u-boot.git/lib/efi_loader/Makefile, branch v2022.01 Unnamed repository; edit this file 'description' to name the repository. Revert "efi_capsule: Move signature from DTB to .rodata" 2021-09-18T09:47:50+00:00 Simon Glass sjg@chromium.org 2021-08-02T14:44:31+00:00 47a25e81d35c8d801cae9089de90c9ffea083409 This was unfortunately applied despite much discussion about it beiong the wrong way to implement this feature. Revert it before too many other things are built on top of it. This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492. Signed-off-by: Simon Glass <sjg@chromium.org> 
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.

Revert it before too many other things are built on top of it.

This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492.
Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: typo cerificate 2021-08-02T06:21:12+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-08-02T06:21:12+00:00 78e6b871fdcf4bb86c6d7292a0e5d4a98e1435b6 %s/cerificate/certificate/ Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
%s/cerificate/certificate/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_capsule: Move signature from DTB to .rodata 2021-07-18T12:43:56+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-07-17T14:26:44+00:00 ddf67daac39de76d2697d587148f4c2cb768f492 The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The capsule signature is now part of our DTB.  This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata.  This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.

Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled 2021-05-25T11:06:57+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-05-14T00:53:36+00:00 f6081a8a1e45e4864e36d83ccc236eef62478b1f This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi: Add ESRT to the EFI system table 2021-03-25T19:19:19+00:00 Jose Marinho jose.marinho@arm.com 2021-03-02T17:26:38+00:00 64a8aae15ce9cccdb907219a9fce9f5b17ae791a The ESRT is initialised during efi_init_objlist after efi_initialize_system_table(). The ESRT is recreated from scratch at the following events: - successful UpdateCapsule; - FMP instance install. The code ensures that every ESRT entry has a unique fw_class value. Limitations: - The ESRT is not updated if an FMP instance is uninstalled; - the fields image_type and flags are in the current implementation left undefined. Setting these values will require a per-platform function that returns the image_type/flags as a function of the image fw_class. CC: Heinrich Schuchardt <xypron.glpk@gmx.de> CC: Sughosh Ganu <sughosh.ganu@linaro.org> CC: AKASHI Takahiro <takahiro.akashi@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Andre Przywara <andre.przywara@arm.com> CC: Alexander Graf <agraf@csgraf.de> CC: nd@arm.com Signed-off-by: Jose Marinho <jose.marinho@arm.com> Remove two EFI_CALL() indirections. Move ESRT GUID in efidebug's list of GUIDs. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().

The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.

The code ensures that every ESRT entry has a unique fw_class value.

Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.

CC: Heinrich Schuchardt	<xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Andre Przywara <andre.przywara@arm.com>
CC: Alexander Graf <agraf@csgraf.de>
CC: nd@arm.com
Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Add helper functions for EFI 2021-03-25T19:14:25+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-03-17T19:54:59+00:00 37c3ca5c0b1a449356279efdcaca346b3eae84fd A following patch introduces a different logic for loading initrd's based on the EFI_LOAD_FILE2_PROTOCOL. Since similar logic can be applied in the future for other system files (i.e DTBs), let's add some helper functions which will retrieve and parse file paths stored in EFI variables. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
A following patch introduces a different logic for loading initrd's
based on the EFI_LOAD_FILE2_PROTOCOL.
Since similar logic can be applied in the future for other system files
(i.e DTBs), let's add some helper functions which will retrieve and
parse file paths stored in EFI variables.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: EFI_DEVICE_PATH_UTILITIES_PROTOCOL configurable 2021-01-20T07:17:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-16T08:44:25+00:00 59593a52a3438d163904079ae9c5d4d7c69675bb Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via configuration. On systems that are very tight on U-Boot image size we may want to disable the protocol. As it is required to run the UEFI Shell enable it by default. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.

On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: make the UEFI boot manager configurable 2021-01-20T07:09:34+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-15T18:02:50+00:00 ff2f532fadd8f5238cc1ac2ae4ab075703bcc313 Some boards are very tight on the binary size. Booting via UEFI is possible without using the boot manager. Provide a configuration option to make the boot manager available. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: move load options to new module 2021-01-19T17:56:08+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-15T18:02:49+00:00 2363effb7a689de66634ba325e57c2d6fc12f4e9 Move all load options related functions to a new module. So that they can be compiled independently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Move all load options related functions to a new module. So that they can
be compiled independently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: implement EFI_DT_FIXUP_PROTOCOL 2021-01-13T01:38:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-13T09:30:24+00:00 94686f60a2b9fd87842f473a5cdca316668765c3 A boot manager like GRUB can use the protocol to * apply U-Boot's fix-ups to the a device-tree * let U-Boot make memory reservations according to the device-tree * install the device-tree as a configuration table Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>