Provide a trivial implementation of sntp_format_time() to fix a build
error when CONFIG_LWIP_DEBUG=y:
lib/lwip/lwip/src/apps/sntp/sntp.c: In function ‘sntp_format_time’:
lib/lwip/lwip/src/apps/sntp/sntp.c:283:10: error: implicit declaration of function ‘ctime’ [-Werror=implicit-function-declaration]
283 | return ctime(&ut);
| ^~~~~
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
The UEFI 2.11 specification, chapter 23.1.3 requires
EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo() to return
EFI_INVALID_PARAMETER if *ImageInfoSize is not too small
and ImageInfo is NULL.
Fixes: f27c20148511 ("efi_loader: add firmware management protocol for FIT image")
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The code foresees that parameters descriptor_size and descriptor_count
might be NULL and then dereferences them without further check.
The size check must take into account the descriptor count.
ImageInfo might be NULL. In this case we must not dereference it.
Fixes: 4ac6041c3cbf ("efi: ESRT creation tests")
Addresses-Coverity-ID: CID 569497: Null pointer dereferences (FORWARD_NULL)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
With the current code we allocate to little memory when adding entries to
the EFI_DEBUG_INFO_TABLE and we fail to correctly move entries when an
entry is removed.
EFI_DEBUG_TABLE_ENTRY_SIZE must be the size of an entry in the
EFI_DEBUG_INFO_TABLE, not the size of a pointer.
Fixes: 146546138af5 ("efi: add EFI_DEBUG_IMAGE_INFO for debug")
Addresses-Coverity-ID: CID 569498: Code maintainability issues (SIZEOF_MISMATCH)
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Enhance the debug support unit test.
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Create a Kconfig which indicates that EFI functionality is in use,
either as a client (EFI app / stub) or provider (EFI loader). This will
make it easier to share code between these two parts of U-Boot
Signed-off-by: Simon Glass <sjg@chromium.org>
The generic name 'EFI' would be more useful for common EFI features. At
present it just refers to the EFI app and stub, which is confusing.
Rename it to EFI_CLIENT
Signed-off-by: Simon Glass <sjg@chromium.org>
This directory was created when U-Boot gained the ability to run as an
EFI app in 2015. Since then the EFI-loader feature has been added.
The code in lib/efi is not actually used by the loader, so the name is
confusing.
Rename the directory to efi_client to indicate that it includes files
just for U-Boot being a client of EFI, i.e. the EFI app and stub.
Signed-off-by: Simon Glass <sjg@chromium.org>
PRAM usage is not taken into account when reserving lmb for ARM
architecture, this means that predefined PRAM region is marked as
reserved by the architecture and cannot be used by other users.
Signed-off-by: Holger Brunck <holger.brunck@hitachienergy.com>
Fix a segmentation fault in the ECDSA signing logic of `mkimage`
that occurs when the "-r" option is not specified.
This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if
`info->require_keys` is non-null before passing it to
`fdt_setprop_string()`.
Signed-off-by: Lucas Dietrich <lucas.dietrich.git@proton.me>
The object= part matches against the label that the pkcs11 token uses
for that object, but in some cases, specifically with a Yubikey using
ykcs11, where the keys have been imported, the labels differ between the
private and public keys [1], making the object= matching useless. These
keys will have the same id however, so matching against that works for
both the private and public part.
[1]: https://github.com/Yubico/yubico-piv-tool/blob/master/doc/YKCS11/Functions_and_values.adoc#key-alias-per-slot-and-object-type
Signed-off-by: Tobias Olausson <tobias@eub.se>
Enable IP_FRAG and IP_REASSEMBLY to allow packets larger than MTU.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a test application to dump the EFI_DEBUG_IMAGE_INFO_TABLE
as implemented in EDK II.
EFI_DEBUG_IMAGE_INFO is not packed in contrast to many other EFI
structures.
As of today EDK II when removing an entry in the EfiDebugImageInfoTable
just sets NormalImage = NULL but does not compact the array. So
TableSize reflects the number of non-NULL entries and not the array
size as reported independently in
https://github.com/tianocore/edk2/pull/11013 and
https://github.com/tianocore/edk2/pull/11019.
The current implementation tolerates this deviation from the UEFI
specification.
This is what the output may look like:
Debug Info Table Dump
=====================
=> dump
Modified
Number of entries: 0x0000004a
Info type 0x00000001
Address: [0x000000008315a000, 0x00000000831bafff]
File: FvFile(D6A2CB7F-6A18-4E2F-B43B-9920A733700A)
Handle: 0x000000017fe3cb18
...
Info type 0x00000001
Address: [0x000000017e8db000, 0x000000017ea00f3f]
File: FvFile(7C04A583-9E3E-4F1C-AD65-E05268D0B4D1)
Handle: 0x000000017f358e98
Info type 0x00000001
Address: [0x000000017eae5000, 0x000000017eae81ff]
File: \dbginfodump.efi
Handle: 0x000000017eaf0298
=>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add selftest to check the installed configuration table that has
the correct GUID.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit adds the functionality of generate EFI_DEBUG_IMAGE_INFO
while loading the image.
This feature is described in UEFI Spec 2.10. Section 18.4.3.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover the load
address of an EFI application.
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add efi_realloc() for realloc memory that previously alloc by efi_alloc().
Note that if realloced memory is explicitly allocated as BootServicesData.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI_DEBUG_IMAGE_INFO_TABLE is used to store EFI_LOADED_IMAGE for
debug purpose. This commit adds the table to the EFI_CONFIGURATION_TABLE.
This feature is described in UEFI Spec version 2.10. Section 18.4.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover and interact
with system-level debug resources.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add EFI_SYSTEM_TABLE_POINTER structure for remote debugger to locate
the address of EFI_SYSTEM_TABLE.
This feature is described in UEFI SPEC version 2.10. Section 18.4.2.
The implementation ensures support for hardware-assisted debugging and
provides a standardized mechanism for debuggers to discover the EFI
system table.
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> # change memset(systab_pointer, 0 ...) -> systab_pointer->crc32 = 0;
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Taking a goto to out_of_resources before receive_lengths is assigned
will result in an attempt to free an unitialised pointer. Instead
initialise receive_lengths to NULL on declaration to prevent this from
occurring.
This issue was found by Smatch.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If phandler is returned as NULL from efi_search_protocol then
protocol_interface is never assigned to. Instead return
EFI_UNSUPPORTED as per the spec.
This issue found by Smatch.
Also eliminate the use of the variable protocol_interface as it is not
needed.
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Taking the first goto error: in file_open could either result in an
attempt to dereference fh when NULL or else free fh->path which has
not been assigned to and so will be unknown. Avoid both of these
problems by passing path to free instead of fh->path.
This issue found by Smatch.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Test the EFI_PARTITION_INFO_PROTOCOL in the existing EFI_BLOCK_IO_PROTOCOL
unit test. It is fairly basic, since it only checks that the values of the
struct efi_partition_info .revision, .type and .system fields are correct.
It doesn't check the MBR partition record information, because that's not
supported by the EFI_PARTITION_INFO_PROTOCOL implementation yet. The test
can be extended once the support is implemented, or if the in-memory disk
image used for the test is modified to have a GPT partition type instead.
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The UEFI 2.10 specification mentions that this protocol shall be installed
along with EFI_BLOCK_IO_PROTOCOL. It provides cached partition information
for MBR and GPT partition types.
This patch just implements support for GPT partition types. The legacy MBR
partition types is only needed for backward compatibility and can be added
as a follow-up if needed, to make it fully compliant with the EFI spec.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Now that the enum includes TPM2_ALG_INVAL, use that name in the
code.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This variable might end up being uninitialized if we exit early.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch adds support for parsing ECDSA public keys from the device tree
blob (FDT) under the `/signature` node. The public key is expected to be
defined using:
- ecdsa,curve (e.g., "prime256v1", "secp384r1")
- ecdsa,x-point
- ecdsa,y-point
The implementation introduces:
- struct ecdsa_public_key to hold parsed key fields
- fdt_get_key() to parse the curve and coordinates from the FDT
- read_key_from_fdt() to convert the parsed values into an OpenSSL EC_KEY
- load_key_from_fdt() to support loading keys using required_keynode,
keyname hint, or fallback to scanning all subnodes under "/signature".
If "info->fdt_blob" is provided, the key is loaded from the FDT. Otherwise,
the code falls back to loading a PEM-formatted key from file as before.
This allows for ECDSA signature verification where the public key is
embedded in the FIT image device tree, useful for systems that require
signature validation without external files.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Sughosh Ganu <sughosh.ganu@linaro.org> says:
The LMB module has a bunch for API's which are used for allocating
memory. There are a couple of API's for requesting memory, and two
more for reserving regions of memory. Replace these different API's
with a single one, lmb_alloc_mem(). The type of allocation to be made
is specified through one of the parameters to the function.
Additionally, the two API's for reserving regions of memory,
lmb_reserve() and lmb_alloc_addr() are the same with one
difference. One can reserve any memory region with lmb_reserve(),
while lmb_alloc_addr() actually checks that the memory region being
requested is part of the LMB memory map. Reserving memory that is not
part of the LMB memory map is pretty futile -- the allocation
functions do not allocate memory which has not been added to the LMB
memory map.
This series also removes the functionality allowing for reserving
memory regions outside the LMB memory map. Any request for reserving a
region of memory outside the LMB memory map now returns an -EINVAL
error.
Certain places in the common code using the LMB API's were not
checking the return value of the functions. Checks have been added for
them. There are some calls being made from the architecture/platform
specific code which too do not check the return value. Those have been
kept the same, as I do not have the platform with me to check if it
causes any issues on those platforms.
In addition, there is a patch which refactors code in
lmb_overlaps_region() and lmb_can_reserve_region() so that both
functionalities can be put in a single function, lmb_overlap_checks().
Finally, a new patch has been added which checks the return value of
the lmb allocation function before copying the device-tree to the
allocated address.
Link: https://lore.kernel.org/r/20250617104346.1379981-1-sughosh.ganu@linaro.org
[trini: Rework arch/arm/mach-snapdragon/board.c merge]
Signed-off-by: Tom Rini <trini@konsulko.com>
The functions that handle allocation requests check if a region of
memory overlaps with a used region. This is done through
lmb_overlaps_region(). Similar checks are done for reservation
requests made to the LMB module, where the caller asks specifically
for a particular region of memory. These checks are being done through
lmb_can_reserve_region().
There are subtle differences in the checking needed for allocation
requests, as against reservation requests. In the former, it is only
needed to be checked if a region is overlapping with an existing
used region, and return as soon as an overlap is found. For
reservation request checks, because U-Boot allows for re-use of in-use
regions with a particular memory attribute, this check has to iterate
through all the regions that might overlap with the requested region,
and then check that the necessary conditions are met to allow for the
overlap.
Combine these two checks in a single function, lmb_overlap_checks() as
both lmb_overlaps_region() and lmb_can_reserve_region() are pretty
similar otherwise.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There is no need to have two separate API's for freeing up memory. Use
a single API lmb_free() to achieve this.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lmb_add_memory() is only called from the lmb module. Mark the function
as static.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There currently are two API's for requesting memory from the LMB
module, lmb_alloc() and lmb_alloc_base(). The function which does the
actual allocation is the same. Use the earlier introduced API
lmb_alloc_mem() for both types of allocation requests.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
There currently are multiple allocation API's in the LMB module. There
are a couple of API's for allocating memory(lmb_alloc() and
lmb_alloc_base()), and then there are two for requesting a reservation
for a particular memory region (lmb_reserve() and
lmb_alloc_addr()). Introduce a single API lmb_alloc_mem() which will
cater to all types of allocation requests and replace lmb_reserve()
and lmb_alloc_addr() with the new API.
Moreover, the lmb_reserve() API is pretty similar to the
lmb_alloc_addr() API, with the one difference being that the
lmb_reserve() API allows for reserving any address passed to it --
the address need not be part of the LMB memory map. The
lmb_alloc_addr() does check that the address being requested is
actually part of the LMB memory map.
There is no need to support reserving memory regions which are outside
the LMB memory map. Remove the lmb_reserve() API functionality and use
the functionality provided by lmb_alloc_addr() instead. The
lmb_alloc_addr() will check if the requested address is part of the
LMB memory map and return an error if not.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmhZtLAACgkQFHw5/5Y0
tyyl/gv+LLsF/PdBp93gXaUVFQwh3lrAWltjK6n+gKDpIazlX8Ajiu2tFBzYgBdP
JNp3PsHJ8ER/GpU4nG/13KfWg8c4CGvAqY0zLxKufMckBdZAE5EwztvSNzZKZA6f
5FQCecidpwlWBNZRWVbxAAtl83nGBwUmgPAoxDBv4I7DQBJD7mJfzxVnWZuwSioP
ix3aingjRSIUpldHR5IAQfEmnPPfv7IS6EYb2lOoV22WtTfnF6bpteR/2OUxnW6z
YxXHaZrDkIfE+gXYOQu5Tau8R0ca4l+ws8GaocTD9VVCDem8JU7b0GCfoXg+ry2Q
dLYuROREeiXEi14I6arZznpPQM8iIAeDOy0w5b3qXbav0+GWB4rmJKLMniD5JT2r
r8Kle/QeagILMVPOaUVgjmkEnft4thD14ipvr8kUCurUh1VtFYWTGzKVS47yHaxY
I1zQaz1NNdtyQNWO/Nwbs+88C7v8q7DeLIIjUt2/J01Bu8ouf2WyfG04iBeZOitt
CxBZ++2z
=e4ez
-----END PGP SIGNATURE-----
Merge tag 'v2025.07-rc5' into next
Prepare v2025.07-rc5
With this merge, tighten up the LTO_FLAGS removal we added to not
trigger on ARMv7 (which is Thumb-2 and should be fine).
The symbol TOOLS_IMAGE_PRE_LOAD doesn't depend on TOOLS_LIBCRYPTO.
If we choose to build tools without openssl, rsa_verify_openssl()
will attempt to call the unavailable openssl library functions.
Fixes: 942c8c8e6697 ("rsa: Add rsa_verify_openssl() to use openssl for host builds")
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Add support of optional shortname for parameter 'type' of gpt
command (limited by UUID_STR_LEN) and a separate 'description'
for UID format "%pUs" used in 'part list' output.
When 'description' is absent in list_guid[], the optional
shortname is used as fallback.
Many partition types for EFI have no shortcut yet, but only
description as they are only used to display information.
This patch also restores the "system" as short name for EFI
System Partition (ESP).
Fixes: d54e1004b8b1 ("lib/uuid.c: use unique name for PARTITION_SYSTEM_GUID")
Tested-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
E Shattow <e@freeshell.de> says:
Make consistent use of lowercase hexadecimal prefix '0x' throughout U-Boot.
There are a few remaining uses of uppercase 'X' to denote hexadecimal prefix
or placeholder in documentation and error messages.
External devicetree-rebasing dts/upstream and the generated code of
xilinx/zynq are ignored for the series.
Link: https://lore.kernel.org/r/20250606224558.1117422-1-e@freeshell.de
Rasmus Villemoes <ravi@prevas.dk> says:
There's really no reason for the gd pointer to have the volatile
qualifier.
In fact, I claim that it's completely unnecessary and just pessimizes
code generation and forces ugly casts in lots of places. For example,
see the casts in drivers/core/tag.c where elements are added to
gd->dm_taglist, or a helper such as cyclic_get_list() that should not
be needed.
Also, it is what ends up standing in the way of an otherwise
innocent code cleanup of list.h:
https://lore.kernel.org/u-boot/20250522165656.GB2179216@bill-the-cat/
Note that riscv, x86 as well as arm64 with LTO enabled has not had
this volatile qualifier, so it's unlikely there's any generic code
that depends on it.
Link: https://lore.kernel.org/r/20250604195612.2312979-1-ravi@prevas.dk
The global gd pointer is no longer volatile-qualified, so drop that
qualifier from these bookkeeping variables.
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
The global gd pointer is no longer volatile-qualified, so drop that
qualifier from these bookkeeping variables.
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
%s/data that change/data that changes/
%s/cannot be used has/cannot be used for/
%s/Otherwise/Otherwise,/
%s/allows better measurement/allows for better measurement/
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Update definition of _debug_uart_putc to static inline.
This will allow to avoid compilation warnings about unused code
after introduction of patch changing debug uart functions to
dummies if CONFIG_DEBUG_UART is not set.
This also matches the instructions in include/debug_uart.h and
provides consistency with implementations for other platforms.
Signed-off-by: Lukasz Czechowski <lukasz.czechowski@thaumatec.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
