mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-14 17:07:38 +00:00
d5d9770f58
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmU7j50ACgkQgS8AYozs +qIh8w/+O4UjT0sG1NLwmyV7U1Ypk+EyYaE6wmSWzpsJLfH/YvtObBJOYRuXxRVh J9lkgCsw8Ct1ZNCrp8iVO+Dz1DtV8+QvTecrUHZqcOhTYDaqxXnlvEH2/EUhgo5T 9a/ZaDtOP1mKz754C4G6G363+iRCvbcqDECeKg9VYxfWCo1cINOmqyQCqlGxFT+h PKiB5VzUpN/K/yiie+Hr42/+6XaykAUjUvEWeyKOsRmYY4lNiK22vG/puE42bFTh catXwTE2a7x+yzPKkdhR0UGvDUlIKET2kF6mi+pYN2h/cSUxWTzbP/OxcU9yJOnm qJiRZ+Woez1I7ul6ln4ci2kiWc3CTYFXfctwrBJPuJ/EO+2EEb3oHqG2S3Fc9VBZ N17flHW7XZHEQbNexlUhk9cRpCwRuSA5OJXwW+IZIuydgNeo3xF0iYvipbjkEGgW BBkt8PH+ivTLjEz6Gcmquvo1fHGJLHRIPg7DNb0phGHviuC0zlDJ7N5DZk0CpkiT 36siV9xK4X6qvWkOTa6Ldw60e4tN9nv3VG30uXtPHi3XdOkKfNkyIuqO/5BkkQPt 6yEc9IYXYoWNKDVUGme5+xszZp1sSvqltajG9VVNupt958dFyOSgS5aNa6B4UsWX 3XfndP1/s2bezUHoQx5zjraapKVrqBFLkGeTlCDUD+mEgP440G8= =gvDs -----END PGP SIGNATURE----- Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm bootX measurements and measurement API moved to u-boot core: Up to now, U-Boot could perform measurements and EventLog creation as described by the TCG spec when booting via EFI. The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained both EFI specific code + the API needed to access the TPM, extend PCRs and create an EventLog. The non-EFI part proved modular enough and moving it around to the TPM subsystem was straightforward. With that in place we can have a common API for measuring binaries regardless of the boot command, EFI or boot(m|i|z), and contructing an EventLog. I've tested all of the EFI cases -- booting with an empty EventLog and booting with a previous stage loader providing one and found no regressions. Eddie tested the bootX part. Eddie also fixed the sandbox TPM which couldn't be used for the EFI code and it now supports all the required capabilities. This had a slight sideeffect in our testing since the EFI subsystem initializes the TPM early and 'tpm2 init' failed during some python tests. That code only opens the device though, so we can replace it with 'tpm2 autostart' which doesn't error out and still allows you to perfom the rest of the tests but doesn't report an error if the device is already opened. There's a few minor issues with this PR as well but since testing and verifying the changes takes a considerable amount of time, I prefer merging it now. Heinrich has already sent a PR for -master containing "efi_loader: fix EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will cause any conflicts, but in any case they should be trivial to resolve. Both the EFI and non-EFI code have a Kconfig for measuring the loaded Device Tree. The reason this is optional is that we can't reason when/if devices add random info like kaslr-seed, mac addresses etc in the DT. In that case measurements are random, board specific and eventually useless. The reason it was difficult to fix it prior to this patchset is because the EFI subsystem and thus measurements was brought up late and DT fixups might have already been applied. With this patchset we can measure the DT really early in the future. Heinrich also pointed out that the two Kconfigs for the DTB measurements can be squashed in a single one and that the documentation only explains the non-EFI case. I agree on both but as I said this is a sane working version, so let's pull this first it's aleady big enough and painful to test.
159 lines
4.3 KiB
C
159 lines
4.3 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* (C) Copyright 2000-2009
|
|
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <bootm.h>
|
|
#include <command.h>
|
|
#include <image.h>
|
|
#include <irq_func.h>
|
|
#include <lmb.h>
|
|
#include <log.h>
|
|
#include <mapmem.h>
|
|
#include <asm/global_data.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/sizes.h>
|
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
|
/*
|
|
* Image booting support
|
|
*/
|
|
static int booti_start(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[], struct bootm_headers *images)
|
|
{
|
|
int ret;
|
|
ulong ld;
|
|
ulong relocated_addr;
|
|
ulong image_size;
|
|
uint8_t *temp;
|
|
ulong dest;
|
|
ulong dest_end;
|
|
unsigned long comp_len;
|
|
unsigned long decomp_len;
|
|
int ctype;
|
|
|
|
ret = do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START,
|
|
images, 1);
|
|
|
|
/* Setup Linux kernel Image entry point */
|
|
if (!argc) {
|
|
ld = image_load_addr;
|
|
debug("* kernel: default image load address = 0x%08lx\n",
|
|
image_load_addr);
|
|
} else {
|
|
ld = hextoul(argv[0], NULL);
|
|
debug("* kernel: cmdline image address = 0x%08lx\n", ld);
|
|
}
|
|
|
|
temp = map_sysmem(ld, 0);
|
|
ctype = image_decomp_type(temp, 2);
|
|
if (ctype > 0) {
|
|
dest = env_get_ulong("kernel_comp_addr_r", 16, 0);
|
|
comp_len = env_get_ulong("kernel_comp_size", 16, 0);
|
|
if (!dest || !comp_len) {
|
|
puts("kernel_comp_addr_r or kernel_comp_size is not provided!\n");
|
|
return -EINVAL;
|
|
}
|
|
if (dest < gd->ram_base || dest > gd->ram_top) {
|
|
puts("kernel_comp_addr_r is outside of DRAM range!\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
debug("kernel image compression type %d size = 0x%08lx address = 0x%08lx\n",
|
|
ctype, comp_len, (ulong)dest);
|
|
decomp_len = comp_len * 10;
|
|
ret = image_decomp(ctype, 0, ld, IH_TYPE_KERNEL,
|
|
(void *)dest, (void *)ld, comp_len,
|
|
decomp_len, &dest_end);
|
|
if (ret)
|
|
return ret;
|
|
/* dest_end contains the uncompressed Image size */
|
|
memmove((void *) ld, (void *)dest, dest_end);
|
|
}
|
|
unmap_sysmem((void *)ld);
|
|
|
|
ret = booti_setup(ld, &relocated_addr, &image_size, false);
|
|
if (ret != 0)
|
|
return 1;
|
|
|
|
/* Handle BOOTM_STATE_LOADOS */
|
|
if (relocated_addr != ld) {
|
|
printf("Moving Image from 0x%lx to 0x%lx, end=%lx\n", ld,
|
|
relocated_addr, relocated_addr + image_size);
|
|
memmove((void *)relocated_addr, (void *)ld, image_size);
|
|
}
|
|
|
|
images->ep = relocated_addr;
|
|
images->os.start = relocated_addr;
|
|
images->os.end = relocated_addr + image_size;
|
|
|
|
lmb_reserve(&images->lmb, images->ep, le32_to_cpu(image_size));
|
|
|
|
/*
|
|
* Handle the BOOTM_STATE_FINDOTHER state ourselves as we do not
|
|
* have a header that provide this informaiton.
|
|
*/
|
|
if (bootm_find_images(flag, argc, argv, relocated_addr, image_size))
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int do_booti(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
|
|
{
|
|
int ret;
|
|
|
|
/* Consume 'booti' */
|
|
argc--; argv++;
|
|
|
|
if (booti_start(cmdtp, flag, argc, argv, &images))
|
|
return 1;
|
|
|
|
/*
|
|
* We are doing the BOOTM_STATE_LOADOS state ourselves, so must
|
|
* disable interrupts ourselves
|
|
*/
|
|
bootm_disable_interrupts();
|
|
|
|
images.os.os = IH_OS_LINUX;
|
|
#ifdef CONFIG_RISCV_SMODE
|
|
images.os.arch = IH_ARCH_RISCV;
|
|
#elif CONFIG_ARM64
|
|
images.os.arch = IH_ARCH_ARM64;
|
|
#endif
|
|
ret = do_bootm_states(cmdtp, flag, argc, argv,
|
|
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
|
|
BOOTM_STATE_RAMDISK |
|
|
#endif
|
|
BOOTM_STATE_MEASURE |
|
|
BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO |
|
|
BOOTM_STATE_OS_GO,
|
|
&images, 1);
|
|
|
|
return ret;
|
|
}
|
|
|
|
U_BOOT_LONGHELP(booti,
|
|
"[addr [initrd[:size]] [fdt]]\n"
|
|
" - boot Linux flat or compressed 'Image' stored at 'addr'\n"
|
|
"\tThe argument 'initrd' is optional and specifies the address\n"
|
|
"\tof an initrd in memory. The optional parameter ':size' allows\n"
|
|
"\tspecifying the size of a RAW initrd.\n"
|
|
"\tCurrently only booting from gz, bz2, lzma and lz4 compression\n"
|
|
"\ttypes are supported. In order to boot from any of these compressed\n"
|
|
"\timages, user have to set kernel_comp_addr_r and kernel_comp_size environment\n"
|
|
"\tvariables beforehand.\n"
|
|
#if defined(CONFIG_OF_LIBFDT)
|
|
"\tSince booting a Linux kernel requires a flat device-tree, a\n"
|
|
"\tthird argument providing the address of the device-tree blob\n"
|
|
"\tis required. To boot a kernel with a device-tree blob but\n"
|
|
"\twithout an initrd image, use a '-' for the initrd argument.\n"
|
|
#endif
|
|
);
|
|
|
|
U_BOOT_CMD(
|
|
booti, CONFIG_SYS_MAXARGS, 1, do_booti,
|
|
"boot Linux kernel 'Image' format from memory", booti_help_text
|
|
);
|