Commit graph

72 commits

Author SHA1 Message Date
Michal Simek
046d7a0bb1 cmd: efidebug: Add missing \n at the end of message
Currently message is not intended that prompt end up at the end of debug
line. For example like this:

DFU alt info setting: done
DFU entities configuration failed!
(partition table does not match dfu_alt_info?)
Firmware update failed: <NULL>
Cannot handle a capsule at 10000000Zynq>

Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-08-13 11:09:49 +02:00
Masami Hiramatsu
4cd1fca361 cmd: efidebug: Disable 'capsule disk-update' when CONFIG_EFI_CAPSULE_ON_DISK=n
Disable 'capsule disk-update' option for the efidebug command
when CONFIC_EFI_CAPSULE_ON_DISK is disabled, because this option
is available only when the EFI capsule update on disk is enabled.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-04-09 21:06:31 +02:00
Heinrich Schuchardt
ccc41fcfaf cmd: efidebug: simplify do_efi_boot_add()
When calling efi_dp_from_name() we are not interested in the device part.
Just pass NULL as an argument.

Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
63276a569d efi_loader: use short-form DP for load options
The GUID of partitions is sufficient for identification and will stay
constant in the lifetime of a boot option. The preceding path of the
device-path may change due to changes in the enumeration of devices.
Therefore it is preferable to use the short-form of device-paths in load
options. Adjust the 'efidebug boot add' command accordingly.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Simon Glass
156ccbc3c4 efi: Use 16-bit unicode strings
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 12:16:01 -05:00
Heinrich Schuchardt
3adae64220 cmd: efidebug: simplify printing GUIDs
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
9ad37fe405 efi_loader: avoid multiple local copies of lf2_initrd_guid
Create the GUID as a global variable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
05345425ca efi_loader: efi_dp_from_lo() unused parameter size
Parameter size is never used in function efi_dp_from_lo(). Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
fc42b8bb75 efi_loader: simplify show_efi_boot_opt_data()
Use printf code %pD for printing device paths.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
0421735dd8 efi_loader: efi_dp_from_lo() don't copy GUID
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Heinrich Schuchardt
2b8723c5a1 efidebug: correct display of BootOrder
Display the number of the boot option and not its index.

Fixes: 2ecee31017 ("efi_loader: use efi_create_indexed_name()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-28 19:57:13 +02:00
Heinrich Schuchardt
acfe1def3f efi_loader: simplify accessing variables
Use efi_get_variable_int() instead of EFI_CALL(RT->get_variable()).
Use efi_set_variable_int() instead of EFI_CALL(efi_set_variable()).

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-25 13:06:58 +02:00
Heinrich Schuchardt
2ecee31017 efi_loader: use efi_create_indexed_name()
Simplify the creation of indexed variable names like 'Boot0000' by using
function efi_create_indexed_name().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-25 13:06:58 +02:00
Heinrich Schuchardt
60177e0ac2 efi_loader: simplify show_efi_boot_order()
To print a UTF-16 string use %ls instead of converting string to UTF-8.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-25 13:06:58 +02:00
Heinrich Schuchardt
cd5a87e7b7 efi_loader: simplify show_efi_boot_opt_data()
To print a UTF-16 string use %ls instead of converting string to UTF-8.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-25 13:06:58 +02:00
Heinrich Schuchardt
d473063d9d efi_loader: simplify efi_get_device_path_text()
Replace static function efi_get_device_handle_info() by a simplified
function efi_get_device_path_text() avoiding EFI_CALL().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Jose Marinho
aa31a87d7a cmd: efi: ESRT table debug print
This commit enables the ESRT printing from the u-boot shell by invoking:
- efidebug capsule esrt

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:19:42 +01:00
Jose Marinho
64a8aae15c efi: Add ESRT to the EFI system table
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().

The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.

The code ensures that every ESRT entry has a unique fw_class value.

Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:19:19 +01:00
Ilias Apalodimas
cbea241e93 efidebug: add multiple device path instances on Boot####
The UEFI spec allows a packed array of UEFI device paths in the
FilePathList[] of an EFI_LOAD_OPTION. The first file path must
describe the loaded image but the rest are OS specific.

Previous patches parse the device path and try to use the second
member of the array as an initrd. So let's modify efidebug slightly
and install the second file described in the command line as the
initrd device path.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:14:26 +01:00
Simon Glass
df7d89a6fc efi: Fix compiler warnings
This occur when building on Raspberry Pi 400 (32-bit ARM). Fix them.

Examples:

cmd/efidebug.c: In function ‘do_efi_capsule_update’:
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:9: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
         ^~~
cmd/efidebug.c:75:49: warning: cast from pointer to integer of different
	size [-Wpointer-to-int-cast]
  ret = EFI_CALL(RT->update_capsule(&capsule, 1, (u64)NULL));
                                                 ^
include/efi_loader.h:104:19: note: in definition of macro ‘EFI_CALL’
  typeof(exp) _r = exp; \
                   ^~~

In file included from include/common.h:20,
                 from lib/efi_loader/efi_capsule.c:9:
lib/efi_loader/efi_capsule.c: In function ‘efi_update_capsule’:
include/efi_loader.h:83:8: warning: format ‘%lu’ expects argument of type
	‘long unsigned int’, but argument 10 has type ‘size_t’
	{aka ‘unsigned int’} [-Wformat=]
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
        ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:37:21: note: in definition of macro ‘pr_fmt’
 #define pr_fmt(fmt) fmt
                     ^~~
include/log.h:229:2: note: in expansion of macro ‘log’
  log(LOG_CATEGORY, LOGL_DEBUG, fmt, ##args); \
  ^~~
include/log.h:249:2: note: in expansion of macro ‘debug_cond’
  debug_cond(_DEBUG, fmt, ##args)
  ^~~~~~~~~~
include/efi_loader.h:83:2: note: in expansion of macro ‘debug’
  debug("%sEFI: Entry %s(" format ")\n", __efi_nesting_inc(), \
  ^~~~~
lib/efi_loader/efi_capsule.c:444:2: note: in expansion of macro ‘EFI_ENTRY’
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
  ^~~~~~~~~
lib/efi_loader/efi_capsule.c:444:19: note: format string is defined here
  EFI_ENTRY("%p, %lu, %llu\n", capsule_header_array, capsule_count,
                 ~~^
                 %u

Signed-off-by: Simon Glass <sjg@chromium.org>
Replace (uintptr_t)NULL by 0.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:08:41 +01:00
Heinrich Schuchardt
a2c3f1bca4 cmd/efidebug: add firmware management protocol GUID
Add missing GUID short text used in the efidebug tables and efidebug dh
sub-commands.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-26 16:17:43 +01:00
Heinrich Schuchardt
b9b0ea30c7 efi_loader: install UEFI System Partition GUID
On the handle for the UEFI System Partition we must install the System
Partition GUID (with a NULL interface).

Let the efidebug command display the GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-04 20:09:02 +01:00
AKASHI Takahiro
30f8222bb0 cmd: efidebug: always check return code from get_variable()
CID 316364 says:
> Null pointer dereferences  (FORWARD_NULL)
>	printf("Result total size: 0x%x\n", result->variable_total_size);
at do_efi_capsule_res().

The code is basically safe because a buffer for "result" is allocated
by malloc() and filled up by the second get_variable(), which fails any way
if the allocation has failed.

But the first (and second) get_variable() possibly returns an error other
than EFI_SUCCESS. We always need to check the return code from
get_variable() before accessing the data in "result".

While this change won't suppress CID 316364, the resulting code is much
safer.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23 07:56:53 +01:00
Heinrich Schuchardt
ff2f532fad efi_loader: make the UEFI boot manager configurable
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-20 08:09:34 +01:00
Heinrich Schuchardt
94686f60a2 efi_loader: implement EFI_DT_FIXUP_PROTOCOL
A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:01 +01:00
Sughosh Ganu
7407595286 efidebug: capsule: Add a command to update capsule on disk
Add a efidebug subcommand to initiate a firmware update using the efi
firmware management protocol(fmp) set_image routine.

The firmware update can be initiated through

'efidebug capsule disk-update'

This would locate the efi capsule file on the efi system partition,
and call the platform's set_image fmp routine to initiate the firmware
update.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2020-12-31 14:41:31 +01:00
AKASHI Takahiro
7f35cedfd9 cmd: add "efidebug capsule" command
"efidebug capsule" is more or less a debugging utility.
  efidebug capsule update: invoke UpdateCapsule against data on memory
  efidebug capsule show: show a capsule header
  efidebug capsule result: dump a capsule result variable

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-12-03 21:22:50 +01:00
Ilias Apalodimas
94e7820024 cmd: efidebug: Add support for TCG2 final events table
A previous commit is adding EFI_TCG2_PROTOCOL, which in it's eventlog
support registers an EFI configuration table.
Let's add the necessary GUID so 'efidebug table' command can display
table names properly.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-03 21:22:40 +01:00
Heinrich Schuchardt
796933510f efi_loader: efidebug display RNG protocol
Add the Random Number Generator (RNG) protocol to the GUIDs that the
'efidebug dh' protocol can replace by a text.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-27 16:10:45 +02:00
Heinrich Schuchardt
bc78d22d0f cmd/efidebug: missing initialization of load_options
Variable load_options must be initialized to NULL to avoid a segmentation
fault when freeing the memory this variable points to.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
0ad64007fe efi_loader: set load options in boot manager
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
0e69bcfb27 efi_loader: validate load option
For passing the optional data of the load option to the loaded imaged
protocol we need its size.

efi_deserialize_load_option() is changed to return the size of the optional
data.

As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.

Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.

Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
255a47333c efi_loader: add EFI_MEMORY_SP to memory attributes
The UEFI 2.8 specification has introduced the EFI_MEMORY_SP memory
attribute. Add it to the 'efidebug memmap' and 'efi mem' commands.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Ilias Apalodimas
b0e4f2c738 cmd: efidebug: Add support for querying UEFI variable storage
With the previous patches that use OP-TEE and StandAloneMM for UEFI
variable storage we've added functionality for efi_query_variable_info.
So let's add the relevant command to efidebug and retrieve information
about the container used to store UEFI variables

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-05-17 21:59:53 +02:00
Heinrich Schuchardt
bdb15776f6 cmd: efidebug: fix -Werror=type-limits warning
Compiling with -Wtype-limits yields:

cmd/efidebug.c:968:32: error: comparison is always false due to limited
range of data type [-Werror=type-limits]
  968 |  if (*endp != '\0' || bootnext > 0xffff) {
      |

Remove the superfluous check.

Fixes: 59df7e7e77 ("cmd: add efidebug command")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-10 00:01:12 +02:00
AKASHI Takahiro
e2a5b86030 cmd: efidebug: add a comment against Coverity check (300329)
The check here, "Null pointer dereferences," is a false positive.
So leave a comment.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Coverity (CID 300329)
2020-05-09 09:30:28 +02:00
AKASHI Takahiro
d67591dc22 cmd: efidebug: fix a wrong handling of arguments
Coverity detected a dead code, but actually there is a bug in a check
against a number of arguments. So simply fix it.

Reported-by: Coverity (CID 300330)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-09 09:30:27 +02:00
Heinrich Schuchardt
a30c72319c cmd: efidebug: simplify UEFI protocol calls
We should not to refer to a function via the run-time or boot services
tables if the function is exported.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
Heinrich Schuchardt
f9f5f92bc5 efi_loader: fix 'efidebug bootorder'
* don't copy GUIDs for no reason
* shorten print format strings by using variable names
* don't use the run-time table to access exported functions
* check the result of malloc() (fixes Coverity CID 300331)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Heinrich Schuchardt
dd9056c06a efi_loader: efidebug, avoid illegal memory access
For EFI_PERSISTENT_MEMORY_TYPE the 'efidebug memmap' command produces an
illegal memory access.

* Add the missing descriptive string for EFI_PERSISTENT_MEMORY_TYPE.
* Replace the check for EFI_MAX_MEMORY_TYPE by the ARRAY_SIZE() macro.

Reported-by: Coverity (CID 300336)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Heinrich Schuchardt
b5f4e9e384 efi_loader: fix 'efidebug boot dump'
* Do not recreate a variable name that we already have as u16 string.
* Check the return value of malloc()
* EFI_NOT_FOUND cannot occur for a variable name returned by
  GetNextVariableName(). Remove a print statement.
* Don't copy a GUID for no reason.
* Don't use the run-time service table to call exported functions.
* Don't pass NULL to show_efi_boot_opt_data() (fixes Coverity CID 300338).

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
AKASHI Takahiro
525fc06744 cmd: efidebug: add "test bootmgr" sub-command
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
Heinrich Schuchardt
6c0ef35cdc cmd: efidebug: fix int to pointer cast
On 32 bit systems fix
warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]

Fixes: a415d61eac ("cmd: map addresses to sysmem in efidebug memmap")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-28 10:45:03 +01:00
Heinrich Schuchardt
a415d61eac cmd: map addresses to sysmem in efidebug memmap
Addresses in the sandbox's device tree are in the sandbox's virtual address
space. If we want to compare memory reservations in the device-tree with
the output of 'efidebug memmap', we need to convert back to this address
space.

Adjust the output of the 'efidebug memmap' command.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-17 08:29:52 +01:00
Heinrich Schuchardt
30efb5dd43 cmd: efidebug: correct error message
Add the missing line feed at the error message if the variable referred to
by 'efidebug boot rm' does not exist.

Shorten the format string by using the variable name instead of the number
of the boot variable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-11 08:23:05 +01:00
AKASHI Takahiro
e8bced62b6 cmd: efidebug: fix a failure of "boot rm" sub-command
There is a wrong usage of utf8_utf16_strncpy() in "boot rm" command, and
then it will end up with a failure of this command due to a wrong
value of an interim variable ("var_name16").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-11 08:23:05 +01:00
Ilias Apalodimas
ec80b4735a efi_loader: Implement FileLoad2 for initramfs loading
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.

The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.

[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-28 19:37:14 +01:00