Ilias Apalodimas <ilias.apalodimas@linaro.org> says:
The arm linker scripts had a mix of symbols and C defined variables in an
effort to emit relative references instead of absolute ones e.g [0]. A
linker bug prevented us from doing so [1] -- fixed since 2016.
This has led to confusion over the years, ending up with mixed section
definitions. Some sections are defined with overlays and different
definitions between v7 and v8 architectures.
For example __efi_runtime_rel_start/end is defined as a linker symbol for
armv8 and a C variable in armv7.
Linker scripts nowadays can emit relative references, as long as the symbol
definition is contained within the section definition. So let's switch most
of the C defined variables and clean up the arm sections.c file.
There's still a few symbols remaining -- __secure_start/end,
__secure_stack_start/end and __end which can be cleaned up
in a followup series.
For both QEMU v7/v8 bloat-o-meter shows now size difference
$~ ./scripts/bloat-o-meter u-boot u-boot.new
add/remove: 0/0 grow/shrink: 0/0 up/down: 0/0 (0)
Function old new delta
Total: Before=798861, After=798861, chg +0.00%
The symbols seem largely unchanged apart from a difference in .bss
as well as the emited sections and object types of the affected variables.
On the output below the first value is from -next and the second comes from
-next + this patchset. The .bss_start/end sections have disappeared from
the newer binaries.
# For example on QEMU v8:
efi_runtime_start
7945: 0000000000000178 0 OBJECT GLOBAL DEFAULT 2 __efi_runtime_start
7942: 0000000000000178 0 NOTYPE GLOBAL DEFAULT 2 __efi_runtime_start
efi_runtime_stop
9050: 0000000000000d38 0 OBJECT GLOBAL DEFAULT 2 __efi_runtime_stop
9047: 0000000000000d38 0 NOTYPE GLOBAL DEFAULT 2 __efi_runtime_stop
__efi_runtime_rel_start
7172: 00000000000dc2f0 0 OBJECT GLOBAL DEFAULT 10 __efi_runtime_rel_start
7169: 00000000000dc2f0 0 NOTYPE GLOBAL DEFAULT 10 __efi_runtime_rel_start
__efi_runtime_rel_stop
7954: 00000000000dc4a0 0 OBJECT GLOBAL DEFAULT 10 __efi_runtime_rel_stop
7951: 00000000000dc4a0 0 NOTYPE GLOBAL DEFAULT 10 __efi_runtime_rel_stop
__rel_dyn_start
7030: 00000000000dc4a0 0 OBJECT GLOBAL DEFAULT 11 __rel_dyn_start
7027: 00000000000dc4a0 0 NOTYPE GLOBAL DEFAULT 11 __rel_dyn_start
__rel_dyn_end
8959: 0000000000102b10 0 OBJECT GLOBAL DEFAULT 12 __rel_dyn_end
8956: 0000000000102b10 0 NOTYPE GLOBAL DEFAULT 11 __rel_dyn_end
image_copy_start
9051: 0000000000000000 0 OBJECT GLOBAL DEFAULT 1 __image_copy_start
9048: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 1 __image_copy_start
image_copy_end
7467: 00000000000dc4a0 0 OBJECT GLOBAL DEFAULT 11 __image_copy_end
7464: 00000000000dc4a0 0 NOTYPE GLOBAL DEFAULT 11 __image_copy_end
bss_start
12: 0000000000102b10 0 SECTION LOCAL DEFAULT 12 .bss_start
8087: 0000000000000018 0 NOTYPE GLOBAL DEFAULT 1 _bss_start_ofs
8375: 0000000000102b10 0 OBJECT GLOBAL DEFAULT 12 __bss_start
8084: 0000000000000018 0 NOTYPE GLOBAL DEFAULT 1 _bss_start_ofs
8372: 0000000000102b10 0 NOTYPE GLOBAL DEFAULT 12 __bss_start
bss_end
14: 000000000010bc30 0 SECTION LOCAL DEFAULT 14 .bss_end
7683: 000000000010bc30 0 OBJECT GLOBAL DEFAULT 14 __bss_end
8479: 0000000000000020 0 NOTYPE GLOBAL DEFAULT 1 _bss_end_ofs
7680: 000000000010bbb0 0 NOTYPE GLOBAL DEFAULT 12 __bss_end
8476: 0000000000000020 0 NOTYPE GLOBAL DEFAULT 1 _bss_end_ofs
# For QEMU v7:
efi_runtime_start
10703: 000003bc 0 OBJECT GLOBAL DEFAULT 2 __efi_runtime_start
10699: 000003c0 0 NOTYPE GLOBAL DEFAULT 2 __efi_runtime_start
efi_runtime_stop
11796: 000012ec 0 OBJECT GLOBAL DEFAULT 2 __efi_runtime_stop
11792: 000012ec 0 NOTYPE GLOBAL DEFAULT 2 __efi_runtime_stop
__efi_runtime_rel_start
9937: 000c40dc 0 OBJECT GLOBAL DEFAULT 8 __efi_runtime_rel_start
9935: 000c40dc 0 NOTYPE GLOBAL DEFAULT 9 __efi_runtime_rel_start
__efi_runtime_rel_stop
10712: 000c41dc 0 OBJECT GLOBAL DEFAULT 10 __efi_runtime_rel_stop
10708: 000c41dc 0 NOTYPE GLOBAL DEFAULT 9 __efi_runtime_rel_stop
__rel_dyn_start
9791: 000c41dc 0 OBJECT GLOBAL DEFAULT 10 __rel_dyn_start
9789: 000c41dc 0 NOTYPE GLOBAL DEFAULT 10 __rel_dyn_start
__rel_dyn_end
11708: 000da5f4 0 OBJECT GLOBAL DEFAULT 10 __rel_dyn_end
11704: 000da5f4 0 NOTYPE GLOBAL DEFAULT 10 __rel_dyn_end
image_copy_start
448: 0000177c 0 NOTYPE LOCAL DEFAULT 3 _image_copy_start_ofs
11797: 00000000 0 OBJECT GLOBAL DEFAULT 1 __image_copy_start
445: 0000177c 0 NOTYPE LOCAL DEFAULT 3 _image_copy_start_ofs
11793: 00000000 0 NOTYPE GLOBAL DEFAULT 1 __image_copy_start
image_copy_end
450: 00001780 0 NOTYPE LOCAL DEFAULT 3 _image_copy_end_ofs
10225: 000c41dc 0 OBJECT GLOBAL DEFAULT 10 __image_copy_end
447: 00001780 0 NOTYPE LOCAL DEFAULT 3 _image_copy_end_ofs
10222: 000c41dc 0 NOTYPE GLOBAL DEFAULT 10 __image_copy_end
bss_start
11: 000c41dc 0 SECTION LOCAL DEFAULT 11 .bss_start
11124: 000c41dc 0 OBJECT GLOBAL DEFAULT 11 __bss_start
11120: 000c41dc 0 NOTYPE GLOBAL DEFAULT 11 __bss_start
bss_end
13: 000cbbf8 0 SECTION LOCAL DEFAULT 13 .bss_end
10442: 000cbbf8 0 OBJECT GLOBAL DEFAULT 13 __bss_end
10439: 000cbbf8 0 NOTYPE GLOBAL DEFAULT 11 __bss_end
It's worth noting that since the efi regions are affected by the change, booting
with EFI is preferable while testing. Booting the kernel only should be enough
since the efi stub and the kernel proper do request boottime and runtime
services respectively.
Something along the lines of
> virtio scan && load virtio 0 $kernel_addr_r Image && bootefi $kernel_addr_r
will work for QEMU aarch64.
Tested platforms:
- QEMU aarch64
- Xilinx kv260 kria starter kit & zynq
- QEMU armv7
- STM32MP157C-DK2
[0] commit 3ebd1cbc49 ("arm: make __bss_start and __bss_end__ compiler-generated")
[1] binutils commit 6b3b0ab89663 ("Make linker assigned symbol dynamic only for shared object")
__efi_runtime_rel_start/end are defined as c variables for arm7 only in
order to force the compiler emit relative references. However, defining
those within a section definition will do the same thing since [0].
On top of that the v8 linker scripts define it as a symbol.
So let's remove the special sections from the linker scripts, the
variable definitions from sections.c and define them as a symbols within
the correct section.
[0] binutils commit 6b3b0ab89663 ("Make linker assigned symbol dynamic only for shared object")
Suggested-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Sam Edwards <CFSworks@gmail.com>
Tested-by: Sam Edwards <CFSworks@gmail.com> # Binary output identical
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We should not try to remove protocol interfaces from a NULL handle.
efi_run_image() should always return the return code of the executed EFI
binary.
Fixes: 6422820ac3 ("efi_loader: split unrelated code from efi_bootmgr.c")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Code page 437 uses code points 1-31 for glyphs instead of control
characters. Map the appropriate Unicode code points to this code points.
Fixes rendering of grub2's menu as EFI application using the
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL on a console with bitmap fonts.
Signed-off-by: Janne Grunau <j@jannau.net>
- A new driver in the misc to register setting from device tree. This
also provides user a clean interface and all register settings are
centralized in one place, device tree.
- Enable Agilex5 platform for Intel product. Changes, modification and
new files are created for board, dts, configs and makefile to create
the base for Agilex5.
Build-tested on SoC64 boards, boot tested on some of them.
Moving the efi_carve_out_dt_rsv() call in commit 1be415b21b
("efi_loader: create memory reservations in ACPI case")
broke boards that create additional memory reservations in
ft_board_setup() since it is now called before those additional
memory reservations are made. This is the case for the rk3588
boards and breaks booting OpenBSD on those boards.
Move the call back to its original location and add a call in
the code path used for ACPI.
Fixes: 1be415b21b ("efi_loader: create memory reservations in ACPI case")
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
On RISC-V systems system the Supervisory Binary Interface provides system
reset and poweroff. Use it at EFI runtime.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The error message
Adding disk for usb_mass_storage.lun0 failed (err=-9223372036854775788/0x8000000000000014)
provides a decimal and a hexadecimal notation of the EFI status code
EFI_ALREADY_STARTED which is defined as (EFI_ERROR_MASK | 20).
The decimal output does not convey the value 20 clearly.
With the patch we write
Adding block device usb_mass_storage.lun0 failed, r = 20
similar to other EFI error messages.
Fixes: 952018117a ("dm: sandbox: Switch over to using the new host uclass")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the SMBIOS 3 entry point the Structure Table Maximum Size field was
incorrectly named max_struct_size. A Maximum Structure Size field only
exists in the SMBIOS 2.1 entry point and has a different meaning.
Call the Structure Table Length field table_maximum_size.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_get_variable_int() may fail, the buffer should be
cleared before using it.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Addresses-Coverity-ID: 478333 ("Error handling issues")
The code in find_smbios_table() is redundant to
efi_get_configuration_table(). Replace it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In multiple places we need a function to find an EFI configuration table.
Rename get_config_table() to efi_get_configuration_table() and export it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current U-Boot only supports the SMBIOS 3.0 entry point structure.
TCG2 measurement code should migrate to SMBIOS 3.0 entry
point structure.
efi_selftest tcg2 test also needs to be updated, and expected
PCR[1] result is changed since guid for SMBIOS EFI system table
uses different guid SMBIOS3_TABLE_GUID instead of SMBIOS_TABLE_GUID.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In case of UCLASS_EFI_LOADER, EFI handles are managed by
EFI application/driver, we must not delete EFI handles.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Current error handling of creating raw disk/partition has
following issues.
- duplicate free for EFI handle, EFI handle is already freed
in efi_delete_handle()
- missing free for struct efi_device_path and
struct efi_simple_file_system_protocol in some error paths
To address those issues, this commit creates the common function
to free the struct efi_disk_obj resources and calls it in case
of error.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_delete_handle() calls efi_purge_handle(), then it finally
frees the EFI handle.
Both diskobj and handle variables in efi_disk_remove() have
the same pointer, we can not access diskobj->dp after calling
efi_delete_handle().
This commit saves the struct efi_device_path pointer before
calling efi_delete_handle(). This commit also fixes the
missing free for volume member in struct efi_disk_obj.
This commit also removes the container_of() calls, and
adds the TODO comment of missing efi_close_protocol() call
for the parent EFI_BLOCK_IO_PROTOCOL.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit auto-generates the boot option for removable
block io devices followed by fixed block io devices.
This is what EDK II reference implementation does.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Current efibootmgr auto-generates the boot option for all
disks and partitions installing EFI_SIMPLE_FILE_SYSTEM_PROTOCOL,
while EDK II reference implementation auto-generates the boot option
for all devices installing EFI_BLOCK_IO_PROTOCOL with
eliminating logical partitions.
This commit modifies the efibootmgr to get aligned to EDK II.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
check_disk_has_default_file() function checks if the
architecture-specific default file exists on the block
device, and fills the default file device path if it exists.
Rename the function name to fill_default_file_path().
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* add generated index to table of contents
* create index entries for commands
* update Python packages used to build the documentation
* fix typos in dfu documentation
UEFI:
* split unrelated code from efi_bootmgr.c
* rename CONFIG_BOOTEFI_BOOTMGR to CONFIG_EFI_BOOTMGR
* net: tftp: remove explicit EFI configuration dependency
* fs: remove explicit EFI configuration dependency
Other:
* Add Goldfish RTC driver and make it available on RISC-V QEMU
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmWnit8ACgkQhO4vgnE3
U0uI5hAAiIx3GO7KM/T+xLYZksCyPLKoQZ8zCHcfguuB4pHtv5JeyBO4xbuWGCq4
0P3uDsrCBYJREd7MMRcuY0u7rQVTTMxlS59JvUuIaSJ4qYPEVS3ZsPnW7CrtT5ue
P6E/anEZK3e2xzQk3YMdAuxquLt6C9xIzFX0mMIRsRkRlYYVEqTeAtwMF+DaJzOy
5mO+6vbYEmuF+Oakt4OJkxjuJ2lbcNv1OxgmbgQehCtahtZyqC4/AGskq2BO4kEK
vB4N+orJThYQ2iqkMQmRJHifnuoxLoVS63YLbuDapzR216JusiZbVwqlKZgsNSiq
6fpHAC+l5Cam3KcCmQgmjEnyadXvdaHFvAP+a8ID4AX84F3zyrXKVBByiTB4M6ge
NPC4c6uhq+A6L9TLiGQ171y6Z8cKQiJdMG48EdOJeUlfFc8kROjPOalNY4LREsnx
I+Ma4SQY5MHBoqP9XQf3//5mLB4InElvEh8Up+r1i0QNuIuXjke3zEGIA/Zb0x1C
HqZ5HQDJKineIJDMU78iJCzC3uP74ZwTixGzTtW1c5eDSHPNoW/FTxZYlpge8yk1
LjmI+un5RS08dBMPWCGP9buDTMfnjQfbGYGT3In/yYbHOS/TE9REJdjFES1j4UpS
c9IMc5m+wF2h+cU4eFtUHFm9Pfn2hZkMeInauMumfQS7stj1Qdk=
=q+5u
-----END PGP SIGNATURE-----
Merge tag 'efi-2024-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Documentation:
* add generated index to table of contents
* create index entries for commands
* update Python packages used to build the documentation
* fix typos in dfu documentation
UEFI:
* split unrelated code from efi_bootmgr.c
* rename CONFIG_BOOTEFI_BOOTMGR to CONFIG_EFI_BOOTMGR
* net: tftp: remove explicit EFI configuration dependency
* fs: remove explicit EFI configuration dependency
Other:
* Add Goldfish RTC driver and make it available on RISC-V QEMU
At this point, EFI boot manager interfaces is fully independent from
bootefi command. So just rename the configuration parameter.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some code moved from cmd/bootefi.c is actually necessary only for "bootefi
<addr>" command (starting an image manually loaded by a user using U-Boot
load commands or other methods (like JTAG debugger).
The code will never been opted out as unused code by a compiler which
doesn't know how EFI boot manager is implemented. So introduce a new
configuration, CONFIG_EFI_BINARY_EXEC, to enforce them opted out
explicitly.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
QEMU provides SMBIOS tables with detailed information. We should not try to
replicate them in U-Boot.
If we want to inform about U-Boot, we can add a Firmware Inventory
Information (type 45) table in future.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit stores the firmware version into the array
of fmp_state structure to support the fmp versioning
for multi bank update. The index of the array is identified
by the bank index.
This modification keeps the backward compatibility with
the existing versioning feature.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The capsule update uses the DFU framework for updating
storage. fwu_get_image_index() currently returns the
image_index calculated by (dfu_alt_num + 1), but this is
different from the image_index in UEFI terminology.
Since capsule update implementation calls dfu_write_by_alt
function, it is better that FWU returns the dfu_alt_num.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Looking back at the initrd storing functionality, we introduced three
functions, efi_dp_append_or_concatenate(), efi_dp_append/concat(). In
hindsight we could have simplified that by a lot. First of all none of
the functions append anything. They all allocate a new device path and
concatenate the contents of two device paths in one. A boolean parameter
controls the final device path -- if that's true an end node is injected
between the two device paths.
So let's rewrite this and make it a bit easier to read. Get rid of
efi_dp_append(), efi_dp_concat() and rename
efi_dp_append_or_concatenate() to efi_dp_concat(). This is far more
intuitive and the only adjustment that is needed is an extra boolean
argument on all callsites.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
part and dev_index in struct efi_disk_obj are not used,
let's remove it.
This commit also removes the invalid structure comment
for @dev, it does not exist.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If one of the FMP protocols fails when calling GetImageInfo(),
populating the ESRT ends up with failure and other FMP protocols
are not added to the ESRT. We should still add all other FMP
protocols to the ESRT.
With this commit, iteration of all FMP protocols continues
even though one of the FMP protocols fails.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
An EFI binary smbiosdump.efi is provided that can be used to check the
SMBIOS table for consistency and to dump it as a file.
The tool provides the following commands:
check
Check the SMBIOS table for consistency.
exit
Leave the tool.
help
Show available commands.
save
Save the SMBIOS table to a file on the EFI system partition. The file
can be further analyzed with the dmidecode command line tool::
dmidecode --from-dump <filename>
Specifying 'nocolor' as load option data suppresses colored output and
clearing of the screen.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The smbios.h include does not use any definitions from ofnode.h.
So don't include it.
As DECLARE_GLOBAL_DATA_PTR is no longer defined via dm/of.h we need to
add it to efi_smbios.c.
Add now missing includes to smbios-parser.c.
Remove a superfluous check comparing the sizes of the SMBIOS 2.1 and SMBIOS
3.0 anchors.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present this code allocates memory when writing the tables and
then unnecessarily adds another memory map when installing it.
Adjust the code to allocate the tables using the normal U-Boot
mechanism. This avoids doing an EFI memory allocation early in
U-Boot, which may use memory that would be overwritten by a
'load' command, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Only the v3 table is supported now, so always use this when installing
the EFI table.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI does not use the 'anchor string' to determine the SMBIOS table
version, instead preferring to have two separate GUIDs. Use the correct
one, depending on the table version.
Call unmap_system() to balance to the use of map_sysmem()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This should access arch-specific properties. Fix it and update the
existing usage.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We largely do not need <common.h> in these files, so drop it. The only
exception here is that efi_freestanding.c needs <linux/types.h> and had
been getting that via <common.h>.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
In the prior commits, interfaces for executing EFI binary and boot manager
were carved out. Move them under efi_loader directory so that they can
be called from other places without depending on bootefi command.
Only efi_selftest-related code will be left in bootefi.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
commit 239d59a65e ("efi_loader: reconnect drivers on failure")
tried to fix the UninstallProtocol interface which must reconnect
any controllers it disconnected by calling ConnectController()
in case of failure. However, the reconnect functionality was wired in
efi_disconnect_all_drivers() instead of efi_uninstall_protocol().
As a result some SCT tests started failing.
Specifically, BBTestOpenProtocolInterfaceTest333CheckPoint3() test
- Calls ConnectController for DriverImageHandle1
- Calls DisconnectController for DriverImageHandle1 which will
disconnect everything apart from TestProtocol4. That will remain
open on purpose.
- Calls ConnectController for DriverImageHandle2. TestProtocol4
which was explicitly preserved was installed wth BY_DRIVER attributes.
The new protocol will call DisconnectController since its attributes
are BY_DRIVER|EXCLUSIVE, but TestProtocol4 will not be removed. The
test expects EFI_ACCESS_DENIED which works fine.
The problem is that DisconnectController, will eventually call
EFI_DRIVER_BINDING_PROTOCOL.Stop(). But on the aforementioned test
this will call CloseProtocol -- the binding protocol is defined in
'DBindingDriver3.c' and the .Stop function uses CloseProtocol.
If that close protocol call fails with EFI_NOT_FOUND, the current code
will try to mistakenly reconnect all drivers and the subsequent tests
that rely on the device being disconnected will fail.
Move the reconnection in efi_uninstall_protocol() were it belongs.
Fixes: commit 239d59a65e ("efi_loader: reconnect drivers on failure")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
ACPI tables cannot convey memory reservations for ARM and RISC-V.
x86 uses the BIOS E820 table for this purpose. We cannot simply ignore the
device-tree when booting via ACPI. We have to assign EfiReservedMemory
according to the prior stage device-tree ($fdtaddr) or as fallback the
control device-tree ($fdtcontroladdr).
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We currently use an outdated format 32-bit format for SMBIOS tables.
So we must allocate SMBIOS tables below 4 GiB.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is unclear to developers why efi_var_from_file() returns EFI_SUCCESS if
file ubootefi.var is missing or corrupted. Improve the description.
Reported-by: Weizhao Ouyang <o451686892@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Weizhao Ouyang <o451686892@gmail.com>
The result of efi_append_scrtm_version() is overwritten before anyone
checks its result. Check it and exit the function on failures
Addresses-Coverity-ID: 467399 Code maintainability issues (UNUSED_VALUE)
Fixes: commit 97707f12fd ("tpm: Support boot measurements")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In commit 9fd3f881c6 ("efi_loader: Increase default variable store size to 64KiB")
Alper has a detailed explanation of why the size needs to be bumped to at
least 64K. However enabling Secure boot, writing db, KEK, PK etc keys
will further increase the size so bump it to 128K.
It's worth noting that when U-Boot stores the EFI variables in an RPMB the
available storage is defined statically in StandAloneMM at build time.
The U-Boot code is detecting the available true size on the fly during
writes. When StandAloneMM is present this size defines the reserved
memory U-Boot can use to copy any runtime variables, before booting an
OS.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This supports to boot from the URI device path.
When user selects the URI device path, bootmgr downloads
the file using wget into the address specified by loadaddr
env variable.
If the file is .iso or .img file, mount the image with blkmap
then try to boot with the default file(e.g. EFI/BOOT/BOOTAA64.EFI).
Since boot option indicating the default file is automatically
created when new disk is detected, system can boot by selecting
the automatically created blkmap boot option.
If the file is PE-COFF file, load and start the downloaded file.
The buffer used to download the ISO image file must be
reserved to avoid the unintended access to the image and
expose the ramdisk to the OS.
For PE-COFF file case, this memory reservation is done
in LoadImage Boot Service.
[Ilias fix a few memory leaks by replacing returns with gotos]
Lore: https://lore.kernel.org/u-boot/20231110042542.3797301-1-masahisa.kojima@linaro.org/T/#mbac31da301ff465b60894b38f3a587b2868cf817
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When the image loaded by efibootmgr returns, efibootmgr
needs to clean the resources. Adding the event of returning
to efibootmgr is useful to simplify the implementation.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
const classifier is missing in EventGroup parameter of
CreateEventEx(). Fix it to remove the compiler warning.
NotifyContext parameter of CreateEventEx() is also defined
with const in UEFI specification, but NotifyContext parameter
of CreateEvent() is defined without const.
Since current implementation calls the common efi_create_event()
function from both CreateEventEx() and CreateEvent() services,
NotifyContext parameter leaves as is.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Changes for complying to EFI spec §3.5.1.1
'Removable Media Boot Behavior'.
Boot variables can be automatically generated during a removable
media is probed. At the same time, unused boot variables will be
detected and removed.
Please note that currently the function 'efi_disk_remove' has no
ability to distinguish below two scenarios
a) Unplugging of a removable media under U-Boot
b) U-Boot exiting and booting an OS
Thus currently the boot variables management is not added into
'efi_disk_remove' to avoid boot options being added/erased
repeatedly under scenario b) during power cycles
See TODO comments under function 'efi_disk_remove' for more details
The original efi_secboot tests expect that BootOrder EFI variable
is not defined. With this commit, the BootOrder EFI variable is
automatically added when the disk is detected. The original
efi_secboot tests end up with unexpected failure.
The efi_secboot tests need to be modified to explicitly set
the BootOrder EFI variable.
squashfs and erofs ls tests are also affected by this modification,
need to clear the previous state before squashfs ls test starts.
Co-developed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Joao Marcos Costa <jmcosta944@gmail.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The efi_gop driver uses private fields from the video uclass to obtain a
pointer to the frame buffer. Use the platform data instead.
Check the VIDEO_COPY setting to determine which frame buffer to use. Once
the next stage is running (and making use of U-Boot's EFI boot services)
U-Boot does not handle copying from priv->fb to the hardware framebuffer,
so we must allow EFI to write directly to the hardware framebuffer.
We could provide a function to read this, but it seems better to just
document how it works. The original change ignored an explicit comment
in the video.h file ("Things that are private to the uclass: don't use
these in the driver") which is why this was missed when the VIDEO_COPY
feature was added.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 8f661a5b66 ("efi_loader: gop: Expose fb when 32bpp")
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The command should not be used to enable library functionality. Add a
new BOOTEFI_BOOTMGR Kconfig for that. Adjust the conditions so that the
same code is built.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
For the API moving around from EFI -> u-boot core
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
For EFI testing
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
It is not always the case that U-Boot builds the ACPI tables itself. For
example, when booting from coreboot, the ACPI tables are built by
coreboot.
Correct the Makefile condition so that U-Boot can pass on tables built
by a previous firmware stage.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The EFI capsule authentication logic in u-boot expects the public key
in the form of an EFI Signature List(ESL) to be provided as part of
the platform's dtb. Currently, the embedding of the ESL file into the
dtb needs to be done manually.
Add a target for generating a dtsi file which contains the signature
node with the ESL file included as a property under the signature
node. Include the dtsi file in the dtb. This brings the embedding of
the ESL in the dtb into the U-Boot build flow.
The path to the ESL file is specified through the
CONFIG_EFI_CAPSULE_ESL_FILE symbol.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When a notification event is registered for a protocol the handle of the
protocol is added in our event notification list. When all the protocols
of the handle are uninstalled we delete the handle but we do not remove
it from the event notification list.
Clean up the protocol removal functions and add a wrapper which
- Removes the to-be deleted handle from any lists it participates
- Remove the handle if no more protocols are present
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In efi_add_known_memory() we currently call board_get_usable_ram_top() with
an incorrect value 0 of parameter total_size. This leads to an incorrect
value for ram_top depending on the code in board_get_usable_ram_top().
Use the value of gd->ram_top instead which is set before relocation by
calling board_get_usable_ram_top().
Fixes: 7b78d6438a ("efi_loader: Reserve unaccessible memory")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add MM communication support using FF-A transport
This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.
An MM shared buffer and a door bell event are used to exchange
the data.
The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.
The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).
On such event, MM SP can read the data and updates the MM shared
buffer with the response data.
The response data is copied back to the communication buffer and
consumed by the EFI subsystem.
MM communication protocol supports FF-A 64-bit direct messaging.
We tested the FF-A MM communication on the Corstone-1000 platform.
We ran the UEFI SCT test suite containing EFI setVariable, getVariable and
getNextVariable tests which involve FF-A MM communication and all tests
are passing with the current changes.
We made the SCT test reports (part of the ACS results) public following the
latest Corstone-1000 platform software release. Please find the test
reports at [1].
[1]: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000/CORSTONE1000-2023.06/acs_results_fpga.zip
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Check the uuid_str_to_bin return value, skip the node
if the image-type-id property is wrong format.
Addresses-Coverity-ID: 463145 ("Error handling issues")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* If an error occurs in efi_disk_add_dev(), don't leak resources.
* If calloc() fails while creating the file system protocol interface,
signal an error.
* Rename efi_simple_file_system() to efi_create_simple_file_system().
* Drop a little helpful debug message.
Fixes: 2a92080d8c ("efi_loader: add file/filesys support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Handle out of memory situation in efi_mem_carve_out().
Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
On 32bit systems (pages << EFI_PAGE_SHIFT) may lead to an overflow which
does not occur in 64bit arithmetics.
An overflow of (pages << EFI_PAGE_SHIFT) on 64bit systems should be treated
as an error.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If the hard coded array hash_algo_list[] contains an entry for an
unsupported algorithm, we should not leak resources new_efi and regs.
We should still extend the log with the digests for the supported
algorithms and not write any message.
The same holds true of tcg2_create_digest(): just continue in case
hash_algo_list[] contains an unsupported entry.
Fixes: 163a0d7e2c ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Handle out of memory situation in efi_add_memory_map_pg().
Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The efi_parse_pkcs7_header() function returns NULL on error so the check
for IS_ERR() should be changed to a NULL check.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
While UPDATE_CAPSULE api is not fully implemented, this interface and
capsule-on-disk feature should behave in the same way, especially in
handling an empty capsule for fwu multibank, for future enhancement.
So move the guid check into efi_capsule_update_firmware().
Fixed: commit a6aafce494 ("efi_loader: use efi_update_capsule_firmware() for capsule on disk")
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It's pretty unlikely that anyone is going to be using EFI authentication
on a 32bit system. However, if you did, the efi_prepare_aligned_image()
function would write 8 bytes of data to the &efi_size variable and it
can only hold 4 bytes so that corrupts memory.
Fixes: 163a0d7e2c ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The EFI doesn't allow removal of handles, unless all hosted protocols
are cleanly removed. Our efi_delete_handle() is a bit intrusive.
Although it does try to delete protocols before removing a handle,
it doesn't care if that fails. Instead it only returns an error if the
handle is invalid. On top of that none of the callers of that function
check the return code.
So let's rewrite this in a way that fits the EFI spec better. Instead
of forcing the handle removal, gracefully uninstall all the handle
protocols. According to the EFI spec when the last protocol is removed
the handle will be deleted. Also switch all the callers and check the
return code. Some callers can't do anything useful apart from reporting
an error. The disk related functions on the other hand, can prevent a
medium that is being used by EFI from removal.
The only function that doesn't check the result is efi_delete_image().
But that function needs a bigger rework anyway, so we can clean it up in
the future
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Move the recursive dp_fill(dev->parent) call to a single location.
Determine uclass_id only once.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The UEFI specification does not provide node types matching UCLASS_BLKMAP,
UCLASS_HOST, UCLASS_VIRTIO block devices.
The current implementation uses VenHw() nodes with uclass specific GUIDs
and a single byte for the device number appended. This leads to unaligned
integers in succeeding device path nodes.
The current implementation fails to create unique device paths for block
devices based on other uclasses like UCLASS_PVBLOCK.
Let's use a VenHw() node with the U-Boot GUID with a length dividable by
four and encoding blkdesc->uclass_id as well as blkdesc->devnum.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This reverts commit d927d1a808, reversing
changes made to c07ad9520c.
These changes do not pass CI currently.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add MM communication support using FF-A transport
This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.
An MM shared buffer and a door bell event are used to exchange
the data.
The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.
The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).
On such event, MM SP can read the data and updates the MM shared
buffer with the response data.
The response data is copied back to the communication buffer and
consumed by the EFI subsystem.
MM communication protocol supports FF-A 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
On devices with multiple USB mass storage devices errors like
Path /../USB(0x0,0x0)/USB(0x1,0x0)/Ctrl(0x0)
already installed.
are seen. This is due to creating non-unique device paths. To uniquely
identify devices we must provide path nodes for all devices on the path
from the root device.
Add support for generating device path nodes for all uclasses.
Reported-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Do not assume that the preceding device path contains a single VenHW node.
Instead use the return value of dp_fill() which provides the address of the
next node.
Fixes: 23ad52fff4 ("efi_loader: device_path: support Sandbox's "host" devices")
Fixes: 19ecced71c ("efi_loader: device path for virtio block devices")
Fixes: 272ec6b453 ("efi_loader: device_path: support blkmap devices")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
A previous patch is removing the last consumer of efi_remove_protocol().
Switch that to static and treat it as an internal API in order to force
users install and remove protocols with the appropriate EFI functions.
It's worth noting that we still have files using efi_add_protocol(). We
should convert all these to efi_install_multiple_protocol_interfaces()
and treat efi_add_protocol() in a similar manner
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The TCG2 protocol currently adds and removes protocols with
efi_(add/remove)_protocol().
Removing protocols with efi_remove_protocol() might prove
problematic since it doesn't call DisconnectController() when
uninstalling the protocol and does not comply with the UEFI specification.
It's also beneficial for readability to have protocol installations and
removals in pairs -- IOW when efi_install_multiple_protocol_interfaces()
is called, efi_uninstall_multiple_protocol_interfaces() should be used to
remove it. So let's swap the efi_add_protocol() as well.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The call to efi_search_obj() is redundant as the function is called in
efi_search_protocol() too.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
U-Boot sets up the ACPI tables during startup. Rather than creating a
new set, install the existing ones. Create a memory-map record to cover
the tables.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Up to now we did not check the return value of DisconnectController.
A previous patch is fixing that taking into account what happened during
the controller disconnect. But that check takes place before our code
is trying to figure out if the interface exists to begin with. In case a
driver is not allowed to unbind -- e.g returning EFI_DEVICE_ERROR, we
will end up returning that error instead of EFI_NOT_FOUND.
Add an extra check on the top of the function to make sure the protocol
interface exists before trying to disconnect any drivers
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_uninstall_protocol() calls efi_disconnect_all_drivers() but never
checks the return value. Instead it tries to identify protocols that
are still open after closing the ones that were opened with
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL, EFI_OPEN_PROTOCOL_GET_PROTOCOL
and EFI_OPEN_PROTOCOL_TEST_PROTOCOL.
Instead of doing that, check the return value early and exit if
disconnecting the drivers failed. Also reconnect all the drivers of
a handle if protocols are still found on the handle after disconnecting
controllers and closing the remaining protocols.
While at it fix a memory leak and properly free the opened protocol
information when closing a protocol.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_disconnect_controller() doesn't reconnect drivers in case of
failure. Reconnect the disconnected drivers properly
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The boot variables automatically generated for removable medias
should be with short form of device path without device nodes.
This is a requirement for the case that a removable media is
plugged into a different port but is still able to work with the
existing boot variables.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Correct the return code for out-of-memory and no boot option found
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Rename and move bootorder and bootoption apis from cmd to lib
for re-use between eficonfig and bootmgr
Fix 'unexpected indentation' when 'make htmldocs' after functions
are moved
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Debian's arm64 UEFI Secure Boot shim makes the EFI variable store run
out of space while mirroring its MOK database to variables. This can be
observed in QEMU like so:
$ tools/buildman/buildman -o build/qemu_arm64 --boards=qemu_arm64 -w
$ cd build/qemu_arm64
$ curl -L -o debian.iso \
https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso
$ qemu-system-aarch64 \
-nographic -bios u-boot.bin \
-machine virt -cpu cortex-a53 -m 1G -smp 2 \
-drive if=virtio,file=debian.iso,index=0,format=raw,readonly=on,media=cdrom
[...]
=> # interrupt autoboot
=> env set -e -bs -nv -rt -guid 605dab50-e046-4300-abb6-3dd810dd8b23 SHIM_VERBOSE 1
=> boot
[...]
mok.c:296:mirror_one_esl() SetVariable("MokListXRT43", ... varsz=0x4C) = Out of Resources
mok.c:452:mirror_mok_db() esd:0x7DB92D20 adj:0x30
Failed to set MokListXRT: Out of Resources
mok.c:767:mirror_one_mok_variable() mirror_mok_db("MokListXRT", datasz=17328) returned Out of Resources
mok.c:812:mirror_one_mok_variable() returning Out of Resources
Could not create MokListXRT: Out of Resources
[...]
Welcome to GRUB!
This would normally be fine as shim would continue to run grubaa64.efi,
but shim's error handling code for this case has a bug [1] that causes a
synchronous abort on at least chromebook_kevin (but apparently not on
QEMU arm64).
Double the default variable store size so the variables fit. There is a
note about this value matching PcdFlashNvStorageVariableSize when
EFI_MM_COMM_TEE is enabled, so keep the old default in that case.
[1] https://github.com/rhboot/shim/pull/577
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The efi_var_mem_free() function calculates the available size for a new
EFI variable by subtracting the occupied buffer size and the overhead
for a new variable from the maximum buffer size set in Kconfig. This
is then returned as QueryVariableInfo()'s RemainingVariableStorageSize
output.
This can underflow as the calculation is done in and processed as
unsigned integer types. Check for underflow before doing the subtraction
and return zero if there's no space.
Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Instead of discovering the ID of the device and call two different
functions for a block device or a partition, we can rewrite
efi_disk_remove() and handle the minor differences between the two
variants internally. As a results we can simplify efi_disk_remove()
a lot and get rid of the extra efi_disk_delete_raw/blk calls.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If a handle is not found, return 0 to let the device be removed.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The FMP Payload Header which EDK II capsule generation scripts
insert has a firmware version.
This commit reads the lowest supported version stored in the
device tree, then check if the firmware version in FMP payload header
of the ongoing capsule is equal or greater than the
lowest supported version. If the firmware version is lower than
lowest supported version, capsule update will not be performed.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
This commit gets the lowest supported version from device tree,
then fills the lowest supported version in FMP->GetImageInfo().
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Current FMP->GetImageInfo() always return 0 for the firmware
version, user can not identify which firmware version is currently
running through the EFI interface.
This commit reads the "FmpStateXXXX" EFI variable, then fills the
firmware version in FMP->GetImageInfo().
Now FMP->GetImageInfo() and ESRT have the meaningful version number.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Firmware version management is not implemented in the current
FMP protocol.
EDK II reference implementation capsule generation script inserts
the FMP Payload Header right before the payload, FMP Payload Header
contains the firmware version and lowest supported version.
This commit utilizes the FMP Payload Header, reads the header and
stores the firmware version into "FmpStateXXXX" EFI non-volatile variable.
XXXX indicates the image index, since FMP protocol handles multiple
image indexes.
Note that lowest supported version included in the FMP Payload Header
is not used. If the platform uses file-based EFI variable storage,
it can be tampered. The file-based EFI variable storage is not the
right place to store the lowest supported version for anti-rollback
protection.
This change is compatible with the existing FMP implementation.
This change does not mandate the FMP Payload Header.
If no FMP Payload Header is found in the capsule file, fw_version,
lowest supported version, last attempt version and last attempt
status is 0 and this is the same behavior as existing FMP
implementation.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
The number of image array entries global variable is required
to support EFI capsule update. This information is exposed as a
num_image_type_guids variable, but this information
should be included in the efi_capsule_update_info structure.
This commit adds the num_images member in the
efi_capsule_update_info structure. All board files supporting
EFI capsule update are updated.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
part_get_info() may return an error code. Check it.
Update function description of dp_part_node().
Addresses-Coverity-ID: 184067 ("Unchecked return value")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
These files should have both 'always' and 'targets' so that dependencies
are detected correctly.
When only 'always' is used, the target is built every time, although I am
not quite sure why.
Make sure each has both 'always' and 'targets' to avoid this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
* When called from efi_dp_from_name() we miss to append the filename
for non-block devices.
* expand_media_path() could be simplified by using efi_dp_from_file to
prepend the device path of the boot device.
This can be avoided by passing a device path to efi_dp_from_file() instead
of a block device descriptor and a partition number.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* Improve variable name usage: Use pos instead of buf to indicate the
current position in a buffer.
* Avoid double assignment in a single code line.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_dp_from_name() has duplicate code to replace slash by backslash.
path_to_uefi() called by efi_dp_from_file() already does this.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
According to our coding style guide #ifdef should be avoided.
Use IS_ENABLED() instead.
Sort string comparisons alphabetically.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Executing an EFI binary fails for files loaded via semihosting.
Construct a dummy device path for EFI binaries loaded via semihosting.
A future complete solution may include the creation of a handle with a
simple file system protocol.
Reported-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
HandleProtocol() is deprecated and leaves an OpenedProtocolInformation
behind. Use OpenProtocol(GET_PROTOCOL) instead.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
HandleProtocol() is deprecated and leaves an OpenedProtocolInformation
behind. Use OpenProtocol(GET_PROTOCOL) instead.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Create a distinct EFI device path for each blkmap device.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Assigning the value of a variable to itself should be avoided.
Addresses-Coverity-ID: 451089 ("Evaluation order violation")
Fixes: 180b7118be ("efi_loader: fix device-path for USB devices")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We use short device-paths in boot options so that a file on a block device
can be found independent of the port into which the device is plugged.
Usb() device-path nodes only contain port and interface information and
therefore cannot identify a block device.
UsbWwi() device-path nodes contain the serial number of USB devices.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The incumbent function efi_alloc() is unused.
Replace dp_alloc() by a new function efi_alloc() that we can use more
widely.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI device paths for block devices must be unique. If a non-unique device
path is discovered, probing of the block device fails.
Currently we use UsbClass() device path nodes. As multiple devices may
have the same vendor and product id these are non-unique. Instead we
should use Usb() device path nodes. They include the USB port on the
parent hub. Hence they are unique.
A USB storage device may contain multiple logical units. These can be
modeled as Ctrl() nodes.
Reported-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* Add the definitions for Ctrl() device path nodes.
* Implement Ctrl() nodes in the device path to text protocol.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI device paths for block devices must be unique. If a non-unique device
path is discovered, probing of the block device fails.
Currently we use UsbClass() device path nodes. As multiple devices may
have the same vendor and product id these are non-unique. Instead we
should use Usb() device path nodes. They include the USB port on the
parent hub. Hence they are unique.
A USB storage device may contain multiple logical units. These can be
modeled as Ctrl() nodes.
Reported-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* Add the definitions for Ctrl() device path nodes.
* Implement Ctrl() nodes in the device path to text protocol.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add a function description.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
UEFI specification v2.10 says that
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and
EFI_UNSUPPORTED should be returned in SetVariable variable service.
Current implementation returns EFI_INVALID_PARAMETER,
let's fix the return value.
Together with above change, this commit also updates the SetVariable
attribute check to be aligned with the EDK2 reference implementation.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
A previous commit is adding a new tpm startup functions which
initializes the TPMv2 and performs all the needed selftests.
Since the TPM selftests might be needed depending on the requested
algorithm or functional module use that instead.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Adds CONFIG_EFI_CAPSULE_MAX to configure the max index value used in
EFI capsule reports. Prior to this change is the hard coded value was
65535 which would exceed available storage for variables. Now the
default value is 15 which should work fine with most systems.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Measures the DTB passed to the EFI application upon new boolean config
switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the
content of the DTB passed to the OS can change across reboots, there is
not point measuring it hence the config switch to allow platform to not
embed this feature.
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
QueryVariableInfo with EFI_VARIABLE_HARDWARE_ERROR_RECORD is
accepted, remove wrong attribute check.
Fixes: 454a9442fb ("efi_loader: update attribute check for QueryVariableInfo()")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Documentation:
* Provide page with links to talks on U-Boot
UEFI:
* Enable CTRL+S to save the boot order in eficonfig command
* Run attribute check for QueryVariableInfo() only for the file store
* Bug fixes
Others:
* Improve output formatting of the coninfo command
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmPme8EACgkQxIHbvCwF
GsTJ6RAAiDVG2OFTodxLFVhzxoorrIf/piMZDxtc1ClRxF7CPe5CET18bHp0hvvw
qKJW+dk3aCUSr+E1Ma9ndAHI+/mKmEXudZj/XuUyxlVhm9P8Fw2EQRGZFeogdp0v
/tMB8c7DjW5kTg39/U3z3F7qo6ifs1I8rGcxAhvU38iuOmmIai6AZH1cEq2P2zY9
JdHPzSCVz4TOGzmhJD3wxYMn+DjsLxIT0tggGPRJzXGaAdZdLS7cl/X52rabV/Tq
aJXhjpWNl7RUiNiQbKMtltbmkJQ2MpHkhLGDj2/3H2W5sbpIx0GwDs7r0GSKJ0Ba
6ycn5NBjP3C3gcl91oWJXrzux6LN2aWqe45lgOLpL2H2pPaRlDebBEdDA+oNQKoo
mqX8pMbLfpb3nhg/fOXo/YDZ5Uug42fmpjj3Vu5+imjq9jL+tr5lxZ2oDpsUyT51
MvQXohYTfsYNHQm7M4BzGIuA66WwCJ5TJ3D/YmwdDWPnCCN+QAUMI2/d8Osbct6W
OBGaoZQoRpPZV62+mrHloXW9j8sapcQfJGejdby7S1bxagF/KG/BLXGCWH/HdWCc
TsnW+bOOF4N9gIyyyu3yRfHyE7pIyszWlNwRAuPzjwG0dxEbkboA/JdLIFic3Qsj
fk/65FSvvAeOuvNYEgsEA5VYXJzhD4oNtcNQZHIHjhSTGKBrJF4=
=HVHT
-----END PGP SIGNATURE-----
Merge tag 'efi-2023-04-rc2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2023-04-rc2
Documentation:
* Provide page with links to talks on U-Boot
UEFI:
* Enable CTRL+S to save the boot order in eficonfig command
* Run attribute check for QueryVariableInfo() only for the file store
* Bug fixes
Others:
* Improve output formatting of the coninfo command
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 10 Feb 2023 12:15:45 PM EST
# gpg: using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4
# gpg: Good signature from "Heinrich Schuchardt <xypron.glpk@gmx.de>" [unknown]
# gpg: aka "[jpeg image of size 1389]" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7 6D33 C481 DBBC 2C05 1AC4
num_entries should be unsigned to avoid warnings. As the target field is
u16 we should use this type.
lib/efi_loader/efi_conformance.c: In function ‘efi_ecpt_register’:
lib/efi_loader/efi_conformance.c:30:33: warning:
conversion to ‘long unsigned int’ from ‘int’ may change
the sign of the result [-Wsign-conversion]
30 | ecpt_size = num_entries * sizeof(efi_guid_t)
| ^
lib/efi_loader/efi_conformance.c:46:36: warning:
conversion from ‘int’ to ‘u16’ {aka ‘short unsigned int’}
may change value [-Wconversion]
46 | ecpt->number_of_profiles = num_entries;
| ^~~~~~~~~~~
Fixes: 6b92c17352 ("efi: Create ECPT table")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In program initrddump.efi function get_load_options() can be static.
This avoids a warning when building with 'make W=1':
lib/efi_loader/initrddump.c:442:6: warning:
no previous prototype for ‘get_load_options’ [-Wmissing-prototypes]
442 | u16 *get_load_options(void)
| ^~~~~~~~~~~~~~~~
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Current U-Boot supports two EFI variable service, U-Boot own
implementation and op-tee based StMM variable service.
With ACS Security Interface Extension(SIE) v22.10_SIE_REL1.1.0,
there are several failure items of QueryVariableInfo().
Current attribute check for QueryVariableInfo() was implemented
based on the Self Certification Test (SCT) II Case Specification,
June 2017, chapter 4.1.4 QueryVariableInfo().
This test case specification is outdated and don't align at all
with the SCT test case code, and UEFI specification v2.10 does
not clearly define the priority of the attribute check.
For U-Boot standard case that EFI variables are stored in a file
in the ESP, this commit modifies the attribute check to get align
to the EDK2 implementation.
For latter case(op-tee based StMM variable service), parameter check
should be delegated to StMM.
Now all ACS SIE QueryVariableInfo() test cases passed both EFI variable
storage implementations.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_EFI_UNICODE_COLLATION_PROTOCOL2 defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_EFI_TCG2_PROTOCOL defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_EFI_LOADER_HII defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_EFI_DEVICE_PATH_UTIL defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
HandleProtocol() is deprecrated. According to the UEFI specification it
should be implemented as a call to OpenProtocolInterface() with a hard
coded agent handle. This implies that we would have to call
CloseProtocolInterfaces() after usage with the same handle.
Getting rid of an EFI_CALL() is also appreciated.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There is no variable num_pages in function efi_esrt_allocate_install().
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When this fails it can be time-consuming to debug. Add some debugging
to help with this. Also try to return error codes instead of just using
-1.
Signed-off-by: Simon Glass <sjg@chromium.org>
Currently the code that adds the CapsuleMax variable is under a
Kconfig named 'EFI_HAVE_CAPSULE_UPDATE. Git history only shows a
single occurrence of that. The IS_ENABLED should be checking for
EFI_HAVE_CAPSULE_SUPPORT
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
"Unable to find TPMv2 device" doesn't explain much with regards to the
error origin. Update it to match what we have in the RNG protocol
installation.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently file ubootefi.var is only created if the user sets a non-volatile
EFI variable. If the file is missing, a warning is written.
With the change PlatformLang is always persisted. So the file will exist on
second boot.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Before clearing the screen, ensure that no previous output of firmware
or UEFI programs will be overwritten on serial devices or other
streaming consoles. This helps generating complete boot logs.
Tested regarding multi-output against qemu-x86_defconfig. Still, there
were remaining concerns about side effects, so this is provided as an
opt-in feature.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Ensures a consistent background color of the whole screen for succeeding
outputs as both demanded by the spec and implemented in EDK2 as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmPIpV4RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZuqwgA0UpYQEX6/MegzHSCIx3AMT4rCF1Ytitr
LS4Cbvj1Q09Rt9jriW7wAV5AobVPwGf2L5SVcnWv2I9+MmypDIXEe8HIrt2fRFu9
bzn/2GOzXczuXqPFa/CWOUwjvCzTb8Sl9NtRszrP5NvOzuN15x00ZUYaXFO7fgsB
zZMzOKxemwjdtLaox+x+VIJ95HMDEkYrWTAqTPg74CNVSjRbbLNqNq0zqkHB8SnH
ubgphtIKYItTeIXcfIa9V4LeQp0ZitkzSfAibX+nIPCMPg9jbG9MrQQ+VvSZDjnM
y8wa8gFj47Ek+gGNFXMHIpO6tBd83uHRgtf2x+zhcovLELYnZ6fDGw==
=1K6m
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-18jan23' of https://source.denx.de/u-boot/custodians/u-boot-dm
convert rockchip to use binman
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
The event framework is just that, a framework. Enabling it by itself
does nothing, so we shouldn't ask the user about it. Reword (and correct
typos) around this the option and help text. This also applies to
DM_EVENT and EVENT_DYNAMIC. Only EVENT_DEBUG and CMD_EVENT should be
visible to the user to select, when EVENT is selected.
With this, it's time to address the larger problems. When functionality
uses events, typically via EVENT_SPY, the appropriate framework then
must be select'd and NOT imply'd. As the functionality will cease to
work (and so, platforms will fail to boot) this is non-optional and
where select is appropriate. Audit the current users of EVENT_SPY to
have a more fine-grained approach to select'ing the framework where
used. Also ensure the current users of event_register and also select
EVENT_DYNAMIC.
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reported-by: Oliver Graute <Oliver.Graute@kococonnector.com>
Reported-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Fixes: 7fe32b3442 ("event: Convert arch_cpu_init_dm() to use events")
Fixes: 42fdcebf85 ("event: Convert misc_init_f() to use events")
Fixes: c5ef202557 ("dm: fix DM_EVENT dependencies")
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Fabio Estevam <festevam@denx.de>
In efi_disk_add_dev() we have to open protocols with BY_DRIVER and
BY_CHILD_CONTROLLER. Provide the handle of the EFI block driver. The actual
usage of the value will follow in a later patch.
Change function descriptions to Sphinx style.
Remove a TODO: tag.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
As per the EFI specification, the HII database protocol function
set_keyboard_layout() must return EFI_INVALID_PARAMETER when it is called
with a NULL key_guid argument. Modify the function accordingly to improve
conformance.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
After calling EFI_ENTRY we have to call EFI_EXIT before returning.
Add a missing EFI_EXIT().
Fixes: 1ccf87165e ("efi_loader: Enable RISCV_EFI_BOOT_PROTOCOL support")
Reported-by: Dave Jones <dave.jones@canonical.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
The fields ConsoleInHandle, ConsoleOutHandle, ConsoleErrHandle must point
to the handles with the respective console protocols. Failure to do so
leads to an error in the EFI Shell:
No SimpleTextInputEx was found. CTRL-based features are not usable.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Up to now we only compared the first letter of the capsule name to sort
them alphabetically. Properly sort by the Unicode alphabet.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When the efi subsystem starts we restore variables that are both in a
file or stored into the .efi_runtime section of U-Boot. However once
a variable gets created or changed the preseeded entries will end up in
the file. As a consequence on the next boot we will end up adding
identical variable entries twice.
Fix this by checking if the to be inserted variable already exists.
Also swap the restoration order and start with the file instead of the
builtin variables, so a user can replace the preseeded ones if needed.
Tested-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It is volatile variables that we do not allow to be restored from file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When the HII protocol function get_package_list_handle() is called with an
invalid package list handle, it returns EFI_NOT_FOUND but this is not in
its list of possible status codes as per the EFI specification.
Return EFI_INVALID_PARAMETER instead to fix conformance.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The VariableNameSize parameter is in bytes but u16_strnlen() counts u16.
Fix the parameter check for null termination.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To retrieve the EFI variable name by efi_get_next_variable_name_int(),
the sequence of alloc -> efi_get_next_variable_name_int ->
realloc -> efi_get_next_variable_name_int is required.
In current code, this sequence repeatedly appears in
the several functions. It should be curved out a common function.
This commit also fixes the missing free() of var_name16
in eficonfig_delete_invalid_boot_option().
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The EFI Conformance Profile Table entry for EBBR appears in v2.1.0 of the
EBBR specification[1]. Update naming accordingly.
While at it, update the EBBR version referenced in the documentation.
[1]: https://github.com/ARM-software/ebbr/releases/tag/v2.1.0
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Some commands need to enumerate the existing UEFI load
option variable("Boot####"). This commit transfers some code
from cmd/efidebug.c to lib/efi_loder/, then exposes
efi_varname_is_load_option() function to check whether
the UEFI variable name is "Boot####".
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI_LOADER_DATA/CODE is reserved for EFI applications.
Memory allocated by U-Boot for internal usage should be
EFI_BOOT_SERVICES_DATA or _CODE or EFI_RUNTIME_SERVICES_DATA or _CODE.
Reported-by: François-Frédéric Ozog <ff@ozog.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: François-Frédéric Ozog <ff@ozog.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The dhcp command may be executed after the first UEFI command.
We should still update the EFI_PXE_BASE_CODE_PROTOCOL.
Don't leak content of prior acknowledge packages.
Handle failing allocation when calling malloc().
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Provide an EFI binary that prints the boot hart ID as found in the
device-tree as /chosen/boot-hartid property and as provided by the
RISCV_EFI_BOOT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Negative index in efi_unicode_collation.c:262.
The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.
Fixes: 0bc4b0da7b ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Heinrich reports that on RISC-V unaligned access is emulated by OpenSBI
which is very slow. Performance wise it's better if we skip the calls
to u16_strdup() -- which in turn calls u16_strsize() and just allocate/copy the
memory directly. The access to dp.length may still be unaligned, but that's
way less than what u16_strsize() would do
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use malloc() instead of calloc().
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Closing the files uses the EFI protocol and specifically it's .close
callback. This needs to be wrapped on an EFI_CALL()
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
UEFI specification requires pointers that are passed to protocol member
functions to be aligned. There's a u16_strdup in that function which
doesn't make sense otherwise Add a comment so no one removes it
accidentally
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a description of the function's logic.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If the va_list we got handed over contains no protocols we must return
EFI_SUCCESS. However in that case the current code just returns
an unintialized value.
Fix that by setting the return value in the variable definition
Addresses-Coverity: CID 376195: ("Uninitialized variables (UNINIT)")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Update the sandbox implementation to use UCLASS_HOST and adjust all
the pieces to continue to work:
- Update the 'host' command to use the new API
- Replace various uses of UCLASS_ROOT with UCLASS_HOST
- Disable test_eficonfig since it doesn't work (this should have a unit
test to allow this to be debugged)
- Update the blk test to use the new API
- Drop the old header file
Unfortunately it does not seem to be possible to split this change up
further.
Signed-off-by: Simon Glass <sjg@chromium.org>
AllocatePages() can be called with Type=AllocateAddress. Such a call can
only succeed if *Memory points to the address of an unallocated page range.
A call with *Memory being an address that is not page aligned must not
succeed. The UEFI specification requires returning EFI_OUT_OF_RESOURCES
if the requested pages cannot be allocated.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Variable efi_system_partition holds the efi_system_partition. Currently it
is initialized as:
{
.uclass_id = 0 = UCLASS_ROOT,
.denum = 0,
.part = 0,
}
This indicates that host 0:0 is the efi_system_partition and we see output
like:
=> bootefi hello
** Bad device specification host 0 **
Couldn't find partition host 0:0
To identify that no EFI system partition has been set use UCLASS_INVALID.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Since the commit a9bf024b29 ("efi_loader: disk: a helper function to
create efi_disk objects from udevice"), CONFIG_EFI_SETUP_EARLY option is
by default on and will never be turned off.
So just remove this option.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CONFIG_NET does not imply that there are actually network devices
available, only CONFIG_NETDEVICES does. Changing to this dependency
obsoletes the check in Kconfig because NETDEVICES means DM_ETH.
Fixes: 0efe1bcf5c ("efi_loader: Add network access support")
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.
At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use the uclass type as the first part of the function name, to be
consistent with the methods in other block drivers.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
This relies on the old LCD implementation which is to be removed. Drop the
existing #ifdef and convert it to C code.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is a number of users that use uclass_first_device to access the
first and (assumed) only device in uclass.
Some check the return value of uclass_first_device and also that a
device was returned which is exactly what uclass_first_device_err does.
Some are not checking that a device was returned and can potentially
crash if no device exists in the uclass. Finally there is one that
returns NULL on error either way.
Convert all of these to use uclass_first_device_err instead, the return
value will be removed from uclass_first_device in a later patch.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Loadfile2 code is installing two protocols on it's own handle
and uses efi_delete_handle() to clean it up on failure(s). However
commit 05c4c9e21a ("efi_loader: define internal implementations of
install/uninstallmultiple") prepares the ground for us to clean up
efi_delete_handle() used in favor of Install/UninstallMultipleProtocol.
While at it clean up the non needed void casts to (void *) on the
protolcol installation.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Make it clearer why InstallMultipleProtocolInterfaces is invoked with two
NULLs:
* rename guid to esp_guid
* put protocol GUIDs and the related interfaces on same lines
* add comment
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* Replace the OpenProtocol() call by efi_search_protocol().
* Remove the CloseProtocol() call.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Allow avoiding using EFI_CALL() when closing a protocol by providing an
internal function.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The CloseProtocol() boot service requires a handle as first argument.
Passing the protocol interface is incorrect.
CloseProtocol() only has an effect if called with a non-zero value for
agent_handle. HandleProtocol() uses an opaque agent_handle when invoking
OpenProtocol() (currently NULL). Therefore HandleProtocol() should be
avoided.
* Replace the LocateHandle() call by efi_search_protocol().
* Remove the CloseProtocol() call.
Fixes: 8d99026f06 ("efi_loader: capsule: support firmware update")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The CloseProtocol() boot service requires a handle as first argument.
Passing the protocol interface is incorrect.
CloseProtocol() only has an effect if called with a non-zero value for
agent_handle. HandleProtocol() uses an opaque agent_handle when invoking
OpenProtocol() (currently NULL). Therefore HandleProtocol() should be
avoided.
* Replace the LocateHandle() call by efi_search_protocol().
* Remove the CloseProtocol() call.
* Remove a superfluous goto.
Fixes: ce3dbc5d08 ("efi_loader: add UEFI GPT measurement")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
part is unsigned. So it must be printed with %u.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
A following patch is cleaning up the core EFI code trying to remove
sequences of efi_create_handle, efi_add_protocol.
Although this works fine there's a problem with the latter since it is
usually combined with efi_delete_handle() which blindly removes all
protocols on a handle and deletes the handle. We should try to adhere to
the EFI spec which only deletes a handle if the last instance of a protocol
has been removed. Another problem is that efi_delete_handle() never checks
for opened protocols, but the EFI spec defines that the caller is
responsible for ensuring that there are no references to a protocol
interface that is going to be removed.
So let's fix this by replacing all callsites of
efi_create_handle(), efi_add_protocol() , efi_delete_handle() with
Install/UninstallMultipleProtocol.
In order to do that redefine functions that can be used by the U-Boot
proper internally and add '_ext' variants that will be used from the
EFI API
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the registration of events for the addition and removal of block
devices to the block device driver. Here we can add a reference to the
EFI Driver Binding protocol as context.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
For handling added and removed block devices we need to register events
which has to be done when the driver is installed.
This patch only creates an empty init function that will be filled with
code later on. The function needs to be called before any EFI block devices
are used. Move the efi_driver_init() call to early init.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When deleting a device or a handle we must remove the link between the two
to avoid dangling references.
Provide function efi_unlink_dev() for this purpose.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
dp_alloc() may return NULL. This needs to be caught.
Fixes: 98d48bdf41 ("efi_loader: provide a function to create a partition node")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
We currently have an if_type (interface type) and a uclass id. These are
closely related and we don't need to have both.
Drop the if_type values and use the uclass ones instead.
Maintain the existing, subtle, one-way conversion between UCLASS_USB and
UCLASS_MASS_STORAGE for now, and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
efi_set_blk_dev_to_system_partition() assumes that 0 is an invalid
if_type. This is true now but is about to be false. Fix this bug to avoid
a test failure.
Signed-off-by: Simon Glass <sjg@chromium.org>
Selecting this option can be handled in the Kconfig option itself, as it
is with BLK. Update this an drop the various 'select' clauses.
Signed-off-by: Simon Glass <sjg@chromium.org>
This option is fact really related to SPL. For U-Boot proper we always use
driver model for block devices, so CONFIG_BLK is enabled if block devices
are in use.
It is only for SPL that we have two cases:
- SPL_BLK is enabled, in which case we use driver model and blk-uclass.c
- SPL_BLK is not enabled, in which case (if we need block devices) we must
use blk_legacy.c
Rename the symbol to SPL_LEGACY_BLOCK to make this clear. This is
different enough from BLK and SPL_BLK that there should be no confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
UEFI specification requires booting from removal media using
a architecture-specific default image name such as BOOTAA64.EFI.
This commit adds the removable media entries into bootmenu,
so that user can select the removable media and boot with
default image.
The bootmenu automatically enumerates the possible bootable
media devices supporting EFI_SIMPLE_FILE_SYSTEM_PROTOCOL,
add it as new UEFI boot option(BOOT####) and update BootOrder
variable. This automatically generated UEFI boot option
has the dedicated guid in the optional_data to distinguish it from
the UEFI boot option user adds manually. This optional_data is
removed when the efi bootmgr loads the selected UEFI boot option.
This commit also provides the BOOT#### variable maintenance feature.
Depending on the system hardware setup, some devices
may not exist at a later system boot, so bootmenu checks the
available device in each bootmenu invocation and automatically
removes the BOOT#### variable corrensponding to the non-existent
media device.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
This commit add the "eficonfig" command.
The "eficonfig" command implements the menu-driven UEFI boot option
maintenance feature. This commit implements the addition of
new boot option. User can select the block device volume having
efi_simple_file_system_protocol and select the file corresponding
to the Boot#### variable. User can also enter the description and
optional_data of the BOOT#### variable in utf8.
This commit adds "include/efi_config.h", it contains the common
definition to be used from other menus such as UEFI Secure Boot
key management.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change efi_delete_handle() to not free EFI handles twice.
This change tries to resolved an issue seen since U-Boot v2022.07
in which ExitBootService() attempts to release some EFI handles twice.
The issue was seen booting a EFI shell that invokes 'connect -r' and
then boots a Linux kernel. Execution of connect command makes EFI
subsystem to bind a block device for each root block devices EFI handles.
However these EFI device handles are already bound to a driver and we
can have 2 registered devices relating to the same EFI handler. On
ExitBootService(), the loop removing the devices makes these EFI handles
to be released twice which corrupts memory.
This patch prevents the memory release operation caused by the issue but
but does not resolve the underlying problem.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Add log message.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
UEFI specification 2.9A requires to display the EUI-64 "in hexadecimal
format with byte 7 first (i.e., on the left) and byte 0 last".
This is in contrast to what the NVMe specification wants.
But it is what EDK II has been implementing.
Here is an example with the patch applied:
qemu-system-aarch64 -machine virt -cpu cortex-a72 -nographic \
-bios denx/u-boot.bin \
-device nvme,id=nvme1,serial=9ff81223 \
-device nvme-ns,bus=nvme1,drive=nvme1n0,eui64=0x123456789ABCDEF0 \
-drive file=arm64.img,if=none,format=raw,id=nvme1n0
=> nvme scan
=> efidebug devices
Device Path
====================
/VenHw(…)/NVMe(0x1,f0-de-bc-9a-78-56-34-12)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Display the EBBRv2.0 conformance in the ECPT table.
The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
https://bugzilla.tianocore.org/show_bug.cgi?id=3591
The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.
The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In the extended text input protocol support input of control letters
0x1c - 0x1f.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We cannot expect the buffers passed to the input protocols to be zero
filled. If only modifier keys are pressed, we have to return EFI_NOT_READY
but we still have to fill the key structure.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We need to support multiple digits in the parts of the UEFI verision
number. E.g.
EFI_SPECIFICATION_VERSION = (123 << 16) | 456
must be printed as
123.45.6
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Only probed block devices are available in the UEFI sub-system. Multiple
block devices may be involved in the boot process. So we have to make sure
that all block devices are probed. Another reason is that we store UEFI
variables on the ESP which may be on any block device.
On the sandbox before the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
After the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0)
000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)
000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1)
000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1)
000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2)
000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The field, ifname, in efi_disk_obj is set but never used anywhere.
Just remove it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This is a preparation patch to provide the unified method
to access udevice pointer associated with the EFI handle
by adding udevice pointer into struct efi_object.
The patch also introduces a helper function efi_link_dev()
to link the udevice and EFI handle.
The EFI handles of both EFI block io driver implemented in
lib/efi_loader/efi_disk.c and EFI block io driver implemented
as EFI payload can access the udevice pointer in the struct efi_object.
We can use this udevice pointer to get the U-Boot friendly
block device name(e.g. mmc 0:1, nvme 0:1) through EFI handle.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Ensure that the string we convert to UTF-16 is NUL terminated even
if the device path only contains end nodes.
Fixes: bd3d75bb0c ("efi_loader: multi part device paths to text")
Addresses-Coverity: 350434 ("Uninitialized scalar variable")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <sjg@chromium.org>
Due to U-Boot's lazy binding the RNG presented by the TCG is not available
until the EFI_TCG2 protocol has been initialized. Since the TPM has a
built-in RNG device we can use for the OS randomization, move the RNG
protocol installation after the TCG.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit exposes the END device path node.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function is used to calculate a message digest as part of
authentication process in a later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.
Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.
This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.
Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.
So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.
ex: loadm $kernel_addr $kernel_addr_r $kernel_size
with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
If CONFIG_VIDEO_DM=n we query the display size from the serial console.
Especially when using a remote console the response can be so late that
it interferes with autoboot.
Only query the console size when running an EFI binary.
Add debug output showing the determined console size.
Reported-by: Fabio Estevam <festevam@gmail.com>
Fixes: a57ad20d07 ("efi_loader: split efi_init_obj_list() into two stages")
Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Fabio Estevam <festevam@denx.de>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
