For better or worse libfdt recent grew a lot of code that checks the
validity of the device tree in great detail. When using unsigned or
unverified data this makes things safer, but it does add to code size.
Add some controls to select the trade-off between safety and code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl25wUcACgkQxIHbvCwF
GsQ16w/+IibWYFw2t6AdI8DLWOvlHR/PVAOrbF9cBi1vZPr4drEH6m1ymRWAKjRt
E4u8siBiIs5yhD7laL09JK4p/veTnoHCVrCdli9iPhIJUFGKz9uuXh4ruZgRnGIn
+j0ra0tkTRHeGX4bMtTpMVySQqIuLQ+2ZrMMnfKfnTTlLmhv436xUyBZ/CFl7k4J
7sFj/FfjRCYpe7nfHTqUGidJtJG1cc+hw26c1YrfiKB6piVdH43myOB5sPDW24g3
OPptJyUFqbQjjV6Eq0EOVJt103rVtXpQc0e4Oa/mDDkmrQZ1pUhXi3zhxmzMRDQu
k+9gX0IoSNJcW+e7DrcQsx5SmOnlvoC4euCypzhWEWvES89ftAHIitEAz9oTs6Gc
etwXFomvH797ZOoBztrja9XsfnLFHBQHaAiExqEVVFi/1nhDsYdj+xEDHjDU+cZx
E3UcrRNXcfA2+oaXpNBguzAOrMPX8UbrR1kkaMDTuJfA32Pe7RLz3aMfXyx1rAOU
t7GWSROOYtoNf5IU/Jha1F8231WRPJnWm1LQdzNLaGSmbG/H7vFgW4dpdxEyLn4m
C0Goj0GzmBIQxRL+38sCOKLVxPEpGoU/GzonC9bU0O+UyN57rAiwn9ZbTa6ZvJqG
/2tPoKiutJRueUH3IDWViMhyW/w0h0tj0BUiV5lAQ9X9vW4E1YQ=
=f0m8
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-01-rc2
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
Bootstage improvements for TPL, SPL
Various sandbox and dm improvements and fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl24zDoRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRiwf+Mf7oG//zjiZcHaPP6KOFb1CjwqLSuiaI
eCYB6GEZXuSpc8MjAw+baAfIw8MMFuaCfPsUQ5dDo391neK0sW9kkEsdcXnQBpB3
GdJYcewLN1UuJZovriGobIisGc0GQHh8gmRcVGWSKoEt+gAQauRtVYBIUPuS3JG+
ihZgYmVgICa+3tqavIbP2oZdXLuLAxR65mfiQHtiJwdCN3OOzyls2v0T0slQX9GV
ln6EvTk8OMIudBmkB7YiTmJF7AB+3PH/uBaiYyTKO9gtjLhnmCFvG5HxJTRFOKvU
F4oVWZJDEcqfZvYgWg8i5vgokMP41nzLfBr7j5ifUX1f3xwCHy/Tpw==
=S4XI
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-29oct19' of git://git.denx.de/u-boot-dm
- Fix for patman with email addresses containing commas
- Bootstage improvements for TPL, SPL
- Various sandbox and dm improvements and fixes
After updating libavb to most recent version from AOSP/master, two new
warnings appear:
Warning #1:
lib/libavb/avb_cmdline.c: In function 'avb_append_options':
lib/libavb/avb_cmdline.c:365:15: warning: 'dm_verity_mode' may be
used uninitialized in this function
[-Wmaybe-uninitialized]
new_ret = avb_replace(
^~~~~~~~~~~~
slot_data->cmdline, "$(ANDROID_VERITY_MODE)", dm_verity_mode);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/libavb/avb_cmdline.c:374:8: warning: 'verity_mode' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
if (!cmdline_append_option(
^~~~~~~~~~~~~~~~~~~~~~
slot_data, "androidboot.veritymode", verity_mode)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Warning #2:
lib/libavb/avb_slot_verify.c: In function 'avb_slot_verify':
lib/libavb/avb_slot_verify.c:1349:23: warning: 'ret' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
AvbSlotVerifyResult ret;
^~~
Fix those by providing default return values to affected functions.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Update libavb to commit 5fbb42a189aa in AOSP/master, because new version
has support for super partition [1], which we need for implementing
Android dynamic partitions. All changes from previous patches for libavb
in U-Boot are accounted for in this commit:
- commit ecc6f6bea6 ("libavb: Handle wrong hashtree_error_mode in
avb_append_options()")
- commit 897a1d947e ("libavb: Update SPDX tag style")
- commit d8f9d2af96 ("avb2.0: add Android Verified Boot 2.0 library")
Tested on X15:
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
read_rollback_index not supported yet
read_is_device_unlocked not supported yet
Verification passed successfully
AVB verification OK.
Unit test passes:
$ ./test/py/test.py --bd sandbox --build -k test_avb
test/py/tests/test_android/test_avb.py ss..s.
[1] 49936b4c01
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
malloc_cache_aligned() might return zero, so fix potential NULL pointer
access if __GFP_ZERO flag is set.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Add a simple implementation of this function, to allow logging to be
enabled in the SPL or TPL for systems that rely on the tiny printf()
implementation.
To keep the code size small,
- The function is built only when logging is enabled, as it
(currently) is not needed otherwise; and
- Like the existing implementation of snprintf(), its buffer-size
parameter is ignored.
Signed-off-by: Simon South <simon@simonsouth.net>
Macro ERRNO_MSG() ignores the error number but we should still use the same
constants as in include/linux/errno.h.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If errno_str() is called with an unsupported error number, do not return a
random pointer but a reasonable text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add get_timer_us(), which is useful e.g. when we need higher
precision timestamps.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Fixup arch/arm/mach-bcm283x/include/mach/timer.h]
Signed-off-by: Tom Rini <trini@konsulko.com>
'make tests' on an 32bit ARM system leads to
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:364:7: error: conflicting types for ‘memset’
void* memset(void*, int, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:103:15:
note: previous declaration of ‘memset’ was here
extern void * memset(void *,int,__kernel_size_t);
^~~~~~
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:365:7: error: conflicting types for ‘memcpy’
void* memcpy(void*, const void*, size_t);
^~~~~~
In file included from ../include/compiler.h:126,
from ../include/env.h:12,
from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:106:15:
note: previous declaration of ‘memcpy’ was here
extern void * memcpy(void *,const void *,__kernel_size_t);
^~~~~~
Use common.h as first include as recommended by the U-Boot coding style
guide.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With a bit of code reordering we can support %p using the existing code
for ulong.
Move the %p code up and adjust the logic accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is used in the bootstage report which may be trigged in TPL
or TPL. Add a very basic implication of this function so that it builds.
There is no attempt to get the formatting right, since this would add too
much code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The ctype array is brought into the image, adding 256 bytes, when it is
unlikely to be needed. The extra code for %p is only present when DEBUG
is defined, so let's drop ctype as well unless DEBUG is defined.
Signed-off-by: Simon Glass <sjg@chromium.org>
In the current implementation, EFI_SIMPLEFILE_SYSTEM_PROTOCOL is always
installed to all the partitions even if some of them may house no file
system.
With this patch, that protocol will be installed only if any file system
exists.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
device_path strcuture has 2 bytes of "length" field, and so
file path length should not exceed this limit, 65535.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, if image verification with a required key fails, rsa_verify()
code tries to find another key to verify the FIT image. This however, is
not the intended behavior as the documentation says that required keys
"must be verified for the image / configuration to be considered valid".
This patch fixes the issue by making rsa_verify() return immediately if
the verification of a required key fails.
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
- Rename existing FSP code to fsp1
- Add fsp2 directory in preparation to support FSP 2.0
- Various x86 platform codes update
- Various bug fixes and updates in dm core, sandbox and spl
This function ise effectively replaced by ofnode_read_pci_addr() which
works with flat tree. Delete it to avoid code duplication.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present there is only one control for this and it is used for both SPL
and TPL. But SPL might have a lot more space than TPL so the extra cost of
a full printf() might be acceptable.
Split the option into two, providing separate SPL and TPL controls. The
TPL setting defaults to the same as SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
We don't have a console in SPL so it doesn't make sense to check for
Ctrl-C when printing a memory dump. Skip this so that print_buffer() can
be used in SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This allows our EFI API to create a device path node for NVMe
devices. It adds the necessary device path struct, uses the
nvme namespace accessor to retrieve the id and eui64, and also
provides support for the device path text protocol.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec has this sentence:
"Variables that have runtime access but that are not nonvolatile are
read-only data variables once ExitBootServices() is performed."
At least EDK2 therefore treats variable PlatformLangCodes only as read-only
at runtime. Nowhere do we make this variable read-only in U-Boot.
Do not use variable PlatformLangCodes for testing if the read only
attribute of variables is observed before ExitBootServices().
Fixes: 5a24239c95 ("efi_loader: selftest: enable APPEND_WRITE tests")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Errors should not only be announced as text but should also result in
EFI_ST_FAILURE being returned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Appending to a non-existent variable must result in an error of type
EFI_NOT_FOUND.
Fixes: 09c76b79a9db ("efi_loader: SetVariable() deleting variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reads the low cell of the PCI address from the wrong cell. Fix it.
Also fix the function that this code came from.
Fixes: 9e51204527 (dm: core: Add operations on device tree references)
Fixes: 4ea5243a3a (fdt: fix fdtdec_get_pci_addr() for CONFIG_PHYS_64BIT)
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
APPEND_WRITE with data length zero is allowable according to the UEFI
specification.
The EDK2 interpretation of no access attributes is attributes = 0. As
the UEFI specification is vague in this respect let's stick to EDK2 here.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We always have to return via EFI_EXIT() from EFIAPI functions.
Coverity reported an unreachable line and a resource leak.
Fixes: commit 6d2f27c5fd ("efi_loader: variable: support APPEND_WRITE")
Reported-by: Coverity Scan CID 253575, CID 184095
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove outdated TODO for efi_stri_coll(). efi_stri_coll() is already using
the Unicode capitalization table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
u16 version of strcmp(): u16_strncmp() works like u16_strcmp() but only
at most n characters (in u16) are compared.
This function will be used in my UEFI secure boot patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Now that APPEND_WRITE is supported,
the result check for the only existing test case should be changed to
'todo' to 'error', while two more test cases are added.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If EFI_VARIABLE_APPEND_WRITE is specified in attributes at
efi_set_variable(), specified data will be appended to the variable's
original value. Attributes other than APPEND_WRITE should not be
modified.
With this patch, APPEND_WRITE test in 'variables' selftest will pass.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
DisconnectController() should never return EFI_NOT_FOUND.
If EFI_DRIVER_BINDING_PROTOCOL.Stop() fails, return EFI_DEVICE_ERROR.
If the driver handle does not expose the EFI_DRIVER_BINDING_PROTOCOL
return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Sandbox's "host" devices are currently described as UCLASS_ROOT udevice
with DEV_IF_HOST block device. As the current implementation of
efi_device_path doesn't support such a type, any "host" device
on sandbox cannot be seen as a distinct object.
For example,
=> host bind 0 /foo/disk.img
=> efi devices
Scanning disk host0...
Found 1 disks
Device Device Path
================ ====================
0000000015c19970 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
0000000015c19d70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
=> efi dh
Handle Protocols
================ ====================
0000000015c19970 Device Path, Device Path To Text, Device Path Utilities, Unicode Collation 2, HII String, HII Database, HII Config Routing
0000000015c19ba0 Driver Binding
0000000015c19c10 Simple Text Output
0000000015c19c80 Simple Text Input, Simple Text Input Ex
0000000015c19d70 Block IO, Device Path, Simple File System
As you can see here, efi_root (0x0000000015c19970) and host0 device
(0x0000000015c19d70) have the same representation of device path.
This is not only inconvenient, but also confusing since two different
efi objects are associated with the same device path and
efi_dp_find_obj() will possibly return a wrong result.
Solution:
Each "host" device should be given an additional device path node
of "vendor device path" to make it distinguishable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We do not support volume label changes. No parameter checks are needed
here.
When the info for as file is changed the buffer must always contain a file
name.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters of EFI_FILE_PROTOCOL.GetInfo() to avoid possible NULL
dereference.
Check the buffer size for EFI_FILE_SYSTEM_INFO.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot determine the volume name in U-Boot. Instead of providing a dummy
volume name in case of EFI_FILE_SYSTEM_INFO and EFI_UNSUPPORTED in case of
EFI_FILE_SYSTEM_VOLUME_LABEL consistently return an empty string.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires to implement version 2 of the
EFI_FILE_PROTOCOL. Provide the missing functions as stubs.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The file size has to be determined in multiple places. Factor out a common
function.
If on entry into EFI_FILE_PROTOCOL.Read() the current position is beyond
the end of the file, return EFI_DEVICE_ERROR.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_FILE_PROTOCOL.Read() is used both to read files and directories.
When reaching the end of a directory we always have to return buffer size
zero irrespective of the incoming buffer size. (The described scenario for
a Shim quirk cannot arise because every directory has at least '.' and '..'
as entries.)
Even when the buffer_size is too small multiple times we have to keep a
reference to our last read directory entry.
When we return to the start of the directory via SetPosition() we must
remove the reference to a previously kept directory entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
ascii2unicode() can only convert characters 0x00-0x7f from UTF-8 to UTF-16.
Use utf8_utf16_strcpy() instead.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the parameters passed to Write():
* cannot write to directories (UEFI SCT 2017, 5.7.3.5.15)
* cannot write to file opened read only (UEFI SCT 2017, 5.7.3.5.16)
Add missing comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We cannot do anything in EFI_BLOCK_IO_PROTOCOL.Reset() but this does not
justify to return an error.
Let EFI_BLOCK_IO_PROTOCOL.Reset() return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_PRINT() offers indention of debug messages. Adjust the debug messages
of the BLOCK_IO_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check parameters of ReadBlocks() and WriteBlocks().
If the buffer size is not a multiple of the block size, we have to return
EFI_BAD_BUFFER_SIZE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.SetMode() should return EFI_UNDEFINED if a
screen mode is not available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
When backspacing in column 0 do no set the column index to ULONG_MAX.
Ensure that the row number is not set to ULONG_MAX even if the row count is
advertised as 0.
Ignore control characters other the 0x08, 0x0a, 0x0d when updating the
column.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>