Some U-Boot code uses BUG_ON() and WARN_ON() macros. These use __FILE__
which can include quite a large path, depending on how U-Boot is built.
The existing assert() is only checked if DEBUG is enabled. Add a new one
which is always checked, and prints a (smaller) error in that case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a unit test for the EFI_RNG_PROTOCOL.
The list of algorithms is read. Two random numbers are generated. The test
checks that the two numbers differ.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Install the EFI_RNG_PROTOCOL implementation for it's subsequent use by
the kernel for features like kaslr.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for the EFI_RNG_PROTOCOL routines for the qemu arm64
platform. EFI_RNG_PROTOCOL is an uefi boottime service which is
invoked by the efi stub in the kernel for getting random seed for
kaslr.
The routines are platform specific, and use the virtio-rng device on
the platform to get random data.
The feature can be enabled through the following config
CONFIG_EFI_RNG_PROTOCOL
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Changed SPDX header to use /* instead of //.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For the RNG uclass we currently only have a test working on the sandbox.
Provide a command to test the hardware random number generator on
non-sandbox systems.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a driver for the virtio-rng device on the qemu platform. The
device uses pci as a transport medium. The driver can be enabled with
the following configs
CONFIG_VIRTIO
CONFIG_DM_RNG
CONFIG_VIRTIO_PCI
CONFIG_VIRTIO_RNG
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add a unit test for testing the rng uclass functionality using the
sandbox rng driver.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable support for random number generator on sandbox configs. This is
aimed primarily at adding unit test support for rng uclass.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a sandbox driver for random number generation. Mostly aimed at
providing a unit test for rng uclass.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable support for the rng device on the stm32mp15 configs.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Add a driver for the rng device found on stm32mp1 platforms. The
driver provides a routine for reading the random number seed from the
hardware device.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Remove a superfluous blank line
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add an entry for allowing clock enablement for the random number
generator peripheral, RNG1.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Add a uclass for reading a random number seed from a random number
generator device.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This test verifies the implementation of the 'bootm' extension that
handles UEFI binaries inside FIT images (enabled via CONFIG_BOOTM_EFI).
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch adds a new section "Launching a UEFI binary from a FIT image"
documenting the usage of the CONFIG_BOOTM_EFI extension to bootm command
that offers a verified boot alternative for UEFI binaries such as GRUB2.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch adds an example FIT image description file demonstrating
the usage of bootm command to securely launch UEFI binaries.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add support for booting EFI binaries contained in FIT images.
A typical usage scenario is chain-loading GRUB2 in a verified
boot environment.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.
Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:
/ {
#address-cells = <1>;
images {
efi-grub {
description = "GRUB EFI";
data = /incbin/("bootarm.efi");
type = "kernel_noload";
arch = "arm";
os = "efi";
compression = "none";
load = <0x0>;
entry = <0x0>;
hash-1 {
algo = "sha256";
};
};
};
configurations {
default = "config-grub";
config-grub {
kernel = "efi-grub";
signature-1 {
algo = "sha256,rsa2048";
sign-images = "kernel";
};
};
};
};
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we hit a matching GUID we can directly return the text. There is no
need for a check after the loop.
efi_guid_t is defined as 8 byte aligned but GUIDs in packed structures do
not follow this alignment. Do not require the argument of get_guid_text()
to be correctly aligned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Of all warning status codes up to now only EFI_WARN_DELETE_FAILURE is
defined.
The patch adds the missing definitions for later usage.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.
Free memory allocated for load options when the UEFI binary exits.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot can be compiled with function tracing enabled.
When compiling with FTRACE __cyg_profile_func_enter() is called when a
function is entered and __cyg_profile_func_exit() when the function is
left.
To avoid a crash we have to define these function for the free-standing
UEFI binaries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a comment indicating that the value of GPT_HEADER_SIGNATURE_UBOOT
equals the ASCII string 'EFI PART'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On a VT100 terminal <ESC>[2J should be enough to both clear the whole
screen and set the cursor to position (1, 1). But the Linux console does
not behave like this. So send an extra <ESC>[H. For reference see the
console_codes(4) man page.
Add a function description.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the following file to .gitignore
efi_miniapp_file_image_exception.h
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Use efi_miniapp_*.h instead of file enumeration.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().
Export the efi_install_fdt() function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.
If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the GetInfo() method of the EFI_FILE_PROTOCOL is called to retrieve
the file system info we claim that the volume is read only and has no free
space. This leads to failures in programs that check this information
before writing to the volume like SCT's InstallSct.efi.
Currently there is no function to determine these parameters in U-Boot. So
let's return optimistic values:
Return that the volume is writable.
Return the volume size as free space.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI applications like GRUB and SCT assume that function keys are enabled
on the keyboard.
Let EFI_LOADER imply USB_KEYBOARD_FN_KEYS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The index (IMAGE_DIRECTORY_ENTRY_SECURITY) in a table points to
a region containing authentication information (image's signature)
in PE format.
WIN_CERTIFICATE structure defines an embedded signature format.
Those definitions will be used in my UEFI secure boot patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Consider the following test sample:
@pytest.mark.buildconfigspec('fit')
@pytest.mark.notbuildconfigspec('generate_acpi_table')
def test_sample(u_boot_console):
Whatever the argument of the 'notbuildconfigspec' is,
the test ends up being skipped with the message:
('/uboot/test/py/conftest.py', 463,
'Skipped: .config feature "fit" enabled')
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
if MULTI_DTB_FIT is enabled it is helpful to display
the value of gd->multi_dtb_fit in bdinfo.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is black magic in the file conftest.py that list
all the test unit. Then, all those test unit are called
in pytest. This call is done with the end of the name
(for example checksum if the full name is bloblist_test_checksum).
The result is that only test for dm are really executed.
by pytest, all others tests are listed but never executed.
This behaviour happens because the dm test unit only check
the end of the name and others tests checks the full name.
To fix this issue, I've added a prefix to the function
cmd_ut_category, and this prefix is removed when looking
for the unit test.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Load the optional resource table from the firmware, and write its
address in the dedicated backup register.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Since the coprocessor state is tracked in a backup register, there is
no more need for tracking it in an environment variable : remove it.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Update the dedicated backup register to track the coprocessor state and
rely on that register to compute the .is_running() value (which expects
a return value of 0 -not 1- if the processor is running).
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Reset ResourceTableAddress and CoprocessorState at cold boot, preserve
these values at standby wakeup.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Use the backup register #17 as coprocessor resource table address and
backup register #18 as coprocessor state.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Add rproc_elf_load_rsc_table(), which searches for a resource table in
an elf64/elf32 image, and if found, copies it to device memory.
Add also the elf32 and elf64 variants of this API.
Add a test for this.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
spl_fit_get_image_name() is used to get the names of the images that the
SPL must load from the FIT. It relies on the content of a property present
in the FIT. The list of images is thus statically defined in the FIT.
With this scheme, it quickly becomes hard to manage combinations of more
than a handful of images.
To address this problem, give the board driver code the opportunity to
add to the list of images. The images from the FIT property are loaded
first, and then the board_get_fit_loadable() is called to get more image
names.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
