u-boot.git/include/efi_loader.h, branch v2021.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Always install FMPs 2021-07-02T07:37:01+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-06-22T14:38:53+00:00 6e0184b86f689045a0acc268e1899ce7757c65d0 We only install FMPs if a CapsuleUpdate is requested. Since we now have an ESRT table which relies on FMPs to build the required information, it makes more sense to unconditionally install them. This will allow userspace applications (e.g fwupd) to make use of the ERST and provide us with files we can use to run CapsuleUpdate on-disk Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We only install FMPs if a CapsuleUpdate is requested.  Since we now have an
ESRT table which relies on FMPs to build the required information, it
makes more sense to unconditionally install them. This will allow userspace
applications (e.g fwupd) to make use of the ERST and provide us with files
we can use to run CapsuleUpdate on-disk

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add PE/COFF image measurement 2021-05-28T14:17:01+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-05-26T03:09:58+00:00 163a0d7e2cbdbdf26d90ac8d30c0495b814f3245 "TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log. Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Replace CONFIG_HASH_CALCULATE by CONFIG_HASH Fix conversions between pointers and u64. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: add macro for const EFI runtime data 2021-05-24T18:21:30+00:00 Marek Behún marek.behun@nic.cz 2021-05-20T11:23:58+00:00 15f537ccf96f891ee46c0d2d2b5d2021b0de2559 Add macro __efi_runtime_rodata, for const variables with similar purpose as those using __efi_runtime_data. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Add macro __efi_runtime_rodata, for const variables with similar purpose
as those using __efi_runtime_data.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add Sphinx doc for __efi_runtime and __efi_runtime_data 2021-05-24T18:21:30+00:00 Marek Behún marek.behun@nic.cz 2021-05-20T11:23:57+00:00 82836973115171d1d8ff5fa874b075672ac08f58 Document the macros __efi_runtime and __efi_runtime_data in Sphinx style. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Document the macros __efi_runtime and __efi_runtime_data in Sphinx
style.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: fix warning when linking with LTO 2021-05-24T18:21:30+00:00 Marek Behún marek.behun@nic.cz 2021-05-20T11:23:56+00:00 2bdc6f579b698ea32cf112310e903238d92a3c5a When linking with LTO, the compiler complains about type mismatch of variables `__efi_runtime_start`, `__efi_runtime_stop`, `__efi_runtime_rel_start` and `__efi_runtime_rel_stop`: include/efi_loader.h:218:21: warning: type of ‘__efi_runtime_start’ does not match original declaration [-Wlto-type-mismatch] 218 | extern unsigned int __efi_runtime_start, __efi_runtime_stop; | ^ arch/sandbox/lib/sections.c:7:6: note: ‘__efi_runtime_start’ was previously declared here 7 | char __efi_runtime_start[0] __attribute__((section(".__efi_run | ^ Change the type to char[] in include/efi_loader.h. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> 
When linking with LTO, the compiler complains about type mismatch of
variables `__efi_runtime_start`, `__efi_runtime_stop`,
`__efi_runtime_rel_start` and `__efi_runtime_rel_stop`:

 include/efi_loader.h:218:21: warning: type of ‘__efi_runtime_start’
                                       does not match original
                                       declaration [-Wlto-type-mismatch]
    218 | extern unsigned int __efi_runtime_start, __efi_runtime_stop;
        |                     ^
  arch/sandbox/lib/sections.c:7:6: note: ‘__efi_runtime_start’ was
                                         previously declared here
      7 | char __efi_runtime_start[0] __attribute__((section(".__efi_run
        |      ^

Change the type to char[] in include/efi_loader.h.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
treewide: Convert macro and uses of __section(foo) to __section("foo") 2021-05-24T18:21:30+00:00 Marek Behún marek.behun@nic.cz 2021-05-20T11:23:52+00:00 236f2ec43266cb4dabd320381498df6c9d80c82d This commit does the same thing as Linux commit 33def8498fdd. Use a more generic form for __section that requires quotes to avoid complications with clang and gcc differences. Remove the quote operator # from compiler_attributes.h __section macro. Convert all unquoted __section(foo) uses to quoted __section("foo"). Also convert __attribute__((section("foo"))) uses to __section("foo") even if the __attribute__ has multiple list entry forms. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
This commit does the same thing as Linux commit 33def8498fdd.

Use a more generic form for __section that requires quotes to avoid
complications with clang and gcc differences.

Remove the quote operator # from compiler_attributes.h __section macro.

Convert all unquoted __section(foo) uses to quoted __section("foo").
Also convert __attribute__((section("foo"))) uses to __section("foo")
even if the __attribute__ has multiple list entry forms.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
efi: Add ESRT to the EFI system table 2021-03-25T19:19:19+00:00 Jose Marinho jose.marinho@arm.com 2021-03-02T17:26:38+00:00 64a8aae15ce9cccdb907219a9fce9f5b17ae791a The ESRT is initialised during efi_init_objlist after efi_initialize_system_table(). The ESRT is recreated from scratch at the following events: - successful UpdateCapsule; - FMP instance install. The code ensures that every ESRT entry has a unique fw_class value. Limitations: - The ESRT is not updated if an FMP instance is uninstalled; - the fields image_type and flags are in the current implementation left undefined. Setting these values will require a per-platform function that returns the image_type/flags as a function of the image fw_class. CC: Heinrich Schuchardt <xypron.glpk@gmx.de> CC: Sughosh Ganu <sughosh.ganu@linaro.org> CC: AKASHI Takahiro <takahiro.akashi@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Andre Przywara <andre.przywara@arm.com> CC: Alexander Graf <agraf@csgraf.de> CC: nd@arm.com Signed-off-by: Jose Marinho <jose.marinho@arm.com> Remove two EFI_CALL() indirections. Move ESRT GUID in efidebug's list of GUIDs. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().

The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.

The code ensures that every ESRT entry has a unique fw_class value.

Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Replace config option for initrd loading 2021-03-25T19:14:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-03-17T19:55:00+00:00 53f6a5aa86267a59ea9d45c89405e42002410e37 Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd unconditionally. Although we correctly return various EFI exit codes depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the kernel loader, only falls back to the cmdline interpreted initrd if the protocol is not installed. This creates a problem for EFI installers, since they won't be able to load their own initrd and continue the installation. It also makes the feature hard to use, since we can either have a single initrd or we have to recompile u-boot if the filename changes. So let's introduce a different logic that will decouple the initrd path from the config option we currently have. When defining a UEFI BootXXXX we can use the filepathlist and store a file path pointing to our initrd. Specifically the EFI spec describes: "The first element of the array is a device path that describes the device and location of the Image for this load option. Other device paths may optionally exist in the FilePathList, but their usage is OSV specific" When the EFI application is launched through the bootmgr, we'll try to interpret the extra device path. If that points to a file that exists on our disk, we'll now install the load_file2 and the efi-stub will be able to use it. This opens up another path using U-Boot and defines a new boot flow. A user will be able to control the kernel/initrd pairs without explicit cmdline args or GRUB. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.

This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.

So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:

"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"

When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.

This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Add helper functions for EFI 2021-03-25T19:14:25+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-03-17T19:54:59+00:00 37c3ca5c0b1a449356279efdcaca346b3eae84fd A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
A following patch introduces a different logic for loading initrd's
based on the EFI_LOAD_FILE2_PROTOCOL.
Since similar logic can be applied in the future for other system files
(i.e DTBs), let's add some helper functions which will retrieve and
parse file paths stored in EFI variables.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Add device path related functions for initrd via Boot#### 2021-03-25T19:14:25+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-03-17T19:54:58+00:00 76e8acce12fe6e914fdab422c8af44956c1dac04 On the following patches we allow for an initrd path to be stored in Boot#### variables. Specifically we encode in the FIlePathList[] of the EFI_LOAD_OPTIONS for each Boot#### variable. The FilePathList[] array looks like this: kernel - 0xff - VenMedia(initrd GUID) - initrd1 - 0x01 initrd2 - 0xff So let's add the relevant functions to concatenate and retrieve a device path based on a Vendor GUID. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reformat function descriptions. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
On the following patches we allow for an initrd path to be stored in
Boot#### variables.  Specifically we encode in the FIlePathList[] of
the EFI_LOAD_OPTIONS for each Boot#### variable.

The FilePathList[] array looks like this:
kernel - 0xff - VenMedia(initrd GUID) - initrd1 - 0x01 initrd2 - 0xff
So let's add the relevant functions to concatenate and retrieve a device
path based on a Vendor GUID.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reformat function descriptions.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>