
  version: 0
  block_descriptor: 70
  reserved1: 7
  max_block_size: 0
  reserved2: 0

So the magic is ok, but the version check fails, also some reserved
bits are apparently set. But that's because the code interprets the
"flags" and "block_descriptor" bytes wrongly:

Using bit-fields to access individual bits of an "on the wire" format
is not portable, not even when restricted to the C flavour implemented
by gcc. Quoting the gcc manual:

   * 'The order of allocation of bit-fields within a unit (C90 6.5.2.1,
     C99 and C11 6.7.2.1).'

     Determined by ABI.

and indeed, the PPC Processor ABI supplement says

   * Bit-fields are allocated from right to left (least to most
     significant) on Little-Endian implementations and from left to
     right (most to least significant) on Big-Endian implementations.

The upstream code (github.com/lz4/lz4) uses explicit shifts and masks
for encoding/decoding:

    /* FLG Byte */
    *dstPtr++ = (BYTE)(((1 & _2BITS) << 6)    /* Version('01') */
        + ((cctxPtr->prefs.frameInfo.blockMode & _1BIT ) << 5)
        + ((cctxPtr->prefs.frameInfo.blockChecksumFlag & _1BIT ) << 4)
        + ((unsigned)(cctxPtr->prefs.frameInfo.contentSize > 0) << 3)
        + ((cctxPtr->prefs.frameInfo.contentChecksumFlag & _1BIT ) << 2)
        +  (cctxPtr->prefs.frameInfo.dictID > 0) );

    /* Flags */
    {   U32 const FLG = srcPtr[4];
        U32 const version = (FLG>>6) & _2BITS;
        blockChecksumFlag = (FLG>>4) & _1BIT;
        blockMode = (FLG>>5) & _1BIT;
        contentSizeFlag = (FLG>>3) & _1BIT;
        contentChecksumFlag = (FLG>>2) & _1BIT;
        dictIDFlag = FLG & _1BIT;
        /* validate */
        if (((FLG>>1)&_1BIT) != 0) return err0r(LZ4F_ERROR_reservedFlag_set); /* Reserved bit */
        if (version != 1) return err0r(LZ4F_ERROR_headerVersion_wrong);        /* Version Number, only supported value */
    }

Do the same here, and while at it, be more careful to use unaligned
accessors to what is most likely unaligned. Also update the comment to
make it clear that it only refers to the lz4.c file, not the following
code of lz4_wrapper.c.

This has been tested partly, of course, by seeing that my
lz4-compressed kernel now boots, partly by running the (de)compression
test-suite in the (x86_64) sandbox - i.e., it should still work just
fine on little-endian hosts.

Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2020-07-17 08:45:29 -04:00
Simon Glass
bb6772c3ff acpi: Support writing named values
Allow writing named integers and strings to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix the "new blank line at EOF" warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
91c2f9c32e acpi: Support generation of a device
Allow writing an ACPI device to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
d7d631df2d acpi: Support generation of a generic register
Allow writing out a generic register.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
82659cc910 acpi: Support generation of a scope
Add a function to write a scope to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
8f9877df95 binman: Add way to locate an entry in memory
Add support for accessing an entry's contents in memory-mapped SPI flash.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
956a9082d3 binman: Refactor binman_entry_find() to allow other nodes
At present we can only read from a top-level binman node entry. Refactor
this function to produce a second local function which supports reading
from any node.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
db6fb7d152 binman: Allow setting the ROM offset
On x86 the SPI ROM can be memory-mapped, at least most of it. Add a way
to tell binman the offset from a ROM address to a RAM address.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
fefac0b064 dm: acpi: Enhance acpi_get_name()
For many device types it is possible to figure out the name just by
looking at its uclass or parent. Add a function to handle this, since it
allows us to cover the vast majority of cases automatically.

However it is sometimes impossible to figure out an ACPI name for a device
just by looking at its uclass. For example a touch device may have a
vendor-specific name. Add a new "acpi,name" property to allow a custom
name to be created.

With this new feature we can drop the get_name() methods in the sandbox
I2C and SPI drivers. They were only added for testing purposes. Update the
tests to use the new values.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
740630ba73 acpi: Add support for a generic power sequence
Add a way for devices to enable and disable themselves using ACPI code
that updates GPIOs. This takes several timing parameters and supports
enable, reset and stop.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
f8054dd8ba acpi: Add support for writing a GPIO power sequence
Power to some devices is controlled by GPIOs. Add a way to generate ACPI
code to enable and disable a GPIO so that this can be handled within an
ACPI method.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
f9189d5ada acpi: Add support for writing a Power Resource
These are used in ACPI to disable power to various pats of the system when
in sleep. Add a way to create a power resource, with the caller finishing
off the details.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
9c70e7e556 acpi: Add support for various misc ACPI opcodes
Add more functions to handle some miscellaneous ACPI opcodes.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
0667900049 acpi: Support copying properties from device tree to ACPI
Some drivers in Linux support both device tree and ACPI. U-Boot itself
uses Linux device-tree bindings for its own configuration but does not use
ACPI.

It is convenient to copy these values over to the ACPI DP table for
passing to linux. Add some convenience functions to help with this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
2357234666 acpi: Support writing a GPIO
Allowing writing out a reference to a GPIO within the ACPI output. This
can be used by ACPI code to access a GPIO at runtime.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
0e5a0a00d6 acpi: Support writing Device Properties objects via _DSD
More complex device properties can be provided to drivers via a
device-specific data (_DSD) object.

To create this we need to build it up in a separate data structure and
then generate the ACPI code, due to its recursive nature.

Add an implementation of this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
29df845204 acpi: Support writing a UUID
ACPI supports writing a UUID in a special format. Add a function to handle
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7aed90d44c acpi: Support writing a name
ACPI supports storing names which are made up of multiple path components.
Several special cases are supported. Add a function to emit a name.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
3df33bda5c acpi: Support writing a string
ACPI supports storing a simple null-terminated string. Add support for
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
83b2bd5a74 acpi: Support writing an integer
ACPI supports storing integers in various ways. Add a function to handle
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
03967ce2e5 acpigen: Support writing a package
A package collects together several elements. Add an easy way of writing
a package header and updating its length later.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7e148f2ed3 acpigen: Support writing a length
It is convenient to write a length value for preceding a block of data.
Of course the length is not known or is hard to calculate a priori. So add
a way to mark the start on a stack, so the length can be updated when
known.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
70e5e67a4d acpi: Support generation of SPI descriptor
Add a function to write a SPI descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
31e1787ec1 acpi: Support generation of I2C descriptor
Add a function to write a GPIO descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
4ebc940b39 acpi: Support generation of a GPIO/irq for a device
Some devices use interrupts but some use GPIOs. Since these are fully
specified in the device tree we can automatically produce the correct ACPI
descriptor for a device.

Add a function to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
a9e0a077df acpi: Support generation of GPIO descriptor
Add a function to write a GPIO descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: Drop comment about the type always being ACPI_GPIO_TYPE_IO]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7fb8da4ce1 acpi: Support string output
Add support for output of strings and streams of bytes.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
ff715c6f4f acpi: Support generation of interrupt descriptor
Add a function to write an interrupt descriptor to the generated ACPI
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
61cc93396a acpi: Support generation of ACPI code
Add a new file to handle generating ACPI code programatically. This is
used when information must be dynamically added to the tables, e.g. the
SSDT.

Initial support is just for writing simple values. Also add a 'base' value
so that the table can be freed. This likely doesn't happen in normal code,
but is nice to do in tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
2715b3623c acpi: Add a way to check device status
At present U-Boot does not support the different ACPI status values, but
it is best to put this logic in a central place. Add a function to get the
device status.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
1361a53c1a acpi: Add a function to get a device path and scope
Add a function to build up the ACPI path for a device and another for its
scope.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
e1ddf67cb3 timer: Allow delays with a 32-bit microsecond timer
The current get_timer_us() uses 64-bit arithmetic on 32-bit machines.
When implementing microsecond-level timeouts, 32-bits is plenty. Add a
new function that uses an unsigned long. On 64-bit machines this is
still 64-bit, but this doesn't introduce a penalty. On 32-bit machines
it is more efficient.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Heinrich Schuchardt
7dda16343d efi_loader: pre-seed UEFI variables
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
99bfab8b58 efi_loader: identify PK, KEK, db, dbx correctly
To determine if a varible is on the of the authentication variables
PK, KEK, db, dbx we have to check both the name and the GUID.

Provide a function converting the variable-name/guid pair to an enum and
use it consistently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
be66b89da3 efi_loader: configuration of variables store
The file based and the OP-TEE based UEFI variable store are mutually
exclusive. Define them as choice options in Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
1a7b0f6e4e efi_loader: update secure state
Update the UEFI secure state when variable 'PK' is updated in the TEE
variables implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
012c56ac76 efi_loader: restructure code for TEE variables
When using secure boot functions needed both for file and TEE based UEFI
variables have to be moved to the common code module efi_var_common.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Ilias Apalodimas
f96744b250 efi_loader: display RO attribute with TEE-backed variables
A previous commit adds support for displaying variables RO flag.
Let's add it on the TEE backed variable storage as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
4a3155de3d efi_selftest: adjust runtime test for variables
As variable services are available at runtime we have to expect EFI_SUCCESS
when calling the services.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
b02a707152 efi_loader: enable UEFI variables at runtime
Enable UEFI variables at runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
ab7296c99c efi_loader: use memory based variable storage
Saving UEFI variable as encoded U-Boot environment variables does not allow
implement run-time support.

Use a memory buffer for storing UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
f1f990a8c9 efi_loader: memory buffer for variables
Saving UEFI variable as encoded U-Boot environment variables does not allow
support at runtime.

Provide functions to manage a memory buffer with UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
b0dd8cb407 efi_loader: new function efi_memcpy_runtime()
Provide a memcpy() function that we can use at UEFI runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
724d28171e efi_loader: optional pointer for ConvertPointer
If the EFI_OPTIONAL_PTR is set in DebugDisposition, a NULL pointer does not
constitute an invalid parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
a44d2a2399 efi_loader: export efi_convert_pointer()
We need ConvertPointer() to adjust pointers when implementing  runtime
services within U-Boot.

After ExitBootServices() gd is not available anymore. So we should not use
EFI_ENTRY() and EFI_EXIT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
5f7dcf079d efi_loader: UEFI variable persistence
Persist non-volatile UEFI variables in a file on the EFI system partition.

The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.

The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
198bf6418e efi_loader: secure boot flag
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.

The efi_secure_boot flag should match the UEFIvariable SecureBoot.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
55a830560e efi_loader: read-only AuditMode and DeployedMode
Set the read only property of the UEFI variables AuditMode and DeployedMode
conforming to the UEFI specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
fd7b6730ab efi_loader: value of VendorKeys
According to the UEFI specification the variable VendorKeys is 1 if the
"system is configured to use only vendor-provided keys".

As we do not supply any vendor keys yet the variable VendorKeys must be
zero.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
37fa7cb045 efi_loader: keep attributes in efi_set_variable_int
Do not change the value of parameter attributes in function
efi_set_variable_int(). This allows to use it later.

Do not use variable attr for different purposes but declare separate
variables (attr and old_attr).

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
dda8c7163a efi_loader: simplify boot manager
Simplify the implementation of the UEFI boot manager:

* avoid EFI_CALL for SetVariable() and GetVariable()
* remove unnecessary type conversions

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
dc90e5c491 efi_loader: OsIndicationsSupported, PlatformLangCodes
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read
only.

Avoid EFI_CALL() for SetVariable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
01df8cf336 efi_loader: separate UEFI variable API from implemementation
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
f2d2b3a11c efi_loader: prepare for read only OP-TEE variables
We currently have two implementations of UEFI variables:

* variables provided via an OP-TEE module
* variables stored in the U-Boot environment

Read only variables are up to now only implemented in the U-Boot
environment implementation.

Provide a common interface for both implementations that allows handling
read-only variables.

As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
a27c78fddb efi_loader: NULL dereference in efi_convert_pointer
Avoid a possible NULL pointer dereference in efi_convert_pointer().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
1047c6e23c efi_loader: fix efi_get_child_controllers()
Don't call calloc(0, ..).
Consider return value of efi_get_child_controllers().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
39a75f5af1 efi_loader: wrong printf format in efi_image_parse
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:

lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]

Use %zu for printing size_t.

Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Ilias Apalodimas
ecb833a0c6 efi_loader: cleanup for tee backed variables
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
AKASHI Takahiro
491bfe8606 lib: rsa: export rsa_verify_with_pkey()
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
AKASHI Takahiro
7926dfb579 efi_loader: image_loader: add digest-based verification for signed image
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.

With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
11bafb2596 efi_loader: image_loader: verification for all signatures should pass
A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1e64d0b5a4 efi_loader: signature: make efi_hash_regions more generic
There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
36b2f9da5c efi_loader: signature: fix a size check against revocation list
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
eb537fd7eb efi_loader: image_loader: retrieve authenticode only if it exists
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1a44b7059c efi_loader: image_loader: add a check against certificate type of authenticode
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
  WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
  WIN_CERT_TYPE_PKCS_SIGNED_DATA
  WIN_CERT_TYPE_EFI_PKCS1_15

As EDK2 does, we will support the first two that are pkcs7 SignedData.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00