Commit graph

67 commits

Author SHA1 Message Date
AKASHI Takahiro
634f6b2fb1 efi_loader: image_loader: add a missing digest verification for signed PE image
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.

Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
AKASHI Takahiro
b72d09fa7d efi_loader: image_loader: replace EFI_PRINT with log macros
Now We are migrating from EFI_PRINT() to log macro's.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-07-05 14:37:16 +02:00
Heinrich Schuchardt
66028930da efi_loader: copy GUID in InstallProtocolInterface()
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-12 12:27:07 +01:00
Ilias Apalodimas
54cebe8a3a efi_loader: fix dual signed image certification
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
Simon Glass
156ccbc3c4 efi: Use 16-bit unicode strings
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 12:16:01 -05:00
Ilias Apalodimas
4b63431323 efi_loader: correctly handle mixed hashes and signatures in db
A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.

That's problematic in case we find and try to check a signature before
inspecting the sha256 hash.  If the image is unsigned we will reject it
even if the digest matches.

Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
ce00a7401a efi_loader: use %pUs for printing GUIDs
For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide
readable debug output.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Masahisa Kojima
f9b51dcf29 efi_loader: correctly handle no tpm device error
When the TCG2 protocol is installed in efi_tcg2_register(),
TPM2 device must be present.
tcg2_measure_pe_image() expects that TCP2 protocol is installed
and TPM device is available. If TCG2 Protocol is installed but
TPM device is not found, tcg2_measure_pe_image() returns
EFI_SECURITY_VIOLATION and efi_load_image() ends with failure.

The same error handling is applied to
efi_tcg2_measure_efi_app_invocation().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-12-09 11:43:25 -08:00
Ilias Apalodimas
ebdea88d57 efi_loader: Fix loaded image alignment
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).

So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.

[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
f3a343d733 efi_loader: rounding of image size
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.

Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
1ea133acd6 efi_loader: sections with zero VirtualSize
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.

Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
b95e5edc42 efi_loader: fix Sphinx warning
Brackets '[' need to be escaped to avoid a build warning

    lib/efi_loader/efi_image_loader.c:223:
    WARNING: Inline strong start-string without end-string.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-06-09 12:35:01 +02:00
Masahisa Kojima
163a0d7e2c efi_loader: add PE/COFF image measurement
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-28 16:17:01 +02:00
Masahisa Kojima
f6081a8a1e efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-25 13:06:57 +02:00
Asherah Connor
9d30a941cc efi_loader: don't load beyond VirtualSize
PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-14 10:34:15 +01:00
Heinrich Schuchardt
5dad05a0e6 efi_loader: carve out efi_check_pe()
Carve out a function to check that a buffer contains a PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Heinrich Schuchardt
0f7878b853 efi_loader: error message if image not authenticated
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.

Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
24586059d3 efi_loader: log function in image loader
Use log_err() for error messages.
Replace debug() by EFI_PRINT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
AKASHI Takahiro
52956e535e efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 12:28:25 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
39a75f5af1 efi_loader: wrong printf format in efi_image_parse
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:

lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]

Use %zu for printing size_t.

Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
AKASHI Takahiro
7926dfb579 efi_loader: image_loader: add digest-based verification for signed image
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.

With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
11bafb2596 efi_loader: image_loader: verification for all signatures should pass
A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
eb537fd7eb efi_loader: image_loader: retrieve authenticode only if it exists
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1a44b7059c efi_loader: image_loader: add a check against certificate type of authenticode
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
  WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
  WIN_CERT_TYPE_PKCS_SIGNED_DATA
  WIN_CERT_TYPE_EFI_PKCS1_15

As EDK2 does, we will support the first two that are pkcs7 SignedData.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1b6c08548c efi_loader: image_loader: replace debug to EFI_PRINT
Just for style consistency, replace all the uses of debug() to
EFI_PRINT() in efi_image_loader.c.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:00:27 +02:00
Heinrich Schuchardt
4bb4249b39 efi_loader: printf code in efi_image_parse()
For size_t we have to use %zu for printing not %lu.

Fixes: 4540dabdca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-14 21:07:20 +02:00
Heinrich Schuchardt
55af40a578 efi_loader: simplify PE consistency check
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:18 +02:00
Heinrich Schuchardt
13f62d9f7e efi_loader: function description cmp_pe_section()
Rework the description of function cmp_pe_section().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
4afceb4d17 efi_loader: function descriptions efi_image_loader.c
We want to follow the Linux kernel style for function descriptions.

Add missing parentheses after function names.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
AKASHI Takahiro
52d7bfe787 efi_loader: image_loader: fix a Coverity check against array access
Coverity detected:
  Using "&opt->CheckSum" as an array.  This might corrupt or misinterpret
  adjacent memory locations.

The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.

Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-09 09:30:27 +02:00
Heinrich Schuchardt
d7ca3ce3d3 efi_loader: crypto/pkcs7_parser.h is not a local include
User <> and not "" for referencing a global include.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:18 +02:00
Patrick Wildt
6f146155f8 efi_loader: pkcs7_parse_message() returns error pointer
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL.  We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:17 +02:00
AKASHI Takahiro
e3f5c9cb0f lib/crypto, efi_loader: move some headers to include/crypto
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
4540dabdca efi_loader: image_loader: support image authentication
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Simon Glass
1eb69ae498 common: Move ARM cache operations out of common.h
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02 18:24:58 -05:00
Heinrich Schuchardt
126a43f15b efi_loader: unload applications upon Exit()
Implement unloading of images in the Exit() boot services:

* unload images that are not yet started,
* unload started applications,
* unload drivers returning an error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-05-07 21:10:03 +02:00
Heinrich Schuchardt
dec88e41e0 efi_loader: consistent naming of protocol GUIDs
We should consistently use the same name for protocol GUIDs as defined in
the UEFI specification. Not adhering to this rule has led to duplicate
definitions for the EFI_LOADED_IMAGE_PROTOCOL_GUID.

Adjust misnamed protocol GUIDs.

Adjust the text for the graphics output protocol in the output of the
`efidebug dh` command.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-23 00:37:27 +02:00
AKASHI Takahiro
bc8fc32855 efi_loader: boottime: add loaded image device path protocol to image handle
To meet UEFI spec v2.7a section 9.2, we should add
EFI_LOADED_IMAGE_DEVICE_PATH_PROTOCOL to image handle,
instead of EFI_DEVICE_PATH_PROTOCOL.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-07 14:17:06 +02:00
AKASHI Takahiro
8458bf648f efi_loader: set image_base and image_size to correct values
Currently, image's image_base points to an address where the image was
temporarily uploaded for further loading. Since efi_loader relocates
the image to final destination, image_base and image_size should reflect
that.

This bug was detected in UEFI SCT, "Loaded Image Protocol Test - test 2,"
which shows that 'Unload' function doesn't fit into a range suggested by
image_base and image_size.

	TestCase/UEFI/EFI/Protocol/LoadedImage/BlackBoxTest/
	LoadedImageBBTestMain.c:1002

Changes in this patch also includes:
* reverts a patch, "efi_loader: save image relocation address
  and size" since newly added fields are no longer needed.
* copy PE headers as well since those information will be needed
  for module loading, in particular, at gurb.
  (This bug was reported by Heinrich.)

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Rebase patch.
Remove unused fields from struct efi_loaded_image_obj.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-04-07 14:17:06 +02:00
Heinrich Schuchardt
997fc12ec9 efi_loader: do not miss last relocation block
If the last block in the relocation table contains only a single
relocation, the current coding ignores it.

Fix the determination of the end of the relocation table.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-02-16 15:51:14 +01:00
Heinrich Schuchardt
1db561e11f efi_loader: documentation of image loader
- Add missing function descriptions.
- Update existing function descriptions to match Sphinx style.
- Add lib/efi_loader/efi_image_loader.c to the input files for Sphinx
  generated documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-02-16 15:48:58 +01:00
Heinrich Schuchardt
8f7e2b2980 efi_loader: set entry point in efi_load_pe()
Up to now efi_load_pe() returns the entry point or NULL in case of an
error. This does not allow to return correct error codes from LoadImage().

Let efi_load_pe() return a status code and fill in the entry point in the
corresponding field of the image object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-02-16 15:42:20 +01:00
Heinrich Schuchardt
c982874e93 efi_loader: refactor efi_setup_loaded_image()
Create the handle of loaded images and the EFI_LOADED_IMAGE_PROTOCOL
inside efi_setup_loaded_image(). Do not use local variables.

Currently we expect the loaded image handle to point to the loaded image
protocol. Additionally we have appended private fields to the protocol.

With the patch the handle points to a loaded image object and the private
fields are added here. This matches how we handle the net and the gop
object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-09-23 21:55:31 +02:00
Alexander Graf
b59f69712b efi_loader: Use compiler constants for image loader
The EFI image loader tries to determine which target architecture we're
working with to only load PE binaries that match.

So far this has worked based on CONFIG defines, because the target CPU
was always indicated by a config define. With sandbox however, this is
not longer true as all sandbox targets only encompass a single CONFIG
option and so we need to use compiler defines to determine the CPU
architecture.

Signed-off-by: Alexander Graf <agraf@suse.de>
2018-07-25 14:57:43 +02:00
Alexander Graf
de452c04c3 riscv: Add support for HI20 PE relocations
The PE standard allows for HI20/LOW12 relocations. Within the efi_loader
target we always know that our relocation target is 4k aligned, so we
don't need to worry about the LOW12 part.

This patch adds support for the respective relocations. With this and a
few grub patches I have cooking in parallel I'm able to run grub on RISC-V.

Signed-off-by: Alexander Graf <agraf@suse.de>
2018-06-14 10:52:14 +02:00
Heinrich Schuchardt
1f0532ca15 efi_loader: remove unnecessary include
asm/global_data.h is already included via common.h.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-06-03 15:27:20 +02:00
Ivan Gorinov
e2dc4229ad efi_loader: correctly apply relocations from the .reloc section
Instead of difference between preferred and actual image base, the
actual base is added to the fields specified in the .reloc section.

Use ImageBase from PE optional header to compute the delta,
exit early if the image is loaded at the preferred address.

Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2018-06-03 15:27:20 +02:00
Alexander Graf
89aea43642 efi_loader: Use EFI_CACHELINE_SIZE in the image loader too
We were using our EFI_CACHELINE_SIZE define only in the runtime service
code, but left the image loader to use plain CONFIG_SYS_CACHELINE_SIZE.

This patch moves EFI_CACHELINE_SIZE into efi_loader.h and converts
the image loader to use it.

Signed-off-by: Alexander Graf <agraf@suse.de>
2018-05-29 14:43:12 +08:00
Tom Rini
f739fcd831 SPDX: Convert a few files that were missed before
As part of the main conversion a few files were missed.  These files had
additional whitespace after the '*' and before the SPDX tag and my
previous regex was too strict.  This time I did a grep for all SPDX tags
and then filtered out anything that matched the correct styles.

Fixes: 83d290c56f ("SPDX: Convert all of our single license tags to Linux Kernel style")
Reported-by: Heinrich Schuchardt <xypron.debian@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-10 20:38:35 -04:00