We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.
So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.
There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.
Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
stdlib.h is the header for malloc since at least c89/c90.
There is no system malloc.h on OpenBSD and trying to use malloc.h here
falls back to the U-Boot malloc.h breaking the build of qemu_arm64.
Fixes: 336d4615f8 ("dm: core: Create a new header file for 'compat' features")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
At present the MD5 option cannot be enabled by board configs since it has
no Kconfig name. It is generally enabled, so long as FIT support is
present. But not all boards use FIT, particularly in SPL
Fix this and add an option for SPL as well. This allows board code to call
md5() even if FIT support is not enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current code uses 'u16_strlen(x) + 1) * sizeof(u16)' in various
places to calculate the number of bytes occupied by a u16 string.
Let's introduce a wrapper around this. This wrapper is used on following
patches
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The only error case is that a given UUID is in wrong format.
So just return EFI_INVALID_PARAMETER here.
Reported-by: Coverity (CID 300333)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Coverity detected:
Using "&opt->CheckSum" as an array. This might corrupt or misinterpret
adjacent memory locations.
The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.
Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL. We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_variable_parse_signature() returns NULL on error, so IS_ERR()
is an incorrect check. The goto err leads to pkcs7_free_message(),
which works fine on a NULL ptr.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is no need to call efi_get_variable() instead of
efi_get_variable_common(). So let's use the internal function.
Move forward declarations to the top of the file.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a couple of missing targets so that helloworld and other efi targets
are not needlessly rebuilt.
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
did a cast to uint64_t of the key_prop->public_exponent field.
But that alignment is not guaranteed in all cases.
This came to light when in my spl-fit-signature the key-name exceeded
a certain length and with it the verification then started failing.
(naming it "integrity" worked fine, "integrity-uboot" failed)
key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
also just returns such a void-pointer and inside the devicetree the 64bit
exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
can lead to false reads.
So just use the already existing rsa_convert_big_endian() to do the actual
conversion from the dt's big-endian to the needed uint64 value.
Fixes: fc2f4246b4 ("rsa: Split the rsa-verify to separate the modular exponentiation")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If we want to restore variables from disk, we need to initialize block
devices before variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_set_volatile_variable() and
efi_set_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_get_volatile_variable() and
efi_get_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
"if (left < esl->signature_size)" is not reachable in a while loop.
But it is still valuable in case that a given signature database is
somehow corrupted. So fix the while loop condition.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The most basic printf("%i", value) formating string was missing,
add it for the sake of convenience.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6qkUQACgkQxIHbvCwF
GsRGkQ//R1VltRXNk4RrYiKbsU33biNAIWQB4IhQpm6w1SgsrPAb7yWJEg1xhJ3P
qhujDlVlW2s2Cz+sMkQOTd5/ln55IegJZ4LFlQuOhJCO22TzEenP8bkziMU7UBu8
YtbhtV5cru2DBMg8uBQCazw9Lue5WUktzHgWhiNy+yBY5g6j+vkQHjy/+BjpC6RD
7KT4qfyh+hyhss+O2lLjQYwobVwVxnCfQikWSdfMRqptC8N/lYMGNjiNk42HJssX
cWy44TNUePgCE5pES1krXmR3q7fT/ocuWW2g8QynEJIqjZSWVTmZqLgdba3pd5Di
kfleoByXLS0/HS6AgjdJNv+vwRuOot1RBXfbVYnDwb7flFThvu3xBzy55IMHa6uH
eHDt3v1W3ZSwGnxiTzdbHISH5JidBUJAq+h+S3Zy52plbkgMWplPgFptSscM6+yo
YrCTlzuj019X/Lm1JfO2X7NqhGPX9/MiMDwfvE+BGnWRhwOHNSu/S6+Iu1XUBrXN
Q/tnHJxK1FGcoq73a/5VgiSkfnEl1+YdjdAUM8+nJdUPCL5xCWX1jXNxE0vq0l4U
Y3zsjCj5lM4TnDUJvbOacMM4ltjxSMpBwmkGdleYOcKJxU8WD0YNuhUL2nnUFuDx
7MYHonEPz5s3T+IiMoNAtYr3BHKcxedHNkmpoJsaPS69zMGq7dM=
=38oT
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc2
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
It is useful to dump ACPI tables in U-Boot to see what has been generated.
Add a command to handle this.
To allow the command to find the tables, add a position into the global
data.
Support subcommands to list and dump the tables.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Put this in the context along with the other important pointers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
We always write three basic tables to ACPI at the start. Move this into
its own function, along with acpi_fill_header(), so we can write a test
for this code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this code to a generic location so that we can test it with sandbox.
This requires adding a few new fields to acpi_ctx, so drop the local
variables used in the original code.
Also use mapmem to avoid pointer-to-address casts which don't work on
sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The current code uses an address but a pointer would result in fewer
casts. Also it repeats the alignment code in a lot of places so this would
be better done in a helper function.
Update write_acpi_tables() to make use of the new acpi_ctx structure,
adding a few helpers to clean things up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
A device may want to write out ACPI tables to describe itself to Linux.
Add a method to permit this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
=H2KE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm
Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch enables LZMA decompression support for SPL build
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c
Migrate to a simple wrapper like the other files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Add a helper function for this operation. Update the strtoul() tests to
check upper case as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SPL should not be enlarged by building with CONFIG_HEXDUMP=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The OID registry is only used by crypto functions that are not built in
SPL. So we should not build it in SPL.
Fixes: a9b45e6e83 ("lib: add oid registry utility")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The tool need to use fdtdec_get_child_count(), make it available for
HOST_CC.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
The callback member of struct env_entry is always NULL for an SPL
build. Removing it thus saves a bit of run-time memory in the
SPL (when CONFIG_SPL_ENV_SUPPORT=y) since struct env_entry is embedded
in struct env_entry_node - i.e. about 2KB for the normal case of
512+change hash table entries.
Two small fixups are needed for this, all other references to the
callback member are already under !CONFIG_SPL_BUILD: Don't initialize
.callback in set_flags() - hsearch_r doesn't use that value
anyway. And make env_callback_init() initialize ->callback to NULL for
a new entry instead of relying on an unused or deleted entry having
NULL in ->callback.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In SPL, environment callbacks are not supported, so e->callback is
always NULL. Removing this makes the SPL a little smaller (about 400
bytes in my ppc build) with no functional change.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is preparation for compiling out the "call the callback" code and
associated error handling for SPL, where ->callback is always NULL.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In U-Boot, the reserved memory end address is considered as a inclusive
address. This notion is followed while adding a reserved memory node to
the DT.
For example:
end_address = start_address + size - 1
Follow the same notion and fix the end address computation while checking
for existing nodes.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
There is no way to select BZIP2 compression method.
Add it under library/compression config where all other
compression related configs are present.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
=+ZDZ
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6YdaMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYLRwf8C+vKmERVLLcrMZMMiLctbY2kVflJV8zG
RjFwBcazZDPYjtHqClFZtJyIDYzgkVQRo+QPcdLxjcA+gjSXdteeRa0XTsBTXOZQ
kbs7yBkL+rCIO2WyXtuyajsmDMQtqM5vYgeBdTeYnJu7NVxwRMYrUqqAKLolNpIN
SKNYz+a8OEOG2EetbTdwwrmSpNy/cZ3wDGYK25DFTte8/vCZMRBTPiiNSrLp/RsM
xIojRcLqzARwpvPfFZ8psASKei9+5oIICUrNvwwQGtjepvZwdFQEl90SKaHw8kMf
sP9rxuqlEN5ec6xnMTUgwfnyBZgNIMSeb4KVPP1rxN2eAa5+bK1OlQ==
=gyyY
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-10apr20-take2' of git://git.denx.de/u-boot-dm
Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The DMA Remapping Reporting (DMAR) table contains information about DMA
remapping.
Add a version simple version of this table with only the minimum fields
filled out. i.e. no entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Each ACPI table has its own version number. Add the version numbers in a
single function so we can keep them consistent and easily see what
versions are supported.
Start a new acpi_table file in a generic directory to house this function.
We can move things over to this file from x86 as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This file is potentially useful to other architectures saddled with ACPI
so move most of its contents to a common location.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
supported by the platform firmware
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
Currently we support
* authentication based on db and dbx,
so dbx-validated image will always be rejected.
* following signature types:
EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.
Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.
It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.
Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().
Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Base autodetection is failing for this case:
if test 257 -gt 3ae; then echo first; else echo second; fi
It is because base for 3ae is recognized by _parse_integer_fixup_radix() as
10. The code detects the first char which is not between 'a'/'A' or 'f'/'F'
to change base from dec to hex.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Shiril Tichkule <shirilt@xlinx.com>
These are used in multiple places so update them to use a shared #define.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
'vendor' is both an input and an output parameter. So it cannot be
constant.
Fixes: 0bda81bfdc ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For EFI binaries we have to provide an implementation of memmove() in
efi_freestanding.c.
Before this patch the memmove() function was copying in the wrong
direction.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GetNextVariableName should report the length of the variable including the
final 0x0000 in bytes.
Check this in the unit test.
Increase the buffer size for variable names. 40 bytes is too short.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.
Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:
EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36
U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18
Provide correct length in GetNextVariable().
Fixes: d99a87f84b ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
K3 J721E:
* OSPI boot support
* Support for loading remote cores in R5 SPL
* PMIC ESM Support
* Minor fixes for R5F and C7x remoteproc drivers
K3 AM654:
* Update AVS class 0 voltages.
* Add I2C nodes
DRA7xx/AM57xx:
* Fixed Android boot on AM57xx
AM33/AM43/Davinci:
* switch to driver model for the net and mdio driver for baltos
* Add DM/DTS support for omap video driver
* Enable fastboot on am335x-evm
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function, and hence rsa_verify(), will perform RSA verification
with two essential parameters for a RSA public key in contract of
rsa_verify_with_keynode(), which requires additional three parameters
stored in FIT image.
It will be used in implementing UEFI secure boot, i.e. image authentication
and variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL
for the calculation.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently, if GetMemoryMap API returns EFI_BUFFER_TOO_SMALL, it doesn't
set valid values to other parameters, descriptor_size and
descriptor_version, except memory_map_size.
Some efi applications, however, may use those value; in particular,
xen uses descriptor_size to calculate a size of buffer to be allocated.
While UEFI specification is ambiguous in this point, it would be better
to address this issue proactively to maximize the compatibility with
existing efi applications.
With this patch, for example, xen.efi (and hence linux kernel) can be
started via bootefi without modification.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the generic elf loading/validating functions to lib/
so that they can be re-used and accessed by code existing
outside cmd.
While at it remove the duplicate static version of load_elf_image_phdr
under arch/arm/mach-imx/imx_bootaux.c.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Suggested-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Provide a unit test loading an initial ramdisk using the
EFI_LOAD_FILE2_PROTOCOL. The test is only executed on request.
An example usage - given a file image with a file system in partition 1
holding file initrd - is:
* Configure the sandbox with
CONFIG_EFI_SELFTEST=y
CONFIG_EFI_LOAD_FILE2_INITRD=y
CONFIG_EFI_INITRD_FILESPEC="host 0:1 initrd"
* Run ./u-boot and execute
host bind 0 image
setenv efi_selftest load initrd
bootefi selftest
This would provide a test output like:
Testing EFI API implementation
Selected test: 'load initrd'
Setting up 'load initrd'
Setting up 'load initrd' succeeded
Executing 'load initrd'
Loaded 12378613 bytes
CRC32 2997478465
Executing 'load initrd' succeeded
Now the size and CRC32 can be compared to the provided file.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present devres.h is included in all files that include dm.h but few
make use of it. Also this pulls in linux/compat which adds several more
headers. Drop the automatic inclusion and require files to include devres
themselves. This provides a good indication of which files use devres.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Anatolij Gustschin <agust@denx.de>
In upstream libfdt, 6dcb8ba4 "libfdt: Add helpers for accessing
unaligned words" introduced changes to support unaligned reads for ARM
platforms and 11738cf01f15 "libfdt: Don't use memcpy to handle unaligned
reads on ARM" improved the performance of these helpers.
In practice however, this only occurs when the user has forced the
device tree to be placed in memory in a non-aligned way, which in turn
violates both our rules and the Linux Kernel rules for how things must
reside in memory to function.
This "in practice" part is important as handling these other cases adds
visible (1 second or more) delay to boot in what would be considered the
fast path of the code.
Cc: Patrice CHOTARD <patrice.chotard@st.com>
Cc: Patrick DELAUNAY <patrick.delaunay@st.com>
Link: https://www.spinics.net/lists/devicetree-compiler/msg02972.html
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Patrice Chotard <patrice.chotard@st.com>
As hinted by GCC 9, there is a return statement that returns
an uninitialized variable in optee_copy_firmware_node().
This patch addresses this.
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
drivers/rng/sandbox_rng.c requires rand() to be defined but configuration
option CONFIG_CONFIG_LIB_RAND selected in drivers/rng/Kconfig does not
exist.
test/lib/test_aes.c requires rand() to be defined.
Fix the selection criteria for choice "Pseudo-random library support type".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CONFIG_SPL_RSA is meant to control if lib/rsa/* is used for SPL. Adjust
lib/Makefile to consider this setting.
This was correctly setup with commit 51c14cd128 ("verified-boot: Minimal
support for booting U-Boot proper from SPL") and got lost with commit
089df18bfe ("lib: move hash CONFIG options to Kconfig").
Fixes: 089df18bfe ("lib: move hash CONFIG options to Kconfig")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct some function comments. Convert to Sphinx style.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is not really a CONFIG since it is not intended to be set by boards.
Move it into the compiler header with other similar defines, and rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Until now, we only support aes128. This commit add the support
of aes192 and aes256.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the code, we use the size of the key for the
size of the block. It's true when the key is 128 bits,
but it become false for key of 192 bits and 256 bits.
So to prepare the support of aes192 and 256,
we introduce a constant for the iaes block size.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
UEFI programs like GRUB make change terminal colors which requires support
for ANSI escape sequences.
Let CONFIG_EFI_LOADER=y imply CONFIG_VIDEO_ANSI.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use the correct protocol in efi_uc_stop() when detaching the driver from
the controller.
Change the block IO unit test for the block device driver to throw an error
instead of a todo if teardown fails.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For automating testing we should be able to power off the test system.
The implementation of EFI_RESET_SHUTDOWN requires the do_poweroff()
function which is only available if CONFIG_CMD_POWEROFF=y.
Enable CONFIG_CMD_POWEROFF if PSCI reset is available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for the EFI_RNG_PROTOCOL.
The list of algorithms is read. Two random numbers are generated. The test
checks that the two numbers differ.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Install the EFI_RNG_PROTOCOL implementation for it's subsequent use by
the kernel for features like kaslr.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for the EFI_RNG_PROTOCOL routines for the qemu arm64
platform. EFI_RNG_PROTOCOL is an uefi boottime service which is
invoked by the efi stub in the kernel for getting random seed for
kaslr.
The routines are platform specific, and use the virtio-rng device on
the platform to get random data.
The feature can be enabled through the following config
CONFIG_EFI_RNG_PROTOCOL
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Changed SPDX header to use /* instead of //.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot can be compiled with function tracing enabled.
When compiling with FTRACE __cyg_profile_func_enter() is called when a
function is entered and __cyg_profile_func_exit() when the function is
left.
To avoid a crash we have to define these function for the free-standing
UEFI binaries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On a VT100 terminal <ESC>[2J should be enough to both clear the whole
screen and set the cursor to position (1, 1). But the Linux console does
not behave like this. So send an extra <ESC>[H. For reference see the
console_codes(4) man page.
Add a function description.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the following file to .gitignore
efi_miniapp_file_image_exception.h
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use efi_miniapp_*.h instead of file enumeration.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the GetInfo() method of the EFI_FILE_PROTOCOL is called to retrieve
the file system info we claim that the volume is read only and has no free
space. This leads to failures in programs that check this information
before writing to the volume like SCT's InstallSct.efi.
Currently there is no function to determine these parameters in U-Boot. So
let's return optimistic values:
Return that the volume is writable.
Return the volume size as free space.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI applications like GRUB and SCT assume that function keys are enabled
on the keyboard.
Let EFI_LOADER imply USB_KEYBOARD_FN_KEYS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On x86 platforms the timer is reset to 0 when the SoC is reset. Having
this as the timer base is useful since it provides an indication of how
long it takes before U-Boot is running.
When U-Boot sets the timer base to something else, time is lost and we
no-longer have an accurate account of the time since reset. This
particularly affects bootstage.
Change the default to not read the timer base, leaving it at 0. Add an
option for when U-Boot is the secondary bootloader.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
These functions are used by code outside the network support, so move them
to lib/ to be more accessible.
Without this, the functions are only accessible in SPL/TPL only if
CONFIG_SPL/TPL_NET are defined. Many boards do not enable those option but
still want to do checksums in this format.
Fix up a few code-style nits while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
SPL and TPL can access information about binman entries using link-time
symbols but this is not available in U-Boot proper. Of course it could be
made available, but the intention is to just read the device tree.
Add support for this, so that U-Boot can locate entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Even if not communicating over the network in U-Boot, code may be manipulating
and storing IP or MAC addresses to pass to Linux, etc.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Part of the env cleanup moved this out of the environment code and into
the net code. However, this helper is sometimes needed even when the net
stack isn't included.
Move the helper to lib/net_utils.c like it's similarly-purposed
string_to_ip(). Also rename the moved function to similar naming.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reported-by: Ondrej Jirman <megous@megous.com>
Imported from linux kernel v5.3:
pkcs7.asn1 without changes
pkcs7.h with changes marked as __UBOOT__
pkcs7_parser.h without changes
pkcs7_parser.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
x509.asn1 without changes
x509_akid.asn1 without changes
x509_parser.h without changes
x509_cert_parser.c with changes marked as __UBOOT__
x509_public_key.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
rsapubkey.asn1 without changes
rsa.h without changes
rsa_helper.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
asymmetric-type.h with changes marked as __UBOOT__
asymmetric_type.c with changes marked as __UBOOT__
public_key.h with changes marked as __UBOOT__
public_key.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
build_OID_registry without changes
oid_registry.h without changes
oid_registry.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
asn1.h without changes
asn1_ber_bytecode.h without changes
asn1_decoder.h without changes
asn1_compiler.c without changes
This host command will be used to create a ASN1 parser, for example,
for pkcs7 messages or x509 certificates. More specifically, it will
generate *byte code* which will be interpreted by asn1 decoder library.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will be used in lib/crypto/x509_cert_parser.c, which
will also be imported from linux code in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the next commit, rtc_mktime(), for compatibility with linux, will be
implemented using rtc_mktime(), which is no longer drivers/rtc specific.
So move this file under lib/.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
linux_compat.c is the best place for kmemdup(), which is currenly used
only in ubifs.c, but will also be used when other kernel files
(in my case, lib/crypto/x509_cert_parser.c and pkcs7_parser.c) will be
imported. So just move it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
27084c03d3 ("spl: Allow tiny printf() to be controlled in SPL and
TPL") split this option in two for TPL and SPL, but didn't change the
Kconfig names, making them hard to set quickly.
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Move this function into init.h which seems to be designed for this sort
of thing. Also update the header to declare struct global_data so that it
can be included without global_data.h being needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Move these two functions into the irq_funcs.h header file. Also move
interrupt_handler_t as this is used by the irq_install_handler() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This function belongs in time.h so move it over and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a header file to house the lz4 compression function. Add a comment
while we are here, since it not even clear from the name what the function
actuall does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present this function sits in its own file but it does not really
justify it. There are similar string functions in vsprintf.h, so move it
there. Also add the missing function comment.
Use the vsprintf.h include file explicitly where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
These don't need to be in common.h so move them out into a new header.
Also add some missing comments.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Drop inclusion of crc.h in common.h and use the correct header directly
instead.
With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some of these have a space before the bracket. Drop it to fix the style.
Add some missing function comments while here.
Note that u32 and u8 cannot be used here since crc.h is included on the
host side.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Create a new rand.h header file and move functions into it, to reduce
the size of common.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some of the ARM11 boards have tight limits on the size of U-Boots. Hence
use EFI_LOADER=n as default on ARM11.
Set EFI_LOADER=y for the Raspberry Pi and Raspberry Pi Zero as these boards
have sufficient storage on the SD card.
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With an implementation for allow_unaligned() available for arm1136 and
arm1176 UEFI can be supported on these architectures.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
fatload USB was reported to fail on the Sheevaplug. Debugging showed that
this was caused by an incorrect unaligned write to memory in
path_to_uefi().
UEFI on ARM requires that unaligned memory access is enabled.
* ARMv5 does not support unaligned access at all.
* ARMv6 supports unaligned access when we clear the A flag and set the
U flag.
* On ARMv7 unaligned access is possible when clearing the aligned flag,
which we do in function allow_unaligned() (arch/arm/cpu/armv7/sctlr.S).
For none of the other cpus in arch/arm/cpu/ we have implemented a
similar function.
* ARMv8 allows unaligned access.
Let EFI_LOADER on ARM depend on SYS_CPU=armv7 or SYS_CPU=armv8.
Once we have implemented allow_unaligned() for other ARM CPUs we can add
these to Kconfig.
Reported-by: Gray Remlin <gryrmln@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The loading convention for optee or any other tee on arm64 is as bl32
parameter to the trusted-firmware. So TF-A gets invoked with the TEE as
bl32 and main u-boot as bl33. Once it has done its startup TF-A jumps
into the bl32 for the TEE startup, returns to TF-A and then jumps to bl33.
All of them get passed a devicetree as parameter and all components often
get loaded from a FIT image.
OP-TEE will create additional nodes in that devicetree namely a firmware
node and possibly multiple reserved-memory nodes.
While this devicetree is used in main u-boot, in most cases it won't be
the one passed to the actual kernel. Instead most boot commands will load
a new devicetree from somewhere like mass storage of the network, so if
that happens u-boot should transfer the optee nodes to that new devicetree.
To make that happen introduce optee_copy_fdt_nodes() called from the dt
setup function in image-fdt which after checking for the optee presence
in the u-boot dt will make sure a optee node is present in the kernel dt
and transfer any reserved-memory regions it can find.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
The phandlep pointer returning the phandle to the caller is optional
and if it is not set when calling fdtdec_add_reserved_memory() it is
highly likely that the caller is not interested in a phandle to the
created reserved-memory area and really just wants that area added.
So just don't create a phandle in that case.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The change adding fdtdec_add_reserved_memory() already protected the added
phandle against the phandlep being NULL - making the phandlep var optional.
But in the early code checking for an already existing carveout this check
was not done and thus the phandle assignment could run into trouble,
so add a check there as well, which makes the function still return
successfully if a matching region is found, even though no-one wants to
work with the phandle.
Fixes: c9222a08b3 ("fdtdec: Implement fdtdec_add_reserved_memory()")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
As we can build relocation code for the sandbox now we should enable the
unit tests that had to be disabled up to now.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the sandbox the UEFI binaries must match the host architectures.
Adjust the Makefiles. Provide the PE/COFF header and relocation files.
Allow building helloworld.efi on the sandbox.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On the sandbox we should mark the stack area as EFI runtime memory like we
do on any other architecture.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, a whole disk without any partitions is not associated
with EFI_SIMPLE_FILE_SYSTEM_PROTOCOL. So even if it houses some
file system, there is a chance that we may not be able to access
it, particularly, when accesses are to be attempted after searching
that protocol against a device handle.
With this patch, EFI_SIMPLE_FILE_SYSTEM_PROTOCOL is installed
to such a disk if part_get_info() shows there is no partition
table installed on it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Only if no partition table exists, check for a file system on disk level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correctly check the return value of efi_dp_from_file().
If we can determine device path for the file, should not depend on the
device path for the device being requested.
Provide a function description for efi_dp_from_name().
Reported-by: Coverity CID 273159, CID 273158
Fixes: 08c51fff30 ("efi_loader: device_path: check against file path length")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Bring over the fdt from this commit:
430419c (origin/master) tests: fix some python warnings
adding in the 'assumptions' series designed to reduce code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
For better or worse libfdt recent grew a lot of code that checks the
validity of the device tree in great detail. When using unsigned or
unverified data this makes things safer, but it does add to code size.
Add some controls to select the trade-off between safety and code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl25wUcACgkQxIHbvCwF
GsQ16w/+IibWYFw2t6AdI8DLWOvlHR/PVAOrbF9cBi1vZPr4drEH6m1ymRWAKjRt
E4u8siBiIs5yhD7laL09JK4p/veTnoHCVrCdli9iPhIJUFGKz9uuXh4ruZgRnGIn
+j0ra0tkTRHeGX4bMtTpMVySQqIuLQ+2ZrMMnfKfnTTlLmhv436xUyBZ/CFl7k4J
7sFj/FfjRCYpe7nfHTqUGidJtJG1cc+hw26c1YrfiKB6piVdH43myOB5sPDW24g3
OPptJyUFqbQjjV6Eq0EOVJt103rVtXpQc0e4Oa/mDDkmrQZ1pUhXi3zhxmzMRDQu
k+9gX0IoSNJcW+e7DrcQsx5SmOnlvoC4euCypzhWEWvES89ftAHIitEAz9oTs6Gc
etwXFomvH797ZOoBztrja9XsfnLFHBQHaAiExqEVVFi/1nhDsYdj+xEDHjDU+cZx
E3UcrRNXcfA2+oaXpNBguzAOrMPX8UbrR1kkaMDTuJfA32Pe7RLz3aMfXyx1rAOU
t7GWSROOYtoNf5IU/Jha1F8231WRPJnWm1LQdzNLaGSmbG/H7vFgW4dpdxEyLn4m
C0Goj0GzmBIQxRL+38sCOKLVxPEpGoU/GzonC9bU0O+UyN57rAiwn9ZbTa6ZvJqG
/2tPoKiutJRueUH3IDWViMhyW/w0h0tj0BUiV5lAQ9X9vW4E1YQ=
=f0m8
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-01-rc2
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
Bootstage improvements for TPL, SPL
Various sandbox and dm improvements and fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl24zDoRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRiwf+Mf7oG//zjiZcHaPP6KOFb1CjwqLSuiaI
eCYB6GEZXuSpc8MjAw+baAfIw8MMFuaCfPsUQ5dDo391neK0sW9kkEsdcXnQBpB3
GdJYcewLN1UuJZovriGobIisGc0GQHh8gmRcVGWSKoEt+gAQauRtVYBIUPuS3JG+
ihZgYmVgICa+3tqavIbP2oZdXLuLAxR65mfiQHtiJwdCN3OOzyls2v0T0slQX9GV
ln6EvTk8OMIudBmkB7YiTmJF7AB+3PH/uBaiYyTKO9gtjLhnmCFvG5HxJTRFOKvU
F4oVWZJDEcqfZvYgWg8i5vgokMP41nzLfBr7j5ifUX1f3xwCHy/Tpw==
=S4XI
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-29oct19' of git://git.denx.de/u-boot-dm
- Fix for patman with email addresses containing commas
- Bootstage improvements for TPL, SPL
- Various sandbox and dm improvements and fixes
After updating libavb to most recent version from AOSP/master, two new
warnings appear:
Warning #1:
lib/libavb/avb_cmdline.c: In function 'avb_append_options':
lib/libavb/avb_cmdline.c:365:15: warning: 'dm_verity_mode' may be
used uninitialized in this function
[-Wmaybe-uninitialized]
new_ret = avb_replace(
^~~~~~~~~~~~
slot_data->cmdline, "$(ANDROID_VERITY_MODE)", dm_verity_mode);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/libavb/avb_cmdline.c:374:8: warning: 'verity_mode' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
if (!cmdline_append_option(
^~~~~~~~~~~~~~~~~~~~~~
slot_data, "androidboot.veritymode", verity_mode)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Warning #2:
lib/libavb/avb_slot_verify.c: In function 'avb_slot_verify':
lib/libavb/avb_slot_verify.c:1349:23: warning: 'ret' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
AvbSlotVerifyResult ret;
^~~
Fix those by providing default return values to affected functions.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Update libavb to commit 5fbb42a189aa in AOSP/master, because new version
has support for super partition [1], which we need for implementing
Android dynamic partitions. All changes from previous patches for libavb
in U-Boot are accounted for in this commit:
- commit ecc6f6bea6 ("libavb: Handle wrong hashtree_error_mode in
avb_append_options()")
- commit 897a1d947e ("libavb: Update SPDX tag style")
- commit d8f9d2af96 ("avb2.0: add Android Verified Boot 2.0 library")
Tested on X15:
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
read_rollback_index not supported yet
read_is_device_unlocked not supported yet
Verification passed successfully
AVB verification OK.
Unit test passes:
$ ./test/py/test.py --bd sandbox --build -k test_avb
test/py/tests/test_android/test_avb.py ss..s.
[1] 49936b4c01
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
malloc_cache_aligned() might return zero, so fix potential NULL pointer
access if __GFP_ZERO flag is set.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Add a simple implementation of this function, to allow logging to be
enabled in the SPL or TPL for systems that rely on the tiny printf()
implementation.
To keep the code size small,
- The function is built only when logging is enabled, as it
(currently) is not needed otherwise; and
- Like the existing implementation of snprintf(), its buffer-size
parameter is ignored.
Signed-off-by: Simon South <simon@simonsouth.net>
Macro ERRNO_MSG() ignores the error number but we should still use the same
constants as in include/linux/errno.h.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If errno_str() is called with an unsupported error number, do not return a
random pointer but a reasonable text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add get_timer_us(), which is useful e.g. when we need higher
precision timestamps.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Fixup arch/arm/mach-bcm283x/include/mach/timer.h]
Signed-off-by: Tom Rini <trini@konsulko.com>
'make tests' on an 32bit ARM system leads to
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:364:7: error: conflicting types for ‘memset’
void* memset(void*, int, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:103:15:
note: previous declaration of ‘memset’ was here
extern void * memset(void *,int,__kernel_size_t);
^~~~~~
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:365:7: error: conflicting types for ‘memcpy’
void* memcpy(void*, const void*, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:106:15:
note: previous declaration of ‘memcpy’ was here
extern void * memcpy(void *,const void *,__kernel_size_t);
^~~~~~
Use common.h as first include as recommended by the U-Boot coding style
guide.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With a bit of code reordering we can support %p using the existing code
for ulong.
Move the %p code up and adjust the logic accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is used in the bootstage report which may be trigged in TPL
or TPL. Add a very basic implication of this function so that it builds.
There is no attempt to get the formatting right, since this would add too
much code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The ctype array is brought into the image, adding 256 bytes, when it is
unlikely to be needed. The extra code for %p is only present when DEBUG
is defined, so let's drop ctype as well unless DEBUG is defined.
Signed-off-by: Simon Glass <sjg@chromium.org>
In the current implementation, EFI_SIMPLEFILE_SYSTEM_PROTOCOL is always
installed to all the partitions even if some of them may house no file
system.
With this patch, that protocol will be installed only if any file system
exists.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
device_path strcuture has 2 bytes of "length" field, and so
file path length should not exceed this limit, 65535.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, if image verification with a required key fails, rsa_verify()
code tries to find another key to verify the FIT image. This however, is
not the intended behavior as the documentation says that required keys
"must be verified for the image / configuration to be considered valid".
This patch fixes the issue by making rsa_verify() return immediately if
the verification of a required key fails.
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
- Rename existing FSP code to fsp1
- Add fsp2 directory in preparation to support FSP 2.0
- Various x86 platform codes update
- Various bug fixes and updates in dm core, sandbox and spl
This function ise effectively replaced by ofnode_read_pci_addr() which
works with flat tree. Delete it to avoid code duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present there is only one control for this and it is used for both SPL
and TPL. But SPL might have a lot more space than TPL so the extra cost of
a full printf() might be acceptable.
Split the option into two, providing separate SPL and TPL controls. The
TPL setting defaults to the same as SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
We don't have a console in SPL so it doesn't make sense to check for
Ctrl-C when printing a memory dump. Skip this so that print_buffer() can
be used in SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This allows our EFI API to create a device path node for NVMe
devices. It adds the necessary device path struct, uses the
nvme namespace accessor to retrieve the id and eui64, and also
provides support for the device path text protocol.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec has this sentence:
"Variables that have runtime access but that are not nonvolatile are
read-only data variables once ExitBootServices() is performed."
At least EDK2 therefore treats variable PlatformLangCodes only as read-only
at runtime. Nowhere do we make this variable read-only in U-Boot.
Do not use variable PlatformLangCodes for testing if the read only
attribute of variables is observed before ExitBootServices().
Fixes: 5a24239c95 ("efi_loader: selftest: enable APPEND_WRITE tests")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Errors should not only be announced as text but should also result in
EFI_ST_FAILURE being returned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Appending to a non-existent variable must result in an error of type
EFI_NOT_FOUND.
Fixes: 09c76b79a9db ("efi_loader: SetVariable() deleting variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reads the low cell of the PCI address from the wrong cell. Fix it.
Also fix the function that this code came from.
Fixes: 9e51204527 (dm: core: Add operations on device tree references)
Fixes: 4ea5243a3a (fdt: fix fdtdec_get_pci_addr() for CONFIG_PHYS_64BIT)
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
APPEND_WRITE with data length zero is allowable according to the UEFI
specification.
The EDK2 interpretation of no access attributes is attributes = 0. As
the UEFI specification is vague in this respect let's stick to EDK2 here.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We always have to return via EFI_EXIT() from EFIAPI functions.
Coverity reported an unreachable line and a resource leak.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Reported-by: Coverity Scan CID 253575, CID 184095
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove outdated TODO for efi_stri_coll(). efi_stri_coll() is already using
the Unicode capitalization table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
u16 version of strcmp(): u16_strncmp() works like u16_strcmp() but only
at most n characters (in u16) are compared.
This function will be used in my UEFI secure boot patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Now that APPEND_WRITE is supported,
the result check for the only existing test case should be changed to
'todo' to 'error', while two more test cases are added.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_VARIABLE_APPEND_WRITE is specified in attributes at
efi_set_variable(), specified data will be appended to the variable's
original value. Attributes other than APPEND_WRITE should not be
modified.
With this patch, APPEND_WRITE test in 'variables' selftest will pass.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
DisconnectController() should never return EFI_NOT_FOUND.
If EFI_DRIVER_BINDING_PROTOCOL.Stop() fails, return EFI_DEVICE_ERROR.
If the driver handle does not expose the EFI_DRIVER_BINDING_PROTOCOL
return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Sandbox's "host" devices are currently described as UCLASS_ROOT udevice
with DEV_IF_HOST block device. As the current implementation of
efi_device_path doesn't support such a type, any "host" device
on sandbox cannot be seen as a distinct object.
For example,
=> host bind 0 /foo/disk.img
=> efi devices
Scanning disk host0...
Found 1 disks
Device Device Path
================ ====================
0000000015c19970 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
0000000015c19d70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
=> efi dh
Handle Protocols
================ ====================
0000000015c19970 Device Path, Device Path To Text, Device Path Utilities, Unicode Collation 2, HII String, HII Database, HII Config Routing
0000000015c19ba0 Driver Binding
0000000015c19c10 Simple Text Output
0000000015c19c80 Simple Text Input, Simple Text Input Ex
0000000015c19d70 Block IO, Device Path, Simple File System
As you can see here, efi_root (0x0000000015c19970) and host0 device
(0x0000000015c19d70) have the same representation of device path.
This is not only inconvenient, but also confusing since two different
efi objects are associated with the same device path and
efi_dp_find_obj() will possibly return a wrong result.
Solution:
Each "host" device should be given an additional device path node
of "vendor device path" to make it distinguishable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We do not support volume label changes. No parameter checks are needed
here.
When the info for as file is changed the buffer must always contain a file
name.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters of EFI_FILE_PROTOCOL.GetInfo() to avoid possible NULL
dereference.
Check the buffer size for EFI_FILE_SYSTEM_INFO.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot determine the volume name in U-Boot. Instead of providing a dummy
volume name in case of EFI_FILE_SYSTEM_INFO and EFI_UNSUPPORTED in case of
EFI_FILE_SYSTEM_VOLUME_LABEL consistently return an empty string.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires to implement version 2 of the
EFI_FILE_PROTOCOL. Provide the missing functions as stubs.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The file size has to be determined in multiple places. Factor out a common
function.
If on entry into EFI_FILE_PROTOCOL.Read() the current position is beyond
the end of the file, return EFI_DEVICE_ERROR.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_FILE_PROTOCOL.Read() is used both to read files and directories.
When reaching the end of a directory we always have to return buffer size
zero irrespective of the incoming buffer size. (The described scenario for
a Shim quirk cannot arise because every directory has at least '.' and '..'
as entries.)
Even when the buffer_size is too small multiple times we have to keep a
reference to our last read directory entry.
When we return to the start of the directory via SetPosition() we must
remove the reference to a previously kept directory entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
ascii2unicode() can only convert characters 0x00-0x7f from UTF-8 to UTF-16.
Use utf8_utf16_strcpy() instead.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters passed to Write():
* cannot write to directories (UEFI SCT 2017, 5.7.3.5.15)
* cannot write to file opened read only (UEFI SCT 2017, 5.7.3.5.16)
Add missing comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot do anything in EFI_BLOCK_IO_PROTOCOL.Reset() but this does not
justify to return an error.
Let EFI_BLOCK_IO_PROTOCOL.Reset() return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_PRINT() offers indention of debug messages. Adjust the debug messages
of the BLOCK_IO_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check parameters of ReadBlocks() and WriteBlocks().
If the buffer size is not a multiple of the block size, we have to return
EFI_BAD_BUFFER_SIZE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.SetMode() should return EFI_UNDEFINED if a
screen mode is not available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
When backspacing in column 0 do no set the column index to ULONG_MAX.
Ensure that the row number is not set to ULONG_MAX even if the row count is
advertised as 0.
Ignore control characters other the 0x08, 0x0a, 0x0d when updating the
column.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct the name of the partition size component in struct
efi_device_path_cdrom_path.
Render entry, start, and size when converting a CD-ROM device path node to
text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Vendor device paths may contain data. When converting vendor device paths
to text this binary data has to be rendered.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Adding a conventional memory region to the memory map may require ram_top
limitation and it can be also commonly used. Extract adding a conventional
memory to the memory map in a separate routine for generic use.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the MCastIPtoMAC service of the simple network protocol.
It converts an multicast IPv4 (or IPv6) address to a multicast Ethernet
address.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The network should start in status EfiSimpleNetworkStopped.
Add and correct status checks in the simple network protocol.
Correct the unit test:
* Shutdown() and Stop() during setup if needed
* invoke Shutdown() before Stop() when tearing down
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fill the media header in EFI_SIMPLE_NETWORK.Transmit().
Check that the buffer size is large enough for the header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check that when the WaitForPacket event occurs
EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT is set.
Check the return value of Receive().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GetStatus() must clear the interrupt status.
Transmit() should set the TX interrupt.
Receive() should clear the RX interrupt.
Initialize() and Start() should clear the interrupt status.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To fully demonstrate crash outputs for UEFI images provide a standalone
UEFI application that tries to invoke an illegal opcode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current preprocessor logic prevents CONFIG_OF_PRIOR_STAGE from being
used in U-Boot SPL. Change the logic to also make it available in U-Boot
SPL.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
Commit 7f95104d91 ("efi_loader: detach runtime in ExitBootServices()")
added a call to efi_runtime_detach() to ExitBootServices() but did not
remove the call in SetVirtualAddressMap().
Remove the superfluous function call.
Correct a comment referring to efi_runtime_detach().
Fixes: 7f95104d91 ("efi_loader: detach runtime in ExitBootServices()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters DescriptorSize and DescriptiorVersion of
SetVirtualAddressMap() as prescribed by the UEFI specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot implements the EFI_PXE_BASE_CODE_PROTOCOL because GRUB uses the mode
information for booting via PXE. All function pointers in the protocol were
NULL up to now which will cause immediate crashes when the services of the
protocol are called.
Create function stubs for all services of the protocol returning
EFI_UNSUPPORTED.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This file contains lots of internal details about the environment. Most
code can include env.h instead, calling the functions there as needed.
Rename this file and add a comment at the top to indicate its internal
nature.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fixup apalis-tk1.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Avoid using a typedef here which is unnecessary. Add an 'env_' prefix to
both the enum and its members to make it clear that these are related to
the environment.
Add an ENV prefix to these two flags so that it is clear what they relate
to. Also move them to env.h since they are part of the public API. Use an
enum rather than a #define to tie them together.
Signed-off-by: Simon Glass <sjg@chromium.org>
This typedef does not need to be defined in the search.h header since it
is only used in one file (hashtable.c). Remove it from the header and
change it to a struct.
Signed-off-by: Simon Glass <sjg@chromium.org>
U-Boot is not supposed to use typedef for structs anymore. Also this name
is the same as the ENTRY() macro used in assembler files, and 'entry'
itself is widely used in U-Boot (>8k matches).
Drop the typedef and rename the struct to env_entry to reduce confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
As part of the effort to remove things from common.h, create a new header
for the gzip functions. Move the function declarations to it and add
missing documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Use efi_uintn_t where the UEFI spec uses UINTN. Use efi_uintn_t also for
the result of the division of two efi_uintn_t.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We read the address map before assigning the memory for the pages that will
be mapped to virtual addresses. So these pages will overlap with the entry
for EFI_CONVENTIONAL_MEMORY. We have to ensure that every page is described
at most once in the map.
Remove EFI_CONVENTIONAL_MEMORY from the map that we pass to
SetVirtualAddressMap().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GRUB on ARM 32bit prior to version 2.04 lacks proper handling of caches.
In U-Boot v2019.04 a workaround for this was inadvertently removed.
The workaround is currently also needed for booting on systems with caches
that cannot be managed via CP15 (e.g. with an i.MX6 CPU).
Re-enable the workaround and make it customizable.
Fixes: f69d63fae2 ("efi_loader: use efi_start_image() for bootefi")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Packed structures like struct uuid are not aligned. GCC 9.1 therefore
throws an error when trying to compile gen_rand_uuid().
lib/uuid.c: In function ‘gen_rand_uuid’:
lib/uuid.c:244:2: error: converting a packed ‘struct uuid’ pointer
(alignment 1) to a ‘unsigned int’ pointer (alignment 4) may result in
an unaligned pointer value [-Werror=address-of-packed-member]
244 | unsigned int *ptr = (unsigned int *)&uuid;
| ^~~~~~~~
Generate the uuid in a properly aligned buffer.
The byte order of a random number should not matter. Do not call
cpu_to_be32() to change the byte order.
Reported-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
* Address errors of type -Werror=address-of-packed-member when building
with GCC9.1
* Fix an error when adding memory add addres 0x00000000.
* Rework some code comments for Sphinx compliance.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl0vSQEACgkQxIHbvCwF
GsQfxQ//d/i5Ix7V5rtm9U1ew2lkaQw5O1/E//Ta//0AeWLaEnFf0ln1Fx5jLF6E
f70uE6iDRgnxfZWD/rnCqv7HZrokpy3GuXnUfAZTgEvsngqicw8dAAU9Ql9Q62i9
N302GhaCGkbBp3MBOLRBXJmKuTnnzfU7jkeYo1tZbZe3AoqSNtI8ND86DHSotuUM
9Ck5367LdcG5O86N8gIxBtCcnthq94GgS/tY69iuPhhKqN3oV6MbzjqmI4wtkVH6
RhJSQspTsmyKTSivbcgpgIPXJJnTwh0nZcQWmzC81ehU3LF9i1M1J4SAqsZ7kpgt
jWY959iXnd7iNfwFiCTLpf+mDrviyPzntt/aE8ras5IwbQdiwZONeQ/mhkP2Snoo
RDX+dB3JqpyO/T+4uMdq+2saYBtKZ9CUKclqqh/xwvv5Bs63qHGC3KKYnjQx1sKA
k5QD3XSOPDLYbqQBIcgiB9T5TWkO1igJVEWRxPtExl31DTkSXy6f7G1F7sZ+Ey+5
gugIhNeTCme4a9bSIc7FjFaZSvPR2SNd8azUkSfso6Vqd9bNRShBF7pImlrCRmj8
Xc0sknW824LOdeM6ZC54J7lYKyLfL3HljzYSiM7KExt21mAjNHWXt312hINr6SOA
gz+/Osdyrv8GniP86Zw3kACto6Chaw51PEV1WReYPT3LNwinvoU=
=aj4j
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-10-rc1-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for v2019.10-rc1 (2)
* Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
* Address errors of type -Werror=address-of-packed-member when building
with GCC9.1
* Fix an error when adding memory add addres 0x00000000.
* Rework some code comments for Sphinx compliance.
Commit c7b3a7ee53 ("optee: adjust dependencies and default values for
dram") makes the TZDRAM defines for OPTEE show up for all configs as a
side-effect. While not harmful its not what we really want.
This patch makes the following defines contingent on CONFIG_OPTEE=y
CONFIG_OPTEE_TZDRAM_BASE
CONFIG_OPTEE_TZDRAM_SIZE
Rightly, if you don't have CONFIG_OPTEE=y you don't care about the above
two defines.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Acked-by: Rui Miguel Silva <rui.silva@linaro.org>
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.
Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>
The device path structure is packed. So no assumption on the alignment is
possible. Copy the file name in efi_file_from_path() to assure there is no
unaligned access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Change comment for struct efi_pool_allocation to match Sphinx style.
Describe all structure fields.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add missing parameter descriptions.
Remove an invalid link.
Correct the formatting of a function comment.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
scripts/kernel-doc pointed out some errors in the function comments in
efi_boottime.c.
Add missing and remove superfluous parameter descriptions.
Escape * in a function description.
Add empty lines for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.
This patch does the following:
- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()
Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for SetVirtualAddressMap() and ConvertPointer().
As ConvertPointer() is not implemented yet this will spit out some
warnings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
This requires allocating the event and the event list from runtime data.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_set_virtual_address_map_runtime() must be of type __efi_runtime.
Fixes: ee8ebaaaae ("efi_loader: split off detaching SetVirtualAddress()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Boot services are not available after calling ExitBootServices(). So we
should not try to close an event here.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
The USE_TINY_PRINTF symbol only changes things within SPL and TPL
builds, so make it depend on that support. Next, make it default as
within these cases we should rarely have need of more advanced print
formats outside of the debug context.
To do this, in a few cases we need to correct our Kconfig dependencies
as we had cases of non-SPL targets select'ing this symbol. Finally, in
the case of a few boards we really do need the full printf
functionality.
Signed-off-by: Tom Rini <trini@konsulko.com>
There is no good reason to limit the trace buffer to 2GiB on a 64bit
system. Adjust the types of the relevant parameters.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Up to now we had hard coded values for the call depth up to which trace
records are created: 200 for early tracing, 15 thereafter. UEFI
applications reach a call depth of 80 or above.
Provide customizing settings for the call trace depth limit and the early
call trace depth limit. Use the old values as defaults.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
An UEFI application may change the value of the register that gd lives in.
But some of our functions like get_ticks() access this register. So we
have to set the gd register to the U-Boot value when entering a trace
point and set it back to the application value when exiting the trace
point.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Free the memory allocated to store the test FDT upon test completion to
avoid leaking the memory. We don't bother cleaning up on test failure
since the code is broken in that case and should be fixed, in which case
the leak would also go away.
Reported-by: Tom Rini <tom.rini@gmail.com>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It doesn't make a lot of sense to hang on sandbox when hang() is called,
since the only way out is Ctrl-C. In fact, Ctrl-C does not work if the
terminal is in raw mode, which it will be if the command-line has not been
reached yet. In that case, Ctrl-Z / kill -9 must be used, which is not
very friendly.
Avoid all of this by quiting when hang() is called.
Signed-off-by: Simon Glass <sjg@chromium.org>
Linux can be called with a command line parameter efi=novamap, cf.
commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be
omitted"). In this case SetVirtualAddressMap() is not called after
ExitBootServices().
OpenBSD 32bit does not call SetVirtualAddressMap() either.
Runtime services must be set to an implementation supported at runtime
in ExitBootServices().
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Suggested-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The runtime services SetVirtualAddress() and ConvertPointer() become
unavailable after SetVirtualAddress(). Other runtime services become
unavailable after ExitBootServices.
Move the update of SetVirtualAddress() and ConvertPointer() to
efi_relocate_runtime_table().
Use functions with the correct signature when detaching.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test for the variable services at runtime.
Currently we expect EFI_UNSUPPORTED to be returned as the runtime
implementation is still missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Unimplemented runtime services should always return EFI_UNSUPPORTED as
described in the UEFI 2.8 spec.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Our variable services are only provided at boottime. Therefore when
leaving boottime the variable function are replaced by dummy functions
returning EFI_UNSUPPORTED. Move this patching of the runtime table to the
variable services implementation. Executed it in ExitBootServices().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The detaching of the runtime will have to move to ExitBootServices() to
encompass operating system that do not call SetVirtualAddressMap().
This patch changes the logic for the relocation of the pointers in the
runtime table such that the relocation becomes independent of the entries
in the detach list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some entries in the system table are set to NULL in ExitBootServices(). We
had them in the runtime detach list to avoid relocation of NULL. Let's
instead assign the pointers dynamically in efi_initialize_system_table() to
avoid the relocation entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let's keep similar things together.
Move efi_query_variable_info() to lib/efi_loader/efi_variable.c
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current short description has a typo. Let it stand out clear that we
provide unit tests.
Improve the description of the CMD_BOOTEFI_SELFTEST configuration option.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
This pull request provides error fixes for the graphical output protocol,
the text output protocol, and the extended text input protocol.
Setting the boot device for the bootefi command is now not only supported
by the 'load' command but also for the file system specific commands like
'fatload'.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl0NDgQACgkQxIHbvCwF
GsQ5wBAAgUPlH9jb9wokgMht8cOjNMJk5QHiiZr65iyXIPHWQ+c+Pu4QyQu5J3tO
avOjWvtwW4aGPBTkSl0dA8w2RF738YWIOskg04YxBlFL46D3op61OJ2DgSqglDiy
ugotkg/MZPkNr2gWTtNw9RWvehb9gnBn7w8OSQ/ffnC+8YoSvBvmaWHtSepgvRXn
3hPh2YsSe8u74cLN/P3gxWnUIdpwHRsBwIc8b7/PNIviWLcjyQE6B1qBIZWIspvo
qlqadijJIs331zeJXEaoXRdgV2VEdA0eHEAzeC4cswc/KpSmfH5XmxWjOU2o/TiM
V2FgN9ud4JwuNnhAJKkXSdVHuzKsbtt3XRkUdKgLG+PYYBsRGfCkyrPPjI6z7VtA
5yh+kN65UuLCxrWskZQrdwTqSZ9WMPhGFDt727vuOHdvbAoZ7cuqMtvoDj3hJ4ig
kb1++il5lQ5sXwEiB9+WrDTXCT0TwZw4qiVL72IDpeGlXRTfxvb/s5pLDU7O0rfV
Pfp4rDDl0hGMP4guch4fJDEW1jYMQATowzh3PNkpw+vvjtofRFoVNtS9lhx1vXCN
kxG9I8m4F5Iexe9eFfx7gAYiqM42fd/VbSNAsJKyl/q4OFK4ebbCK7lwRqpZKPg4
5jVR8pPKVTqxRolsWa4ikIGG/pVAecLWO+TawLeq//brp2PJ/a8=
=GvWF
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc5-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc5 (3)
This pull request provides error fixes for the graphical output protocol,
the text output protocol, and the extended text input protocol.
Setting the boot device for the bootefi command is now not only supported
by the 'load' command but also for the file system specific commands like
'fatload'.
When build SPL_OF_PLATDATA on i.MX6, meet issue the fdtdec_get_int
not defined, however fdtdec.c will use fdtdec_get_int, so let's
compile fdtdec_common.c when OF_LIBFDT selected.
Since there is also SPL_OF_LIBFDT, so need to use
CONFIG_$(SPL_TPL_)OF_LIBFDT.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If EFI_FILE_PROTOCOL.Delete() fails, always close the handle and return
EFI_WARN_DELETE_FAILURE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If no matching package list is found in ListPackageLists(), return
EFI_NOT_FOUND.
If we do not support a package type, we will not find a matching package
list. Remove the unreachable EFI_PRINTF() statements.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_GRAPHICS_OUTPUT_PROTOCOL.QueryMode() must allocate a buffer for the
mode information structure.
Adjust the unit test to free the buffer.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_GRAPHICS_OUTPUT_PROTOCOL.SetMode() is called with an invalid mode,
return EFI_UNSUPPORTED.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_GRAPHICS_OUTPUT_PROTOCOL.Blt() is called with an invalid value of
BltOperation return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The SetAttribute() service and the Reset() service of the simple text
output protocol must update the attribute value in the mode information.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct the check of the mode number in SetMode() service of the simple
text output protocol.
Clear the screen in SetMode().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This variable is defined in UEFI specification 2.8, section 8.1.
Its value should be updated whenever we add any usable runtime services
function.
Currently we only support SetVirtualAddress() for all systems and
ResetSystem() for some.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Return EFI_INVALID_PARAMETER if the variable name has zero length or the
variable has runtime access but not boottime access.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification does not specify if the characters that have to be
replaced by underscore in function StrToFat() of the Unicode collation
protocol are those forbidden in FAT long names or those in FAT short names.
EDK2 and UEFI SCT assume it is those forbidden in FAT 8.3 short names.
Adjust the list of forbidden characters.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
It must be possible to allocate memory at address 0 with AllocatePages().
Move a NULL pointer check.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If an image already has been started, return EFI_INVALID_PARAMETER when
StartImage() is called for the same handle again.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we have only been using a flag queued for events. But this does
not satisfy the requirements of the UEFI spec. Events must be notified in
the sequence of decreasing TPL level and within a TPL level in the sequence
of signaling.
Implement a queue for signaled events.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If any member of the event group is signaled, all members must be set to
signaled and their notification functions have to be queued.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
ExitBootServices() has to stop timer related activity before calling the
events of the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. But our
current implementation was stopping all other events.
All events have to observe the task priority level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If an event is already in the signaled state, SignalEvent should not queue
the notification function but simply return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In a following patch efi_signal_event() will only queue an event if it is
not signaled.
Set the is_signaled status to false before signaling the event.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bulk of these changes are an effort to unify Tegra186 builds with
builds of prior 64-bit Tegra generations. On top of that there are
various improvements that allow data (such as the MAC address and boot
arguments) to be passed through from early firmware to the kernel on
boot.
In the UEFI context GUIDs are expected to be rendered in upper case.
The patch uses the formerly unused bit 1 of the parameter str_format
of function uuid_bin_to_str() to indicate if we need upper or lower case
output.
Function uuid_string() in vsprint.c is adjusted to correctly set the bit
depending on the print format code.
%pUb: 01020304-0506-0708-090a-0b0c0d0e0f10
%pUB: 01020304-0506-0708-090A-0B0C0D0E0F10
%pUl: 04030201-0605-0807-090a-0b0c0d0e0f10
%pUL: 04030201-0605-0807-090A-0B0C0D0E0F10
Up to this point only a diagnostic message in mount_ubifs() using '%pUB' is
concerned by the change. Further patches are needed to adjust the UEFI
subsystem.
A unit test is provided inside the ut_print command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Support for managing the non-volatile attribute of UEFI variables
is added though we do not have a backend for persistence yet.
Error messages for changes of UEFI variables are provided.
UEFI boottime service implementations are corrected.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAlz3mYcACgkQxIHbvCwF
GsTNgw/8DSxiFXvOF6eTWd2POYfu9wjZXCcMtpsfuLA3b58AjF0VfYhoXgQoel1B
BnP6wzaIajIM8yafvia38EBloa2ZkBPjqUD/dtvs/hYe9x9kMCqLpsbOgHmjKF4b
X6w4j4OOvOaEuKnsi6faWmXfsOWA5laYz6/u1Ewau+0P5SMnt/0piVMqkLofFO1i
TcUzzn8MyfuCOu6UH+nqMZMguPaLkiCZX+aS6Q6tDfd5wfVRDtGTMGrMO/X42tLB
vqAgW6qRV8U4H08gBx8u2+xiO67soiH+7AVuhc+/6inMCPyAXBwVlr79YihNi75o
FOftPJ3hcJ+YkLNSVpwayKzrPa9GCCB2PGVDPCWQMwejIgQMkLPq2xRbFCPmLC4N
WM4E11lqLSDL4xUTqhn+bJfRofaIpV9t79VVNAOkwHD7Wj0mnOVWjnpY+bB3n3hN
LAneXPiUoQXSy9d3F2dd6J3emQMSTK4TPchGwWyfFwTe8VszynvHbWU8AGyCjbop
/XAlBHYfuTLjvB+j8WLfua7ocmMtvIAU3CLC8OJ6bvga/VIPtG17rGAiQ1RP9W0u
JZ4QKOnU2M8NiOrq45GIQEUV/UocNDJ2g5fZshLIzNk1it90RFEQ7kR6WYZZg4Hq
zHSVjKijqxUcqKfQbSukJInDYI8xS1F+jKgB3HdGCg49ZZb/y74=
=mCc9
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc4-2' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc4-2
Support for managing the non-volatile attribute of UEFI variables
is added though we do not have a backend for persistence yet.
Error messages for changes of UEFI variables are provided.
UEFI boottime service implementations are corrected.
This function can be used to set the local MAC address for the default
Ethernet interface in its device tree node. The default interface is
identified by the "ethernet" alias.
One case where this is useful is for devices that store their MAC
address in a custom location. Once extracted, board code can store the
MAC address in U-Boot's control DTB so that it will automatically be
used by the Ethernet uclass.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
The attribute, EFI_VARIABLE_NON_VOLATILE, should be encoded as "nv" flag
in U-Boot variable if specified.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the memory map is changed signal events of the
EFI_EVENT_GROUP_MEMORY_MAP_CHANGE event group.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a user defines BootNext but not BootOrder and loading from BootNext
fails, you will see only a message like this:
BootOrder not defined
This may confuse a user. Adding an error message will be helpful.
An example output looks like this:
=> efidebug boot add 0001 label1 scsi 0:1 "\path1\file1.efi" "--option foo"
=> efidebug boot add 0002 label2 scsi 0:1 "\path2\file2.efi" "--option bar"
=> efidebug boot add 0003 label3 scsi 0:1 "\path3\file3.efi" "--option no"
=> efidebug boot order 0001 0002
=> efidebug boot next 0003
=> bootefi bootmgr
Loading from Boot0003 'label3' failed
Loading from BootNext failed, falling back to BootOrder
Loading from Boot0001 'label1' failed
Loading from Boot0002 'label2' failed
EFI boot manager: Cannot load any image
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust messages.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EnableCursor() service of the simple text output protocol must update
the the CursorVisible field of the output mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the UEFI Stall() boottime service we need access to usec_to_tick().
Export the function.
Remove redundant implementation in arch/arm/mach-rockchip/rk_timer.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If DisconnectController() is called and no driver is managing
ControllerHandle, return EFI_SUCCESS.
UEFI SCT II 2017, 3.3.12 DisconnectController(), 5.1.3.12.4 - 5.1.3.12.6
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test that checks that the open protocol information is
correctly updated when opening and closing protocols.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CloseProtocol() must delete all open protocol information records relating
to import parameters not only one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When a protocol is opened the open protocol information must be updated.
The key fields of the open protocol information records are ImageHandle,
ControllerHandle, and Attributes.
Consider the Attributes field when determining if an open protocol
information record has to be updated or a new one has to be created.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires that when a protocol is opened via
HandleProtocol() the agent handle is the image handle of the EFI firmware
(see chapter on EFI_BOOT_SERVICES.OpenProtocol()).
Let efi_handle_protocol() pass efi_root as agent handle to
efi_open_protocol().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The GetTime() and the SetTime() runtime services are not obligatory. So
let's make them customizable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If SetTime() is meant to set daylight saving time it will be called with
Time.Daylight == EFI_TIME_ADJUST_DAYLIGHT | EFI_TIME_IN_DAYLIGHT.
Return 0 from GetTime() if time is not in daylight because we cannot
determine if we are in a time zone with daylight saving time.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec prescribes that we check that the timestamp passed to
SetTime() is checked for validity.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When uninstalling a protocol the following steps are needed:
* request all drivers to disconnect
* close protocol for all non-drivers
* check if any open instance of the protocol exists on the handle and
return EFI_ACCESS_DENIED in this case
* remove the protocol interface
By tort we tested for remaining open protocol instances already after
requesting drivers to disconnect.
With this correction the UEFI SCT II tests for UninstallProtocolInterface()
and ReinstallProtocolInterface are passed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When trying to open a protocol exclusively attached drivers have to be
removed. This removes entries in the open protocol information linked list
over which we are looping. As additionally child controllers may have been
removed the only safe thing to do is to restart the loop over the linked
list when a driver is removed.
By observing the return code of DisconnectController() we can eliminate a
loop.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In LocateProtocol() implement searching by the registration key returned by
RegisterNotifyProtocol().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The code to check if a registration key is a valid key returned by
RegisterProtocolNotify() can be reused. So let us factor it out into a new
function efi_check_register_notify_event().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a user defines BootNext but not BootOrder and loading from BootNext
fails, you will see only a message like this:
BootOrder not defined
This may confuse a user. Adding an error message will be helpful.
An example output looks like this:
=> efidebug boot add 0001 label1 scsi 0:1 "\path1\file1.efi" "--option foo"
=> efidebug boot add 0002 label2 scsi 0:1 "\path2\file2.efi" "--option bar"
=> efidebug boot add 0003 label3 scsi 0:1 "\path3\file3.efi" "--option no"
=> efidebug boot order 0001 0002
=> efidebug boot next 0003
=> bootefi bootmgr
Loading from Boot0003 'label3' failed
Loading from BootNext failed, falling back to BootOrder
Loading from Boot0001 'label1' failed
Loading from Boot0002 'label2' failed
EFI boot manager: Cannot load any image
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust messages.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When a protocol is installed the handle should be queued for the
registration key of each registered event. LocateHandle() should return the
first handle from the queue for the registration key and delete it from the
queue.
Implement the queueing.
Correct the selftest.
With the patch the UEFI SCT tests for LocateHandle() are passed without
failure.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If a variable already exists, efi_set_variable() should not change
the variable's attributes. This patch enforces it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current efi_st_variable() doesn't support EFI_VARIABLE_APPEND_WRITE
attiribute for now, and so should return an error.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fix typos is commit message.
Add TODO comment.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The error here should be marked *todo*.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since commit 226cddbe32 ("efi_loader: check device path in
InstallMultipleProtocolInterfaces") iPXE fails to access the network.
LocateDevicePath() returns EFI_SUCCESS even if a shorter path is found as a
partial match. It returns the remaining path. So to be sure that we found a
complete match we need to check that the remaining path refers to an end
node.
Provide debug output if a device path has already been installed.
Fixes: 226cddbe32 ("efi_loader: check device path in
InstallMultipleProtocolInterfaces")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec 2.8 the GetTime() runtime service should return
EFI_UNSUPPORTED if the real time clock is not available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement the SetTime() runtime service.
Extend the real time clock selftest to check setting the clock.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot already defines the {upper,lower}_32_bits() macros that have the
same purpose. Use the existing macros instead of defining new APIs.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Do not write to address indicated by NULL pointer.
UEFI SCT II 2.6 (2017), 3.6.5 GetNextMonotonicCount(), 5.1.5.5.1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Not checking the parameters may lead reading or writing from NULL.
Implement the parameter checks prescribed in the UEFI spec.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI spec InstallMultipleProtocolInterfaces() must check
if a device path has already been installed. In this case it must return
EFI_ALREADY_STARTED.
Cf. UEFI SCT II 2.6 A (2017),
3.3.16 InstallMultipleProtocolInterfaces(), 5.1.3.16.1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. Unfortunately it is required to run the UEFI Self Certification
Test (SCT) II, version 2.6, 2017. So we implement it here for the sole
purpose of running the SCT. It can be removed once a compliant SCT is
available.
The configuration option defaults to no.
Signed-off-by: Rob Clark <robdclark@gmail.com>
Most of Rob's original patch is already merged. Only the deprecated
protocol is missing. Rebase it and make it configurable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Rename variables to make it clear they refer to the Unicode collation
protocol identified by the EFI_UNICODE_PROTOCOL2_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check buffer pointers are not NULL as required by the UEFI 2.7 spec.
Return EFI_UNSUPPORTED instead of EFI_INVALID_PARAMETER when trying to
transmit with non-zero header_size.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.7 erratum A leaves it undefined if Attributes should be set if
GetVariable() returns EFI_BUFFER_TOO_SMALL.
UEFI spec 2.8 defines that Attributes should be set if the return value is
either EFI_SUCCESS or EFI_BUFFER_TOO_SMALL.
Set Attributes if the return value is EFI_BUFFER_TOO_SMALL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol renders ACPI device nodes incorrectly.
Use capital hexadecimal numbers as shown in the UEFI spec examples.
Always output the optional UID. This matches what UEFI SCT expects and
saves us an `if`.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI SCT uses this call sequence to determine the current TPL level inside
notification functions:
OldTpl = BS->RaiseTPL(TPL_HIGH_LEVEL);
BS->RestoreTPL(OldTpl);
In RestoreTPL() we trigger the notification function of queued events. If
we do not mark the event as non-queued before calling the notification
function, this results in an infinite recursive call sequence.
Mark the event as non-queued before entering the notification function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If AllocatePages() is called with AllocateAddress, the UEFI spec requires
to return EFI_NOT_FOUND in case the memory page does not exist.
The UEFI SCT II 2017 spec additionally requires to return EFI_NOT_FOUND if
the page is already allocated.
Check that *Memory refers to an unallocated page.
UEFI SCT II (2017): AllocatePages(), 5.1.2.1.9 - 5.1.2.1.10
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI AllocatePages() has to return EFI_OUT_OF_RESOURCES if
sufficient memory is not available.
Change the return value.
UEFI SCT II (2017): 3.2.1 AllocatePages(), 5.1.2.1.8
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we call FreePages() we essentially add memory to our memory map. We
shouldn't do this for memory that does not exit.
Check if the memory that is to be freed via FreePages() or FreePool() is in
our memory map and is not EFI_CONVENTIONAL_MEMORY.
This check is mandated by the UEFI specification.
Cf. UEFI SCT II (2017), 3.2.2 FreePages(), 5.1.2.1 - 5.1.2.2
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI specification UninstallProtocolInteface() has to
return EFI_NOT_FOUND if the interface is not found.
Correct the return value.
Cf. UEFI SCT II spec (2017), 3.3.2 UninstallProtocolInterface(), 5.1.3.2.4
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A parameter check in LocateDevicePath() does not match the requirements of
the UEFI spec.
If device is NULL, only return EFI_INVALID_PARAMETER if a matching handle
is found.
Cf. UEFI SCT II specification (2017)3.3.7 LocateDevicePath(), 5.1.3.7.3
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The device path to text protocol is not needed for EBBR compliance. So
let's make it a customizable option.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The Unicode collation protocol is not needed for EBBR compliance. So let's
make it a customizable option.
The Unicode capitalization table is only needed by this protocol. So let it
depend on the Unicode collation protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use if/endif for dependencies to give structure to the configuration menu.
Sort important settings to the top.
Abbreviate the short description of EFI_LOADER_HII.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Consistently use efi_uintn_t as type of memory keys.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <graf@amazon.com>
If the size of the source buffer is 0, return EFI_LOAD_ERROR.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.6)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the parent image handle does not refer to a loaded image return
EFI_INVALID_PARAMETER.
(UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.1)
Mark our root node as a loaded image to avoid an error when using it as
parent image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
HandleProtocol() and OpenProtocol() have to return EFI_UNSUPPORTED if the
protocol is not installed on the handle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For correct indentation of messages in the UEFI API implementation use
EFI_PRINT() instead of debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Return EFI_INVALID_PARAMETER from CloseProtcol() if the agent handle is not
valid.
Return EFI_INVALID_PARAMETER if the optional controller handle is not
valid.
Return immediately from efi_search_obj if the handle is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The RegisterProtocolNotify() boot service registers an event to be
notified upon the installation of a protocol interface with the
specified GUID.
Add the missing implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The notification function of events of type EVT_NOTIFY_SIGNAL should always
be queued when SignalEvent() is called.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Function memcmp() is available in efi_freestanding.c. So we do not remove a
further implementation.
Replace all usages of efi_st_memcmp() by memcmp().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement unloading of images in the Exit() boot services:
* unload images that are not yet started,
* unload started applications,
* unload drivers returning an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In UnloadImage() we need to know if an image is already started.
Add a field to the handle structure identifying loaded and started images.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If LocateHandle() does not find an entry EFI_NOT_FOUND has to be returned
even if BufferSize is NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CreateEventEx() does not allow the following event types:
* EVT_SIGNAL_EXIT_BOOT_SERVICES
* EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE
This check is needed to pass the UEFI SCT conformance test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.
Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().
Remove unused includes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the zstd library from Linux kernel (only decompression support).
There are minimal changes to build with U-Boot, otherwise the files are
identical to Linux commit dc35da16 from March 2018, the files had not
been touched since in kernel. Also SPDX lincese tags were added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
This adds the xxhash support from Linux. Files are almost identical to
those added to Linux in commit 5d240522 ("lib: Add xxhash module") (they
haven't been touched since in Linux). The only difference is to add some
includes to be compatible with U-Boot. Also SPDX lincese tags were
added.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.
Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 95f4bbd581 ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
introduced Kconfig option for gzip in U-Boot, but help text
says gzip for SPL, which is wrong. Fix this.
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Marek Vasut <marex@denx.de>
The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our
platform are always the same. Below is consistent on each cold boot:
=> ### interrupt autoboot
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
[1] https://patchwork.ozlabs.org/patch/1091802/
[2] https://patchwork.ozlabs.org/patch/1092945/
[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca
[4] commit da384a9d76 ("net: rename and refactor eth_rand_ethaddr() function")
Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().
Let the `bootefi` command print the exit data string in case of an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The field boot OptionalData in structure _EFI_LOAD_OPTIONS is for binary
data.
When we use `efidebug boot add` we should convert the 5th argument from
UTF-8 to UTF-16 before putting it into the BootXXXX variable.
When printing boot variables with `efidebug boot dump` we should support
the OptionalData being arbitrary binary data. So let's dump the data as
hexadecimal values.
Here is an example session protocol:
=> efidebug boot add 00a1 label1 scsi 0:1 doit1 'my option'
=> efidebug boot add 00a2 label2 scsi 0:1 doit2
=> efidebug boot dump
Boot00A0:
attributes: A-- (0x00000001)
label: label1
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit1
data:
00000000: 6d 00 79 00 20 00 6f 00 70 00 74 00 69 00 6f 00 m.y. .o.p.t.i.o.
00000010: 6e 00 00 00 n...
Boot00A1:
attributes: A-- (0x00000001)
label: label2
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit2
data:
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add comments. Rename a variable.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec requires that freeing of pages fails if the number of pages
to be freed is 'invalid'. Check that it is not zero.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CreateEvent() and CreateEventEx() should check that a notify function is
provided for either of EVT_NOTIFY_SIGNAL or EVT_NOTIFY_WAIT.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fixes for tracing with sandbox
Refactoring for boot_get_fdt()
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAlzAfvkACgkQfxc6PpAI
reYu9AgAjaFmydXjE8DxkSB3rR7DHZFTs1erVKAAL2v+Tdf7LDmz+j6u1M3v55WY
6r54f/gZ1UX5TEmQgEAKLa7QvvRO/lNvSGQnLHhZhv2IVWo7uWCKAUPdQ6XVZnUK
zO5v+ucs9Ne4HxQJHMC509HUIIBbydiRvUm8W0SeBZy4kEyJDuub4L+rpARkXNks
IZfKuY+VS4FK73D4M9PIhoXSubZgVS4AEcapakU1DvEz0kjsN4wr4idGrp3lutPC
455imz83JBq2+mx1oxclOGedkIDzTCq+nWQAwSftMehrJpGrp7RLNo0v4QZZUf4V
LIXRqObIYse9yQLkYPpeBdePMc8/tQ==
=0NJ2
-----END PGP SIGNATURE-----
Merge tag 'pull-24apr19' of git://git.denx.de/u-boot-dm
Various minor sandbox iumprovements
Fixes for tracing with sandbox
Refactoring for boot_get_fdt()
This patch series reworks the implementation of the `bootefi` command to
remove code duplication by using the LoadImage() boot service to load
binaries.
Missing short texts for UEFI protocols are added for display by the
`efidebug dh` command.
Missing parameter checks for AllocatePages() and CreateDeviceNode() are
implemented.
The constants for protocol GUIDs are changed to match the names in the UEFI
specification.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAly/PhwACgkQxIHbvCwF
GsRlbA/+JeegsUbV0fYFvdTi4JNPRlKqkzwyo2DoWN76M2MPb+l6d4quxhOdAOaf
3MpnCHb2z0567b7Ma5+KmAFYEBNJZrxAHthmtRnYhAbJMpE1ei6HzwJ29p+IYQKB
usc6eOH7ybb99v0KtxLRr1CMpvxK6zud5Zxcyym5nzoAaNP4AplaQDUM1mfYOHox
sRbEuoNpPkn50ejUtldb0Oh63vJ/bBBLojwQyGnGtBcRDf5bFehHzw5spD0oHPJv
7E1kze2679kOEsjPa39rFhh/8YaUd+giJW137V2cyFeEyw6ydNKXuWo9Zg0ahLOy
e+ddRjDCbi0edHbOjL6hdNTgGzdcKwy9bHqYJEacP+OLczmzimNQaALCDUzXcH1C
lGLHrhbMpV+Do4mFIFdIqPyW+rfRDsz9Sp84Y02M6TBzCK3XPmPXDRVpiTcWmfbb
ixD4HSQjvPDcmm98iJQIZrfcasnWbBInITqcGDDTIRg0snrYUsIoUNmQPpBDsuwD
O1hPV8iOpFA/a/8GLJpIgta34YIPZzjlaU38c5+qV7Tsx0ODsdpTVx8JCWeJPeK+
uhOXTWMlokgH//2ypHzIS9cUEBkoA6I9r4/fWpIjZe3iuxtV8ct2P5dHYcmrRFjY
lF1WpX3gNeWCgPbGa3Yg/crtpVW+M6hDEgknOPqTAOTjx/g7jpg=
=caQ+
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc1-3' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc1 (3)
This patch series reworks the implementation of the `bootefi` command to
remove code duplication by using the LoadImage() boot service to load
binaries.
Missing short texts for UEFI protocols are added for display by the
`efidebug dh` command.
Missing parameter checks for AllocatePages() and CreateDeviceNode() are
implemented.
The constants for protocol GUIDs are changed to match the names in the UEFI
specification.
According to Android image format [1], kernel image resides at 1 page
offset from the boot image address. Grab the magic number from there
and allow U-Boot to handle LZ4-compressed KNL binaries instead of
hardcoding compression type to IH_COMP_NONE. Other compression types,
if needed, can be added later.
Tested on H3ULCB-KF using the image detailed in [2].
[1] Excerpt from include/android_image.h
+-----------------+
| boot header | 1 page
+-----------------+
| kernel | n pages
+-----------------+
| ramdisk | m pages
+-----------------+
| second stage | o pages
+-----------------+
[2] => iminfo 4c000000
## Checking Image at 4c000000 ...
Android image found
kernel size: 85b9d1
kernel address: 48080000
ramdisk size: 54ddbc
ramdisk addrress: 4a180000
second size: 0
second address: 48000800
tags address: 48000100
page size: 800
os_version: 1200012a (ver: 0.9.0, level: 2018.10)
name:
cmdline: buildvariant=userdebug
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
The fdt_setprop_u32() function does everything that we need, so we
really only use the function as a convenience wrapper, in which case it
can simply be a static inline function.
Signed-off-by: Thierry Reding <treding@nvidia.com>
This converts the following to Kconfig:
CONFIG_TRACE_BUFFER_SIZE
CONFIG_TRACE_EARLY_SIZE
CONFIG_TRACE_EARLY
CONFIG_TRACE_EARLY_ADDR
Signed-off-by: Simon Glass <sjg@chromium.org>
At present many functions in this file return -1. Update them to return a
valid error code. Also tidy up the 'return' statements at the same time,
since these should have a blank line before them.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function may be called from tracing code, since that code needs to
read the timer and this often requires calling do_div(), which calls
__div64_32(). If this function is instrumented it causes an infinite loop,
since emitting a trace record requests the time, which in turn emits a
trace record, etc.
Update the prototype to prevent instrumentation code being added.
Signed-off-by: Simon Glass <sjg@chromium.org>
These functions still use uint32_t and uint64_t but checkpatch now
requests that the kernel types be used instead. Update them as well as a
few resulting checkpatch errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
When creating a device path node ensure that the size of the allocated
memory at lest matches the size of the node header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.
If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.
The fdt unit test should not be run on boards with an ACPI table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both.
So do not run the device tree unit test on boards with an ACPI table.
Hence there is no need any longer to make it 'on request' only.
Do not pass $fdtcontroladdr to `bootefi selftest`.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.
With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the LoadImage() service is called for an image that is already loaded
to memory the file path may be NULL or it will contain both a device path
as well as a media path. We should not assume that there is no media path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should consistently use the same name for protocol GUIDs as defined in
the UEFI specification. Not adhering to this rule has led to duplicate
definitions for the EFI_LOADED_IMAGE_PROTOCOL_GUID.
Adjust misnamed protocol GUIDs.
Adjust the text for the graphics output protocol in the output of the
`efidebug dh` command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch.
The root node handle will be used as a dummy parent handle when invoking
an EFI image from bootefi/bootmgr command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Rebased.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch.
efi_dp_split_file_path() is used to create device_path and file_path
from file_path for efi_setup_loaded_image().
In a special case, however, of HARDWARE_DEVICE/MEMORY, it doesn't
work expectedly since this path doesn't contain any FILE_PATH sub-type.
This patch makes a workaround.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust the logic such that for all paths that do no end on a media file
path we return NULL as file_path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the aarch64 crash dump information about the loaded EFI images is added.
In README.uefi the development target is for the UEFI subsystem is
described as "Embedded Base Boot Requirements (EBBR) Specification"
compliance.
Several bug fixes are supplied.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAlyyzHEACgkQxIHbvCwF
GsS+9Q/9HahVvxHFljI8ymxznml7AlFCrxWwcVo5HhftbGuQIgF3NMXRlsxmsSPM
Z+Cc3EFni4EWWWe9yDMLqXV4NCd6bnfWYWP4UvbqAKCfeX8jScRyMypPnxZ3rNrg
oe/8zDT9qXQnEah4sB+AQhar2VRTS1p97wKDObt3mj9c2g5pGL1zdejS/4SfnCd0
a1BymV7p7fpykDjW8S0GQM56QAkbB9CJ4Q7nlPCDlspqJlQB318lWs46FfUn2Aue
DNLm0uscrMZtEr/aAdT+r/96GIq4AVkexy7b5MZ0v/NDNAtmIqO1ORUmLSNSDfcM
/cbtxq53VbeztMzMoYDdU0zNR//N4dL3GbSRKJulksvxeIExCp3dRV7gfTOwWq7J
Lg/b43WJI1f2vgXDgEPddTO3E3SPjCGQcnCNOcVNNfTkyrtVaCmRYh69lV2BpKKF
oQCYQyzS8yYLxj16YXixK9seyQYxh/vPYVT78ed5A8B1dmyxSQMnEJjY93jngj1g
k5DRH9nnx12aeEqkhsWvVdHT0OBNj/+oZlzT3KGDcxhrDeZXAgqxAO1oPG85Wqnx
kPeadyVD0T5Dd8fpMqF+tToB+GCbvyUVJsVlNqDSC7NslJ3AbxBKNDuEsMJlXgwL
Yh4/lusg/YXzZ4ACWHgUnckZDVZGNj+58QRgEU+3mZinMjDS38E=
=QdJl
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc1-2' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc1 (2)
In the aarch64 crash dump information about the loaded EFI images is added.
In README.uefi the development target is for the UEFI subsystem is
described as "Embedded Base Boot Requirements (EBBR) Specification"
compliance.
Several bug fixes are supplied.
In a previous patch the memory type used for the FDT has been changed to
boot services data. We have to adjust the test.
Correct an incorrect comment. The tested services are boot services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
By using InstallMultipleProtocolInterfaces() the coding for installing
protocol interfaces on the root node can be simplified.
Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Export function efi_install_multiple_protocol_interfaces() so that we can
call it in others parts of the UEFI subsystem.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At boottime physical and virtual addresses must match. Add a corresponding
check to the memory unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Handle virtual address in efi_mem_carve_out() function
when a new region is created to avoid issue in EFI memory map.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
At boottime physical and virtual addressed have to be the same.
This allowed to simplify the proposed logic.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the value of block_dev before to use this pointer.
This patch solves problem for the command "load" when ubifs
is previously mounted: in this case the function
blk_get_device_part_str("ubi 0") don't return error but return
block_dev = NULL and then data abort.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI variables PlatformLang and PlatformLangCodes specify the current
firmware language and the list of all available languages.
Currently their values are hard coded. With the patch a new configuration
variable EFI_PLATFORM_LANG_CODES is provided.
When initializing the UEFI subsystem this configuration variable is used to
initialize PlatformLangCodes. The value of variable PlatformLang is read.
If it is not set, the first language specified in EFI_PLATFORM_LANG_CODES
is used to initialize PlatformLang.
Suggested-by: Takahiro Akashi <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The first functions of the UEFI sub-system are invoked before reaching the
U-Boot shell, e.g. efi_set_bootdev(), efi_dp_from_name(),
efi_dp_from_file(). We should be able to print out device paths for
debugging purposes here.
When printing device paths via printf("%pD\n", dp) this invokes functions
defined as EFIAPI. So efi_save_gd() must be called beforehand.
So let's move the efi_save_gd() call to function initr_reloc_global_data(()
in board_r.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The statement '#define LOG_CATEGORY LOGL_ERR' makes not sense. LOGL_ERR is
not a LOG_CATEGORY. Remove the statement.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not install the HII protocols on every loaded image. It is
sufficient to install them once on the root node.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The x86 code and DT uses "spi-flash" to detect a flash node, switch to
"jedec,spi-nor" in the DTS files and in fdtdec by switching the
GENERIC_SPI_FLASH value to to jedec,spi-nor.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This eliminates the need for intermediate helper functions and allow the
macros to return a value so that it can be used subsequently.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Hide the declaration of the "fd" variable When not building a DEBUG
configuration, to avoid the variable being unused.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Runtime tests are provided as a test_fdtdec command implementation. Add
a Kconfig symbol that allows this command to be built so that the tests
can be used.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The fdtdec_get_carveout() and fdtdec_set_carveout() function can be used
to read a carveout from a given node or add a carveout to a given node
using the standard device tree bindings (involving reserved-memory nodes
and the memory-region property).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
This function can be used to add subnodes in the /reserved-memory node.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
The new fdt_generate_phandle() function can be used to generate a new,
unused phandle given a specific device tree blob. The implementation is
somewhat naive in that it simply walks the entire device tree to find
the highest phandle value and then returns a phandle value one higher
than that. A more clever implementation might try to find holes in the
current set of phandle values and fill them. But this implementation is
relatively simple and works reliably.
Also add a test that validates that phandles generated by this new API
are indeed unique.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When phys_addr_t printf specifier support was first introduced in commit
1eebd14b79 ("vsprintf: Add modifier for phys_addr_t"), it was enabled
only if CONFIG_CMD_NET was selected. Since physical addresses are not
unique to networking support it doesn't make sense to conditionally add
it in those cases only. Move support for it outside of the CMD_NET guard
so that the specifier is always supported.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add required Kconfig symbols, Makefile bits and macro fixes in a
few places to support LZO and DT compression in U-Boot. This can
save a lot of space with multi-DTB fitImages.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Allow enabling both LZO and GZIP DT compression in SPL and fix a
bug where if the GZIP decompression failed, the LZO decompression
would not even be attempted.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Split fdtdec_setup_memory_banksize() into fdtdec_setup_memory_banksize_fdt(),
which allows the caller to pass custom blob into the function and the
original fdtdec_setup_memory_banksize(), which uses the gd->fdt_blob. This
is useful when configuring the DRAM properties from a FDT blob fragment
passed in by the firmware.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Split fdtdec_setup_mem_size_base() into fdtdec_setup_mem_size_base_fdt(),
which allows the caller to pass custom blob into the function and the
original fdtdec_setup_mem_size_base(), which uses the gd->fdt_blob. This
is useful when configuring the DRAM properties from a FDT blob fragment
passed in by the firmware.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the extended text input protocol CTRL-A - CTRL-Z have to be signaled as
Unicode characters a-z or A-Z depending on the shift state and not as 0x01
to 0x1a.
Update Python unit test.
This patch is required for using the EFI shell `edit` command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI shell command edit uses the SetInfo() methods to unset the read only
attribute of the file to be edited. So let efi_file_setinfo() return
success in this case.
Return an error if the function is called for to rename or resize a file
as we do not support this yet.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI shell expects that after opening a file with EFI_FILE_MODE_CREATE
GetInfo() succeeds. Up to now we do not actually create the file when
method Open() of the EFI_FILE_PROTOCOL is called.
If method Open() of the EFI_FILE_PROTOCOL is called with
EFI_FILE_MODE_CREATE and the file does not yet exist, call fs_write() with
a buffer size of zero to actually create the file.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For debugging it is helpful to know the address of the file handle created
by the Open() method of the EFI file protocol. So let's write it with
EFI_PRINT().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Those two functions will be used later to re-implement do_bootefi_exec().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To meet UEFI spec v2.7a section 9.2, we should add
EFI_LOADED_IMAGE_DEVICE_PATH_PROTOCOL to image handle,
instead of EFI_DEVICE_PATH_PROTOCOL.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since TianoCore EDK2 commit d65f2cea36d1 ("ShellPkg/CommandLib: Locate
proper UnicodeCollation instance") in edk2 the UEFI Shell crashes if EFI
variable PlatformLang is not defined.
As this variable is anyway prescribed in the UEFI 2.7 spec let's define it
to L"en-US". Use the same value for PlatformLangCodes that defines the list
of all supported languages.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For debug messages inside EFI API functions we should use the EFI_PRINT
macro which gives us well aligned output like:
EFI: Entry efi_allocate_pool_ext(4, 14, 000000007edd7718)
EFI: efi_add_memory_map: 0x7dcfa000 0x1 4 yes
EFI: Exit: efi_allocate_pool_ext: 0
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For debug messages inside EFI API functions we should use the EFI_PRINT
macro which gives us well aligned output like:
EFI: Entry efi_get_variable("PlatformLang" ...)
EFI: get 'efi_8be4df61-93ca-11d2-aa0d-00e098032b8c_PlatformLang'
EFI: Exit: efi_get_variable: 14
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add parameter checks in the StartImage() and Exit() boottime services:
- check that the image handle is valid and has the loaded image protocol
installed
- in StartImage() record the current image
- in Exit() check that the image is the current image
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use a checksum to validate that efi_free_pool() is only called for memory
allocated by efi_allocated_pool().
Add a plausibility check to efi_free_pages() checking that the address
passed is page aligned.
Update related function comments to match Sphinx style.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In efi_selftest_start_image_exit.c test the image_base and image_size are
correctly set in the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, image's image_base points to an address where the image was
temporarily uploaded for further loading. Since efi_loader relocates
the image to final destination, image_base and image_size should reflect
that.
This bug was detected in UEFI SCT, "Loaded Image Protocol Test - test 2,"
which shows that 'Unload' function doesn't fit into a range suggested by
image_base and image_size.
TestCase/UEFI/EFI/Protocol/LoadedImage/BlackBoxTest/
LoadedImageBBTestMain.c:1002
Changes in this patch also includes:
* reverts a patch, "efi_loader: save image relocation address
and size" since newly added fields are no longer needed.
* copy PE headers as well since those information will be needed
for module loading, in particular, at gurb.
(This bug was reported by Heinrich.)
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Rebase patch.
Remove unused fields from struct efi_loaded_image_obj.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit 0e18f584de ("efi_loader: LoadImage: always allocate new pages")
ensured that whether we load an image from file or from memory we end up
with the same number of newly allocated buffers. But essentially we ended
up with one buffer too many in both cases:
efi_load_pe() copies and rebases the UEFI image.
We do not need the buffer with the file contents afterwards.
Fixes: 0e18f584de ("efi_loader: LoadImage: always allocate new pages")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We'd better use correct way to check if module has enabled.
for we have 3 timer MACRO:
- CONFIG_TIMER
- CONFIG_SPL_TIMER
- CONFIG_TPL_TIMER
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
We currently only support EFI_FILE_PROTOCOL_REVISION while
UEFI specs 2.4 - 2.7 prescribe EFI_FILE_PROTOCOL_REVISION2.
Add a todo.
Add missing constants for the EFI file protocol revision.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The pointer checksum were used before checking that it
isn't NULL. We move the code that use it after the check.
Reported-by: Coverity (CID: 185835)
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The check testing the string result of get_string() returned the wrong
result. The result was ignored.
Use efi_st_strcmp_16_8() for the string comparison.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
printf("%ls", ..) expects u16 * as argument to print. There is not need for
a conversion to wchar_t *.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
It does not make any sense to check if a pointer is NULL if we have
dereferenced it before.
Reported-by: Coverity (CID 185827)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a missing return statement in efi_get_next_variable_name().
Reported-by: Coverity (CID 185834)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_allocate_pages() expects a (uint64_t *) pointer to pass the address of
the assigned memory. If we pass the address of a pointer here, an illegal
memory access occurs on 32bit systems.
Fixes: 282a06cbca ("efi_loader: Expose U-Boot addresses in memory map
for sandbox")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since commit f51a226436 ("efi_loader: provide freestanding library") in
parallel builds errors
lib/efi_selftest/../efi_loader/efi_freestanding.o:
file not recognized: File truncated
occur. Obviously make cannot correctly sequence parallel builds with a
dependency like ../efi_loader/efi_freestanding.o.
Fixes: f51a226436 ("efi_loader: provide freestanding library")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Function term_read_reply tries to read from the serial console until
the end_char was read. This can hang forever if we are, for some reason,
not able to read the full response (e.g. serial buffer too small,
frame error). This patch moves the timeout detection into
term_read_reply() to assure we will make progress.
Fixes: 6bb591f704 ("efi_loader: query serial console size reliably")
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Throw missing error when an incomplete reply for the cursor position is
received.
Change type of argument of term_get_char() *s32. This renders the function
reusable in efi_cin_read_key().
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When package types are not supported by our implementation of the HII
database protocol supported error messages are displayed.
Essentially the output is only needed for debugging. By using EFI_PRINT()
the messages are only written for in debug mode and with correct
indentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In new_package_list() we call new_packagelist() to create a new package
list. Next we try to add the packages which fails for form packages. Due
to this error we call free_packagelist(). Now in free_packagelist()
list_del() is called for an uninitialized field hii->link. This leads to
changing random memory addresses.
To solve the problem move the initialization of hii->link to
new_packagelist().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the `efidebug boot add` command we do not want an unsolicited leading
backslash added to the file name.
There is no good reason to mark a loaded file with a backslash as absolute.
Anyway when reading files the file name will be interpreted as relative to
root directory of the device.
So let's get rid of this backslash.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since commit 914df75b0c ("efi_loader: fix EFI entry counting")
entry_count is already set to 1 before efi_bootmgr_load() is called. So we
should not increment it when entering the function.
Without the patch an assert error occurs in efi_get_variable() if DEBUG is
defined.
Fixes: 914df75b0c ("efi_loader: fix EFI entry counting")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For booting via `bootefi bootmgr` it is necessary that the EFI variable
BootOrder is defined. Provide a diagnostic message if the variable is
missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When in pack_byte_string() memcpy() is called for size 0 the source buffer
address has no relevance. So we can use NULL here.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
If the last block in the relocation table contains only a single
relocation, the current coding ignores it.
Fix the determination of the end of the relocation table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
- Add missing function descriptions.
- Update existing function descriptions to match Sphinx style.
- Add lib/efi_loader/efi_image_loader.c to the input files for Sphinx
generated documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
`bootefi selftest` fails on qemu-x86_defconfig if efi_selftest() is not
invoked using EFI_CALL().
Likewise we call the entry point of EFI payloads with
EFI_CALL(efi_start_image()).
entry_count indicates if we are in U-Boot (1) or in EFI payload code (0).
As we start in U-Boot code the initial value has to be 1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove the duplicate code in efi_do_enter() and use efi_start_image() to
start the image invoked by the bootefi command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now efi_load_pe() returns the entry point or NULL in case of an
error. This does not allow to return correct error codes from LoadImage().
Let efi_load_pe() return a status code and fill in the entry point in the
corresponding field of the image object.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If we want to properly unload images in Exit() the memory should always be
allocated in the same way. As we allocate memory when reading from file we
should do the same when the original image is in memory.
A further patch will be needed to free the memory when Exit() is called.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In case of an error we should set the returned pointers to NULL. This
ensures that an illegal free does not occur even if the caller calls
free() for the handles.
If protocols cannot be installed, release all resources.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit 0e66c10a7d ("lib: vsprintf: avoid overflow printing UTF16
strings") broke the Unicode unit tests: an illegal UTF16 code point
should be printed as '?'.
Fixes: 0e66c10a7d ("lib: vsprintf: avoid overflow printing UTF16 strings")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a unit test that calls LoadImage() with a file device path and
executes the application via StartImage().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the path passed to efi_dp_split_file_path() does not contain a
reference to a file it returns EFI_OUT_OF_RESOURCES. This does not properly
indicate the kind of the problem that occurred. Return
EFI_INVALID_PARAMETER instead.
Update function description.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In efi_selftest we are in EFI land. We cannot call U-Boot library
functions malloc() and free() but should use the boot time services
instead.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
In efi_selftest we are in EFI land. We should not use U-Boot library
functions but boot time services for memory management.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
We check the existence of files with fs_exist(). This function calls
fs_close(). If we do not set the active block device again fs_opendir()
fails and we do not set the flag EFI_FILE_DIRECTORY. Due to this error the
`cd` command in the EFI shell fails.
So let's add the missing set_blk_dev(fh) call.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We have to ensure while printing UTF16 strings that we do not exceed the
end of the print buffer.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Heinrich ran into issues with HII and iPXE which lead to #SErrors on
his Odroid-C2 system. We definitely do not want to regress just yet,
so let's not expose the HII protocols by default.
Instead, let's make it a config option that people can play with
This way, we can stabilize the code in tree without breaking any
users.
Once someone figures out, why this breaks iPXE (probably a NULL
dereference), we can enable it by default.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- Remove HII selftest as well
v2 -> v3:
- Make config option
For correct indention use EFI_PRINT() instead of debug().
For printing efi_uintn_t or size_t use the %zu or %zx format code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
efi_st_printf() does not support format code %ld. Anyway the format code
for size_t would be %zu which isn't supported either.
We do not want any divisions to avoid invalid references to integer
arithmetic routines, cf.
https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html.
As a simple remedy remove the noisy messages from the output.
They are not relevant for automated testing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This efi_selftest tests HII database protocol and HII string protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch is a place holder for HII configuration routing protocol and
HII configuration access protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow for handling keyboard layout package in HII database protocol.
A package can be added or deleted in HII database protocol, but
we don't set 'current' keyboard layout as there is no driver that
requests a keyboard layout.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow for handling GUID package in HII database protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch provides enough implementation of the following protocols to
run EDKII's Shell.efi and UEFI SCT:
* EfiHiiDatabaseProtocol
* EfiHiiStringProtocol
Not implemented are:
* ExportPackageLists()
* RegisterPackageNotify()/UnregisterPackageNotify()
* SetKeyboardLayout() (i.e. *current* keyboard layout)
HII database protocol in this patch series can handle only:
* GUID package
* string package
* keyboard layout package
(The other packages, except Device path package, will be necessary
for interactive and graphical UI.)
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Our implementation of GetNextVariableName() relies on
CONFIG_REGEX=y. So EFI_LOADER has to select it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Our current implementation of GetNextVariableName() first collects all EFI
variables. If none is found at all hexport_r() returns a zero length string
terminated by \0 and the value 1 as number of bytes in the returned buffer.
In this case GetNextVariableName() has to return EFI_NOT_FOUND.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Symbolic links are not supported on all file systems, e.g. not on FAT. So
it is not wise to use them in our source tree.
Use a qualified path to refer to lib/efi_loader/efi_freestanding.c in
scripts/Makefile.lib instead.
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: Fix build with O=]
Signed-off-by: Alexander Graf <agraf@suse.de>
Helloworld does not need its own memcpy() implementation anymore. Use the
one provided in efi_freestanding.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
GCC requires that freestanding programs provide memcpy(), memmove(),
memset(), and memcmp().
Add the library functions when building a *.efi files.
The EFI selftests might use other compilation flags. So use a symbolic
link to provide lib/efi_selftest/efi_freestanding.c and compile it
separately.
Reported-by: Alexander Graf <agraf@suse.de>
Fixes: 5be444d14b38 ("efi_loader: consistent build flags for EFI applications")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
GCC requires that freestanding programs provide memcpy(), memmove(),
memset(), and memcmp().
Provide the required library functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is a bug in efi variables test.
Fix it with some cosmetic improvements.
Please note that efi variables test still fails at QueryVariableInfo()
and GetVariable(), but this is not due to a change in this patch.
==8<==
Testing EFI API implementation
Selected test: 'variables'
Setting up 'variables'
Setting up 'variables' succeeded
Executing 'variables'
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(60):
TODO: QueryVariableInfo failed
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(131):
TODO: GetVariable returned wrong length 7
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(133):
TODO: GetVariable returned wrong value
Executing 'variables' succeeded
Boot services terminated
Summary: 0 failures
==>8==
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current GetNextVariableName() is a placeholder.
With this patch, it works well as expected.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
rebased on efi-next
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Comment the functions implementing the runtime variable services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Replace duplicate function mem2hex() by inline function bin2hex().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Use existing inline function hex2bin() instead of defining a new one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
At the same time adding and removing the -Os flag does not make any sense.
Actually it leads to -Os not being used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
UTF-16 strings in our code should all be u16 *. Fix an inconsistency for
file names which may lead to a warning for printf("%ls", ).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
CopyMem() must support overlapping buffers. So replace memcpy() by
memmove().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Stating the function module is sufficient. We don't need file and line
number. Anyway the format code for the line number was incorrect (should
be %d).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For some API calls checks for the return values are missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For some API calls checks for the return values are missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Running the simple network protocol test on the sandbox requires setting
the environment variable ethact to a network interface connected to a DHCP
server and ethrotate to 'no'. So let's make it an on-request test on the
sandbox (selectable by setting environment variable efi_selftest).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The SetVariable() runtime service does not change the data passed to it.
So mark the parameter as constant.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The runtime variable services never change GUIDs. So we should declare
the GUID parameters as constant.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The function, efi_init_obj_list(), can be shared in different pseudo efi
applications, like bootefi/bootmgr as well as my efishell. Moreover, it
will be utilized to extend efi initialization, for example, my "removable
disk support" patch and "capsule-on-disk support" patch in the future.
So with this patch, it will be moved to a new file, efi_setup.c, under
lib/efi_loader and exported, making no changes in functionality.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Remove lines deactivated by #if 1 #else
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
ARMv7-M only supports the Thumb instruction set. Our current crt0 code does
not support it. With the patch we can build all unit tests of the EFI
subsystem that do not require crt0.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We use u16* for Unicode strings and efi_uintn_t for UINTN. Correct the
signature of efi_exit() and efi_start_image().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit 7b78d6438a ("efi_loader: Reserve unaccessible memory") introduced
a comparison between RAM top and RAM start that was not known at the time
when the patch of commit 49759743bf ("efi_loader: eliminate sandbox
addresses") was written.
The sandbox uses an address space that is only relevant in the sandbox
context. We have to map ram_top from the sandbox address space to the
physical address space before using it in the EFI subsystem.
Fixes: 49759743bf ("efi_loader: eliminate sandbox addresses")
Fixes: 7b78d6438a ("efi_loader: Reserve unaccessible memory")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
EFI_ENTRY in efi_connect_controller() should use %pD to print the remaining
device path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The first parameter of efi_add_runtime_mmio() is a pointer to a
pointer. This should be reflected in the documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add u16_strcpy() and u16_strdup(). The latter function will be
used later in implementing efi HII database protocol.
Signed-off-by: Akashi Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Common sound support
buildman environment support
of-platdata documentation improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAlxf7igRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYKfggApQiL0Gv6NdGAQN+zfpjKY5a2QyjKsAxa
KLm3q8XyXIQXufMWOEPoW1iWm0iixpIFgChy8ff3m/OPDzsx99UXDTyvjitsSxtQ
5tFu8K78nUZT6OOE3HNhhlyW/xK442oKBzGt4MUt3kUZOELsCNuftgbJUWksHuO3
6pPrgt36E0uRGbUA4ioYCU336viJRPOOCdqb8hHViEihFj/IEv5T82RdE5y97YxG
dT7BZxjPkBH5ZN1uD/tdxG1k6IZBagZiYoDAsYp4YqNwmVsm5sLrZ9QVSf7EcH/y
qX8butZesiMd7xm7RROlrIImh7fb36N3zsoRiUWZDo1Al3IRkmZyVA==
=tdut
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-10feb19' of git://git.denx.de/u-boot-dm
Samsung sound patches (applied for Samsung maintainer)
Common sound support
buildman environment support
of-platdata documentation improvements
This enum still exists but we can shrink it a little based on recent
driver-model conversions with samsung. Update it to remove unused items.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
The board_r init function was complaining that we are looping through
an array, calling all our tiny init stubs sequentially via indirect
function calls (which can't be speculated, so they are slow).
The solution to that is pretty easy though. All we need to do is inline
the function that loops through the functions and the compiler will
automatically convert almost all indirect calls into direct inlined code.
With this patch, the overall code size drops (by 40 bytes on riscv64)
and boot time should become measurably faster for every target.
Signed-off-by: Alexander Graf <agraf@suse.de>
Only first previously deleted entry was recognized, leading hsearch_r
to think that there was no previously deleted entry. It then conluded
that a free entry was found, even if there were no free entries and it
overwrote a random entry.
This patch makes sure all deleted or free entries are always found and
also introduces constants for the 0 and -1 numbers. Unit tests to excersise a
simple hash table usage and catch the corruption were added.
To trash your environment, simply run this loop:
setenv i 0
while true; do
setenv v_$i $i
setenv v_$i
setexpr i $i + 1
done
Signed-off-by: Roman Kapl <rka@sysgo.com>
Find out the highest alias ID used for certain subsystem.
This call will be used for alocating IDs for i2c buses which are not
described in DT.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
* support for Chromebook Bob
* full pinctrl driver using DTS properties
* documentation improvements
* I2S support for some Rockchip SoCs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJcVG0IAAoJECaAFcEOcohNKVAIAJd3DN/qudcVQdkuvAGK6WIk
Umxkm6rxHwur7oU+wxvK1p1l/0YTFBeCfo15quH1DkSc/WIUnmBlLmDvqpGVmPmh
ydZNE9ZChn0OKRIaM6pKJr+3p155cQDe6Mgg2j/5CnNx28KxT+vu7EqZbZvbQPag
wcZEK6Z6E5jMVHVn2lbLgmsBPmY7ksX168IqpvzTxIj0a4J3n0DcJUnO4RBBS0Q2
PGEvFhTvigVWs6r6GL0gLn3VwnQX30xQlIuKKORPcdhjk97cJcS4+bRxdTENTKD9
j3+pgyl1n04O8sPONZS7pH3fvJwtC6SwnoxTYxGrvjedw1LxbyHG3cqcGDg/TJ8=
=ik3X
-----END PGP SIGNATURE-----
Merge tag 'for-master-20190201' of git://git.denx.de/u-boot-rockchip
u-boot-rockchip changes for 2019.04-rc1:
* support for Chromebook Bob
* full pinctrl driver using DTS properties
* documentation improvements
* I2S support for some Rockchip SoCs
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.
This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.
Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present this function uses printf() format strings that are not
supported in SPL, so the output just consists of %llx strings on 64-bit.
machines. Fix this by adding a special case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
slre_match() checks if caps == NULL. In this case it does not try to
update it. So there is no need to create a buffer caps which we do not
evaluate.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Change multiple usages of 'j' into 'rgn'; fix whitespace/coding style
reported by patman.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
As a follow-up, change the name of the newly introduced function
'lmb_get_unreserved_size' to 'lmb_get_free_size', which is more
appropriate.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix test/lib/lmb.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini <trini@konsulko.com>
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
image load") by using lmb to check the load size of a file against
reserved memory addresses.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds two new functions, lmb_alloc_addr and
lmb_get_unreserved_size.
lmb_alloc_addr behaves like lmb_alloc, but it tries to allocate a
pre-specified address range. Unlike lmb_reserve, this address range
must be inside one of the memory ranges that has been set up with
lmb_add.
lmb_get_unreserved_size returns the number of bytes that can be
used up to the next reserved region or the end of valid ram. This
can be 0 if the address passed is reserved.
Added test for these new functions.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
boot_fdt_add_mem_rsv_regions() adds reserved memory sections to an lmb
struct. Currently, it only parses regions described by /memreserve/
entries.
Extend this to the more commonly used scheme of the "reserved-memory"
node.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lmb_add_region handles overlapping regions wrong: instead of merging
or rejecting to add a new reserved region that overlaps an existing
one, it just adds the new region.
Since internally the same function is used for lmb_alloc, change
lmb_add_region to reject overlapping regions.
Also, to keep reserved memory correct after 'free', reserved entries
created by allocating memory must not set their size to a multiple
of alignment but to the original size. This ensures the reserved
region is completely removed when the caller calls 'lmb_free', as
this one takes the same size as passed to 'lmb_alloc' etc.
Add test to assert this.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
The lmb code fails if base + size of RAM overflows to zero.
Fix this by calculating end as 'base + size - 1' instead of 'base + size'
where appropriate.
Added tests to assert this is fixed.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Buildman clang support and a few fixes
Small fixes to 'dm tree' and regmap test
Improve sandbox build compatibility
A few other minor fixes
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAlw+AlIACgkQfxc6PpAI
reYchAf+L/P5JsLoCKAY84v11eWQkCS44idAYStD8Q023dyuyNC/W6G3qEQVGkHu
SXBzNrZ5wSJanN5I3h3ktJ7yfMOYIvSO2qLHphxDstPaZbCY4Zac6NywHrHxQpA9
fbSilQRbcVWrPo5rsjjZhXmMdQRZVOmGD6CYZj1AihWAiHfYth7f6laNWNTWQA8C
z+aoiF70t/PbvwFbgdzzYOjoGdXI9XML0xTqdLWRlsBKjf3z54pCV6LmN2xrsrDZ
k7lr+x7ajJUFhivxzjowf4aOjhDB+/+I3sr+hJ5vkMM0Kqg14bbEU+xJRGpDc18K
QPvVHT5JGe/nq1cZXuCqzrYxTrrA7A==
=w9ln
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-15jan19' of git://git.denx.de/u-boot-dm
Fix recent changes to serial API for driver model
Buildman clang support and a few fixes
Small fixes to 'dm tree' and regmap test
Improve sandbox build compatibility
A few other minor fixes
Add the dollar_complete() function to auto-complete arguments starting
with a '$' and use it in the cmd_auto_complete() path such that all
args starting with a $ can be auto-completed based on the available env
vars.
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
[trini: Fix some linking problems]
Signed-off-by: Tom Rini <trini@konsulko.com>
The uuid command is only really useful in U-Boot, but it's useless in
SPL. Worse yet, it pulls in various environment manipulation functions
as it call env_set(). Do not compile the command in in SPL.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
With 8 bytes addressing even on 32 bit machines these checks
are no longer valid. Remove them.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The printf() string here is not actually correct. Add a cast to avoid
a warning when checking is enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
While changing the RTS alignment to 64KB in commit 7a82c3051c
("efi_loader: Align runtime section to 64kb") the relocation code
started to break.
The reason for that is that we didn't actually look at the real
relocation data. We merely took the RUNTIME_CODE section as a
hint and started to relocate based on self calculated data from
that point on. That calculation was now out of sync though.
To ensure we're not running into such a situation again, this patch
makes the runtime relocation code a bit more robust. We can just
trust the phys/virt hints from the payload. We also should check that
we really only have a single section, as the code doesn't handle
multiple code relocations yet.
Fixes: 7a82c3051c ("efi_loader: Align runtime section to 64kb")
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reported-by: Loic Devulder <ldevulder@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Loic Devulder <ldevulder@suse.de>
Tested-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In commit 483dbab9f9 ("lib: crc32: mark function crc32() as
__efi_runtime") one local static variable was missed. It did not end up in
the __efi_runtime_data section as it should.
If CONFIG_DYNAMIC_CRC_TABLE=y a data abort execption may occur when the
UEFI payload calls the SetVirtualAddressMap() runtime service.
Reported-by: Dominik Adamski <dominik.adamski@northerntech.community>
Fixes: 483dbab9f9 ("lib: crc32: mark function crc32() as __efi_runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reading the position in a file after closing the same results in a read
after free.
Correct the sequence in the test.
Reported-by: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The commit below incorrectly fixed hexport_r();
> size = totlen + 1;
One extra byte is necessary to NULL-terminate a whole buffer, "resp."
Fixes: f1b20acb4a ("hashtable: Fix length calculation in hexport_r")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Building U-Boot with CONFIG_PCI and CONFIG_DM_PCI enabled, but
CONFIG_SPL_PCI_SUPPORT disabled, results in following linker
error:
lib/built-in.o: In function `fdtdec_get_pci_bar32':
lib/fdtdec.c:305: undefined reference to `dm_pci_read_bar32'
fdtdec.c:305:(.text.fdtdec_get_pci_bar32+0x24): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `dm_pci_read_bar32'
This is because reference to dm_pci_read_bar32() remains in lib/fdtdec.c
while SPL build does not descend into drivers/pci directory in
drivers/Makefile if CONFIG_SPL_PCI_SUPPORT is not enabled.
Fix this by applying appropriate #define guards in lib/fdtdec.c.
It looks like ns16550.c has the same problem, so fixed that too.
To simplify this, CONFIG_SPL_PCI_SUPPORT is renamed to CONFIG_SPL_PCI
(enables use of CONFIG_IS_ENABLED() macro).
Suggested-by: Vignesh R <vigneshr@ti.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
In some cases it may be useful to be able to change the fdt we have been
using and use another one instead. For example, the TI platforms uses an
EEPROM to store board information and, based on the type of board,
different dtbs are used by the SPL. When DM_I2C is used, a first dtb must
be used before the I2C is initialized and only then the final dtb can be
selected.
To speed up the process and reduce memory usage, introduce a new function
fdtdec_setup_best_match() that re-use the DTBs loaded in memory by
fdtdec_setup() to select the best match.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.
This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
This merges the CRC16-CCITT headers into u-boot/crc.h to prepare for
rolling CRC16 into the hash infrastructure. Given that CRC8, CRC32
and CRC32-C already have their prototypes in a single header file, it
seems a good idea to also include CRC16-CCITT in the same.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
There is only one place in the code which assumes at build-time that we
are using either a v1 or a v2 TPM. Fix this up and add a new function to
return the version of a TPM.
Supported TPM versions (v1 and v2) can be enabled independently and it is
possible to use both versions at once. This is useful for sandbox when
running tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
This release is fully packed with lots of glorious improvements in UEFI
land again!
- Make PE images more standards compliant
- Improve sandbox support
- Improve correctness
- Fix RISC-V execution on virt model
- Honor board defined top of ram (fixes a few boards)
- Imply DM USB access when distro boot is available
- Code cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJcBYKAAAoJECszeR4D/txgBgwQALmYioI67R5/Iizpv7bg+rIQ
0TyPKZHmfHtVjGHd5X4X+9NBsoaSKqGnoI12bJ+V9hIMuiu5qFKyM3icTOOJ6LI6
wggnvMWZl5nfZmdEgETHTmaZkQZzKwhzbftGlGf2j19FdDk1OOI7hRNLeaIZUTv0
VHiUV68PP/1Of1y7iqB5jij1wTUHWlCufKjGXELP0bAXx86/tecgCuvjBihXizz/
sMsCxEF8++pb5l/l4yFEkKd5rr5D/ZkKMLR4KniZVq2qP1S4calolP14ykHN+a/l
uKP4e4GDuYyrgXXTNRFhVTlaAn18bmvxH4ialnpYVZKRtfsdHPHQXfqmgf8ZgJPE
JK3mmG6eLCbBPeND2Yz3b7G/Ec04z+RJXx0hriyLdejLgp5jM9SBtygiz6FmQLpQ
VfDJNEWV7ot6Ejou55O0d9u5ATF0jAd4tikmsrStWWZOVHvie6nG0wFYiRxnWCKP
sid0p7lWSUKEl0sAvA0LglNMzd4tCAq7vtkfLj/BVrDc9Jpir9CVJ13ppXIGk1HC
YIGWLo0uXAGC9wgRE7ZgGCKtQ6VFZRbSiJQOowi4MrHzHXH218oSNz2w25tAVTBw
le2WbxlGNYhV1xnoWMks1GTdWGQDCXdfBAhfzRIvQq2kz4z9V8hzpnVDIk2ZL3L1
o3nqUatR0ZVXPcinf+Ke
=6o9t
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-12-03
This release is fully packed with lots of glorious improvements in UEFI
land again!
- Make PE images more standards compliant
- Improve sandbox support
- Improve correctness
- Fix RISC-V execution on virt model
- Honor board defined top of ram (fixes a few boards)
- Imply DM USB access when distro boot is available
- Code cleanups
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Previous implementation of the rsa signature was using
the openssl API EVP_Sign*, but the new openssl API
EVP_DigestSign* is more flexible. So we move to this
new API.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In this patch, helper functions for an load option variable (BootXXXX)
are added:
* efi_deserialize_load_option(): parse a string into load_option data
(renamed from parse_load_option and exported)
* efi_serialize_load_option(): convert load_option data into a string
Those functions will be used to implement efishell command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This is a preparatory patch for use in efi_serialize_load_option()
as a load option's file_path should have both a device path and
a file path.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The UEFI spec mandates that runtime sections are 64kb aligned to enable
support for 64kb page size OSs.
This patch ensures that we extend the runtime section to 64kb to be spec
compliant.
Signed-off-by: Alexander Graf <agraf@suse.de>
The variable name setup_ok might suggest a boolean with true indicating
OK. Let's avoid the misleading name.
%s/setup_ok/setup_status/g
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should not call eth_rx() before the network interface is initialized.
The services of the simple network protocol should check the state of
the network adapter.
Add and correct comments.
Without this patch i.mx6 system Wandboard Quad rev B1 fails to execute
bootefi selftest.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Calling net_send_packet() requires that the buffer is aligned to a multiple
of PKTALIGN (= ARCH_DMA_MINALIGN). The UEFI spec does not require
efi_net_transmit() to be called with a buffer with any special alignment.
So we have to copy to an aligned buffer. The current coding copies to an
aligned buffer only if CONFIG_EFI_LOADER_BOUNCE_BUFFER=y. Many boards
like the Odroid C2 do not use a bounce buffer.
With the patch we copy to a correctly aligned buffer in all cases.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
To use the simple network protocol we have to call the start service first
and the initialize service second.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Check that the memory area containing the device tree is marked as runtime
data.
Update the Python test to pass ${fdtcontroladdr} to bootefi.
Update the description of the Python test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The sandbox uses a virtual address space that is neither the physical nor
the virtual address space of the operating system. All address used on the
command line live in this address space. So also the environment variable
${fdtcontroladdr} has to be in this address space.
Commands like bootefi and booti receive the fdt address as parameter.
Without the patch ${fdtcontroladdr} cannot be used as parameter value on
the sandbox.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When allocating EFI memory pages the size in bytes has to be converted to
pages.
Provide a macro efi_size_in_pages() for this conversion.
Use it in the EFI subsystem and correct related comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Enable building the sandbox with CONFIG_EFI_SELFTEST.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This unit test checks the following runtime services:
AllocatePages, FreePages, GetMemoryMap
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Do not use the sandbox's virtual address space for the internal structures
of the memory map. This way we can eliminate a whole lot of unnecessary
conversions.
The only conversion remaining is the one when adding known memory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
On some systems, not all RAM may be usable within U-Boot. Maybe the
memory maps are incomplete, maybe it's used as workaround for broken
DMA. But whatever the reason may be, a platform can say that it does
not wish to have its RAM accessed above a certain address by defining
board_get_usable_ram_top().
In the efi_loader world, we ignored that hint, mostly because very few
boards actually have real restrictions around this.
So let's honor the board's wish to not access high addresses during
boot time. The best way to do so is by indicating the respective pages
as "allocated by firmware". That way, Operating Systems will still
use the pages after boot, but before boot no allocation will use them.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Baruch Siach <baruch@tkos.co.il>
We should use a logical or when combining logical values.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present this code casts addresses to pointers so cannot be used with
sandbox. Update it to use mapmem instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit 3170db63c4.
It reportedly breaks OpenBSD/armv7 booting and I've already received
complaints from people that it breaks some Linux armv7 systems as well.
We'll have to give this whole caching story a good bit more thought.
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should be consistent in the types that we use to store Unicode strings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
If a memory bank is not EFI_PAGE_SIZE aligned efi_add_known_memory() the
number of memory pages may be incorrectly calculated.
We have to round up the start address and to round down the end address
to determine which complete pages are provided by the memory bank.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Using %zu for efi_intn_t (ssize_t) creates a build warning. Anyway %zu is
not supported by efi_st_error(). So let's convert to int.
Our implementation of StriColl() only returns -1, 0, or 1.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the max_addr parameter of efi_find_free_memory() is within bounds
of an existing map and fits the reservation, we just return that address
as allocation value.
That breaks however if max_addr is not page aligned. So ensure that it
always comes to us page aligned, simplifying the allocation logic.
Without this, I've seen breakage where we were allocating pages at -1U
(32bit) which fits into a region that spans beyond 0x100000000. In that
case, we would return 0xffffffff as a valid memory allocation, although
we usually do guarantee they are all page aligned.
Fix this by aligning the max address argument always.
Signed-off-by: Alexander Graf <agraf@suse.de>
With RELA absolute relocations, the relocation target contains our link
offset which we need to remove from the equation again. We did this
properly in the relative relocation path, but not in the absolute one.
So let's do this for the absolute one as well. That way, u-boot can have
a TEXT_OFFSET of != 0 and still relocate itself properly.
This fixes a bug where efi_loader did not work on the RISC-V QEMU port.
With this patch, I can successfully run UEFI applications on the RISC-V
QEMU port.
Reported-by: Auer, Lukas <lukas.auer@aisec.fraunhofer.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Linker generated arrays may be stored in code sections of memory that are
not writable. So let's allocate setup_ok as an array at runtime.
This avoids an illegal memory access observed in the sandbox.
Reported-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Factor out efi_set_bootdev() and extract efi_dp_from_name().
This function will be used to set a boot device in efishell command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
If UninstallMultipleProtocolInterfaces fails, we sometimes return the wrong
status code. The UEFI spec mandates to always return EFI_INVALID_PARAMETER.
Update unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The UEFI spec defines that a line feed moves the cursor to the next line
and (only) a carriage return moves the cursor to the beginning of the line.
So we should issue CR LF when we want to get to the start of the next line.
Add some comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Rename the component parent of some EFI objects to header. This avoids
misunderstandings.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
A pointer to a struct efi_object is a handle. We do not need any handle
member in this structure. Let's eliminate it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
All our handles point to a struct efi_object. So let's define the
efi_handle_t accordingly. This helps us to discover coding errors much
more easily. This becomes evident by the corrections to the usage of
handles in this patch.
Rename variable image_handle to image_obj where applicable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
fix typos
correct the header comment of efi_selftest_variables.c
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the last protocol interface has been uninstalled remove the handle.
Adjust ReinstallProtocol so that it does not remove the handle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow an EFI application to shut down the system.
If EFI_RESET_SHUTDOWN is issued call do_poweroff().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Test the handling of execptions by trying to execute an undefined
instruction. For 32bit ARM we expect \selftest to be listed as loaded
image.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should not make anything in lib/efi_selftest if
CONFIG_CMD_BOOTEFI_SELFTEST is not defined.
We can make that test in lib/Makefile
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present many TPM calls assume there is only one TPM in the system and
look up this TPM themselves. This is inconsistent with driver model, which
expects all driver methods to have a device parameter. Update the code to
correct this.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present these functions are not accessible outside the TPM library, but
in some cases we need to call them. Export them in the header file and add
a define for the SHA1 digest size.
Also adjust tpm_open() to call tpm_close() first so that the TPM is in a
known state before opening (e.g. by a previous phase of U-Boot).
Signed-off-by: Simon Glass <sjg@chromium.org>
In some cases U-Boot is compressed and it is useful to be able to
decompress it in SPL. Add a Kconfig and Makefile change to allow this.
Note that this does not actually implement decompression.
Signed-off-by: Simon Glass <sjg@chromium.org>
When U-Boot proper is compiled with CONFIG_MULTI_DTB_FIT and tries
to call uncompress_blob(), it fails with -ENOTSUPP. This is because
the full implementation of this function which includes compression
is available only in SPL. In U-Boot proper or if the compression is
not enabled, the blob is not compressed and thus can be passed to
locate_dtb_in_fit() in fdtdec_setup() without any changes. Pass the
blob without any changes if compression is not enabled instead of
failing.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
A specially crafted FIT image makes it possible to overflow the stack
with controlled values when using the verified boot feature. Depending
on the memory layout, this could be used to overwrite configuration
variables on the heap and setting them to 0, e.g. disable signature
verification, thus bypassing it.
This change fixes a bug in fdt_find_regions where the fdt structure is
parsed. A lower value than -1 of depth can lead to a buffer underflow
write on the stack.
Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When a driver declares DM_FLAG_PRE_RELOC flag, it wishes to be
bound before relocation. However due to a bug in the DM core,
the flag only takes effect when devices are statically declared
via U_BOOT_DEVICE(). This bug has been fixed recently by commit
"dm: core: Respect drivers with the DM_FLAG_PRE_RELOC flag in
lists_bind_fdt()", but with the fix, it has a side effect that
all existing drivers that declared DM_FLAG_PRE_RELOC flag will
be bound before relocation now. This may expose potential boot
failure on some boards due to insufficient memory during the
pre-relocation stage.
To mitigate this potential impact, the following changes are
implemented:
- Remove DM_FLAG_PRE_RELOC flag in the driver, if the driver
only supports configuration from device tree (OF_CONTROL)
- Keep DM_FLAG_PRE_RELOC flag in the driver only if the device
is statically declared via U_BOOT_DEVICE()
- Surround DM_FLAG_PRE_RELOC flag with OF_CONTROL check, for
drivers that support both statically declared devices and
configuration from device tree
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce a new Kconfig option for architecture codes to control
whether it provides io{read,write}{8,16,32} I/O accessor functions.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
part_init() is currently called in every DM BLK driver, either
in its bind() or probe() method. However we can use the BLK
uclass driver's post_probe() method to do it automatically.
Update all DM BLK drivers to adopt this change.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently the efi block driver uses priv_auto_alloc_size for the
driver data, however that's only available after the device probe
phase. In order to make it accessible in an earlier phase, switch
to use platdata_auto_alloc_size instead.
This patch is the prerequisite for the follow up patch of DM BLK
driver changes to work with EFI loader.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We may have, the not yet considered, scenario where OPTEE is loaded before
u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted
Firmware (ATF), where in the 32bit flow is:
BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33)
In this case we need still to reserve the memory used by optee, to avoid
for example to realocate ourself to the same address at the end of DRAM.
So, we change here the dependencies on the OPTEE lib and we set the default
size and base of TZRAM to zero.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Ryan Harkin <ryan.harkin@linaro.org>
Cc: u-boot@lists.denx.de
Remove a superfluous statement in efi_dp_get_next_instance().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the last protocol interface is uninstalled the handle is deleted but
this does not set the value of the handle to NULL.
To create a new handle with OpenProtocolInterface the value of the handle
must be NULL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
As observed with clang:
lib/efi_loader/efi_boottime.c:1624:7: warning: variable 'info'
is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (ret != EFI_SUCCESS)
^~~~~~~~~~~~~~~~~~
lib/efi_loader/efi_boottime.c:1653:7: note: uninitialized use
occurs here
free(info);
^~~~
lib/efi_loader/efi_boottime.c:1624:3: note: remove the 'if' if
its condition is always false
if (ret != EFI_SUCCESS)
^~~~~~~~~~~~~~~~~~~~~~~
lib/efi_loader/efi_boottime.c:1602:31: note: initialize the
variable 'info' to silence this warning
struct efi_loaded_image *info;
^
= NULL
Rather than change how we unwind the function it makes the most sense to
initialize info to NULL so that we can continue to pass it to free().
Fixes: c982874e93 ("efi_loader: refactor efi_setup_loaded_image()")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Do not leak native_name if out of memory.
This addresses CoverityScan CID 184095.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>