Some images may have multiple copies of the same thing, e.g. two versions
of the read/write U-Boots. It is necessary to read data from one or other
of these under selection of the verified-boot logic. Add a function to
select the subnode to use.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this logic out of the main init function so it is available for
other purpose.
Use a different error when multiple-images is in use but no subnode is
available. This makes it easier to determine what is wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
Unfortunately the toolchain often brings in the crc32 table even if the
function is not actually used. For now, exclude it from the TPL build,
which is very sensitive to size.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this code uses a simple printf() format if running in SPL. But
SPL can use the full printf. Use USE_TINY_PRINTF instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This includes information about sandbox which is not relevant for most
boards. Drop it.
Also add the address to help figure out the problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The field Media.LastBlock of the EFI_BLOCK_IO_PROTOCOL.Media was filled
incorrectly both for block devices as well as for partitions.
The field must be filled with the index of the last logical block (LBA):
* block devices: device size minus 1
* partitions: partition size minus 1
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires event notification levels to be
> TPL_APPLICATION and <= TPL_HIGH_LEVEL.
With the patch the CreateEvent() and CreatedEventEx() services are changed
to check that the notification level is not TPL_APPLICATION.
Reference:
UEFI Specification 2.8 Errata B, table 27 "TPL Restrictions",
"Event Notification Levels"
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CID 316361 says:
> Passing argument "count * 8UL /* sizeof (*files) */" to
> function "dlmalloc" and then casting the return value to "u16 **" is
> suspicious. In this particular case "sizeof (u16 **)" happens to be equal
> to "sizeof (u16 *)", but this is not a portable assumption.
> > 767 tmp_files = malloc(count * sizeof(*files));
The change in this patch fixes the ambiguity.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: CID 316361
For readability use *tmp_files instead of tmp_files[0]
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use the correct GUID when closing the file load protocol.
Remove an unnecessary check (Coverity CID 316363).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Provide a test tool for initial RAM disk provided via load file2 protocol.
* Make more items configurable to reduce code size:
* Boot manager
* EFI_DT_FIXUP_PROTOCOL
* EFI_DEVICE_PATH_UTILITIES_PROTOCOL
* Bug fixes
* avoid EFI runtime symbols in global symbol table
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmAIHfIACgkQxIHbvCwF
GsSz8g/+No9xNYiAK1pY0Fjus6ZSfBhMCY9NGwkEkyzFwXZG+ckmlWwMd+auk8Oz
noU5vVBkr4JdrdpACdgiCdCeAfsYwxPy7/GulgVMLpptMlrLfbOhA/n7uOzhAilV
QDt3BouOuvW+sVlxoxD2FNkpw4vFS6CasFgBj1+tWunARoXqIRxD4MbFp1zwApHb
qC67jomsDS6MvQtrebZ3Erqkp67W0RVtD6X4KGq8+6g+8akVAan5zl7/gPj9Z8h6
M1AXG/pLqDMrG+3RFGMyqncPOlxPVL85BQAAJVB8/SQcAQ726R4z/ia+3VBFBWWf
N9rmzNJ9KnbAr3OHZnfqYITe/E2xgiRVqTYl5IL8701E41qhEjRiBWFF+U+QG/8b
3IByp4FZXVbVxjsjK8dIi5aTmBvznwb0HcrlcbwJRonTvBCBOZCVIoAn2PalZUFW
4zc4hGaoWVTdwRXaiiQKQuAfA52B3tfPqfWyUsm1E+crf/JYngstQe4A88FDorV6
ozISWNXb5RzYdNluewJl2c1rfWcUiWHbbnKMt+YbDvE4OTy6lbJC9oY0mNfPE7nK
7cq/Tk8WNhrMIv95nqzDBCv78naa0iQF5P+tHk6/r3IJ/wFFyD6f4ZvGijvCK+9o
vgnmK0kz9Qd53m+g4L54xpTsyoCXaU2N9zzD1QgwV3HjW2JyjxY=
=yVF7
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-04-rc1-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-04-rc1-2
* Provide a test tool for initial RAM disk provided via load file2 protocol.
* Make more items configurable to reduce code size:
* Boot manager
* EFI_DT_FIXUP_PROTOCOL
* EFI_DEVICE_PATH_UTILITIES_PROTOCOL
* Bug fixes
* avoid EFI runtime symbols in global symbol table
EFI applications must use CR LF as line endings.
Provide a print() function to reduce code size.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide an UEFI application to save the initial RAM disk provided by U-Boot
via the Load File2 protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. It was however required to run the UEFI Self Certification Test
(SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of
running the SCT.
As the SCT does not need the protocol anymore it is time for removal.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.
On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move all load options related functions to a new module. So that they can
be compiled independently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When calculating a random UUID we use a weak seed.
Use a RNG device if present to increase entropy.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Reviewed-by: Torsten Duwe <duwe@suse.de>
- Update qemu-riscv.rst build instructions.
- Add support for SPI on Kendryte K210.
- Add Microchip PolarFire SoC Icicle Kit support.
- Add support for an early timer.
- Select TIMER_EARLY to avoid infinite recursion for Trace.
When tracing functions is enabled this adds calls to
__cyg_profile_func_enter() and __cyg_profile_func_exit() to the traced
functions.
__cyg_profile_func_enter() and __cyg_profile_func_exit() invoke
timer_get_us() to record the entry and exit time.
initr_dm() will make gd->dm_root = NULL and gd->timer = NULL, so
timer_get_us() -> get_ticks() -> dm_timer_init() will lead to an
indefinite recursion.
So select TIMER_EARLY when tracing got enabled.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Change 2 typo error in CONFIG_LIB_ELF description:
- Supoort => Support
- fir => for
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Building fails with DEBUG=1:
lib/aes.c: In function ‘debug_print_vector’:
lib/aes.c:622:45: error:
cast from pointer to integer of different size
[-Werror=pointer-to-int-cast]
622 | printf("%s [%d] @0x%08x", name, num_bytes, (u32)data);
Pointers can only be cast to (uintptr_t). But anyway we have
%p for printing pointers.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
A common use of memmove() can be handled by memcpy(). Also memcpy()
includes an optimization for large sizes: it copies a word at a time. So
we can get a speed-up by calling memcpy() to handle our move in this case.
Update memmove() to call also memcpy() if the source don't overlap
the destination (src + count <= dest).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
When setting aside a GPT partition for holding the U-Boot environment,
having a partition type GUID [1] indicating "Linux filesystem" (as
most tools default to) is somewhat misleading - and there's no other
well-known type GUID that is better suited. So to have a canonical
value to put into the type field, define
3de21764-95bd-54bd-a5c3-4abe786f38a8
to mean a partition holding a U-Boot environment.
This is a v5 namespace-name GUID [2], generated [3] from a namespace
of "25cbcde0-8642-47c6-a298-1a3a57cd256b" and name "U-Boot
environment".
Should future type GUIDs be defined in the context of U-Boot, it's
sensible to use that same namespace GUID.
[1] https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs
[2] https://en.wikipedia.org/wiki/Universally_unique_identifier#Versions_3_and_5_(namespace_name-based)
[3] https://www.uuidtools.com/v5
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
There's no reason to require an appropriately sized output parameter
for the string, that's error-prone should the table ever grow an
element with a longer string. We can just return the const char*
pointer directly.
Update the only caller accordingly, and get rid of pointless ifdeffery
in the header so that the compiler always sees a declaration and can
thus do type-checking, whether or not PARTITION_TYPE_GUID is enabled
or not.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
The dtbdump.efi binary can already be used to dump the configuration table
with the device-tree to a file.
With this patch a device-tree file can be loaded. The EFI_DT_FIXUP_PROTOCOL
is called to
* apply U-Boot's fix-ups
* let U-Boot make memory reservations as required by the device-tree
* install the new device-tree as configuration table
In a next step this configuration table can be dumped.
A dtbdump.efi session would look like:
DTB Dump
========
=> load test.dtb
device-tree installed
=> save fixed-up.dtb
fixed-up.dtb written
=> exit
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In efi_mem_sort() adjacent memory regions of same type are coalesced.
Remove the remark "Merging of adjacent free regions is missing".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We do not want to use typedefs in U-Boot.
Do not use efi_string_t in the EFI_TEXT_OUTPUT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let helloworld.efi print the device path of the boot device and the file
path as provided by the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl/09LURHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIrebjwwf/fHRjYsAY/Yj/+y1xgo3L3sphIvQUqTDF
KkLl+kHdV5r8W/HJULxLQcF2r7pcPEI6TAQxuj3qQ5SUvm2HviS8GHGPawDEwyht
HgBp9VD56+HUadMfnbG//DVS73ycbL4XSKlYqpkINEejtnlttsCIawUXX5cTyGM/
59VkgnKrKvJQRUXvYLa8MTugTs4fkPJGDqhActBk/7SP1SImj+rfalNSqA2/dx6y
2RnPCSzB1x2231KSj+B1NgGlR3Xb8P8zgh20ijcEU/hrlXBTZyi7K7f4SJR30Efu
LYkkuj4VbxcV/25RozR0fmknqCs0QyAI+/dql6TNtbTSPC/jAfj0jQ==
=9kN3
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-5jan21' of git://git.denx.de/u-boot-dm into next
Driver model: make some udevice fields private
Driver model: Rename U_BOOT_DEVICE et al.
dtoc: Tidy up and add more tests
ns16550 code clean-up
x86 and sandbox minor fixes for of-platdata
dtoc prepration for adding build-time instantiation
This error should not happen in normal use. Reduce the length of it to
save space in the image.
Add an empty spl.h file to sh since it appears to lack this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Most drivers use these access methods but a few do not. Update them.
In some cases the access is not permitted, so mark those with a FIXME tag
for the maintainer to check.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Typedefs should not be used in U-Boot and structs should be lower case.
Update the code to use struct ns16550 consistently.
Put a header guard on the file while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Add support for enabling uefi capsule authentication. This feature is
enabled by setting the environment variable
"capsule_authentication_enabled".
The following configs are needed for enabling uefi capsule update and
capsule authentication features on the platform.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
CONFIG_EFI_CAPSULE_FIRMWARE=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_CAPSULE_AUTHENTICATE=y
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
