u-boot.git/lib/efi_loader/Makefile, branch v2025.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: build with HII configuration protocol 2025-04-25T15:26:39+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2025-01-02T18:11:31+00:00 ac040ae58dba316d86edc788416fae58a5f44e3f Without the HII configuration protocol the debug version of the UEFI shell cannot be used. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Without the HII configuration protocol the debug version of the UEFI shell
cannot be used.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Moved the generated ESL file to objtree 2025-04-13T14:09:17+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2025-04-13T11:34:26+00:00 739ad58dbee874a3ad3bddd116e995212a254e07 Tom reports that generating the ESL file we need for authenticated capsule updates fails to work on azure which expects a RO git tree. Move it to $(objtree) Reported-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Tom reports that generating the ESL file we need for authenticated
capsule updates fails to work on azure which expects a RO git tree.

Move it to $(objtree)

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Move public cert for capsules to .rodata 2025-04-11T11:25:31+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2025-04-01T11:27:25+00:00 fd58c275f6ba524101ba0990e53f5a11ac390bd0 commit ddf67daac39d ("efi_capsule: Move signature from DTB to .rodata") was reverted in commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") because that's what U-Boot was usually doing -- using the DT to store configuration and data. Some of the discussions can be found here [0]. (Ab)using the device tree to store random data isn't ideal though. On top of that with new features introduced over the years, keeping the certificates in the DT has proven to be problematic. One of the reasons is that platforms might send U-Boot a DTB from the previous stage loader using a transfer list which won't contain the signatures since other loaders are not aware of internal U-Boot ABIs. On top of that QEMU creates the DTB on the fly, so adding the capsule certificate there does not work and requires users to dump it and re-create it injecting the public keys. Now that we have proper memory permissions for arm64, move the certificate to .rodata and read it from there. [0] https://lore.kernel.org/u-boot/CAPnjgZ2uM=n8Qo-a=DUkx5VW5Bzp5Xy8=Wgmrw8ESqUBK00YJQ@mail.gmail.com/ Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Jonathan Humphreys <j-humphreys@ti.com> # on TI sk-am62p-lp Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on AML-A311D-CC Tested-by: Raymond Mao <raymond.mao@linaro.org> 
commit ddf67daac39d ("efi_capsule: Move signature from DTB to .rodata")
was reverted in
commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"")
because that's what U-Boot was usually doing -- using the DT to store
configuration and data. Some of the discussions can be found here [0].

(Ab)using the device tree to store random data isn't ideal though.
On top of that with new features introduced over the years, keeping
the certificates in the DT has proven to be problematic.
One of the reasons is that platforms might send U-Boot a DTB
from the previous stage loader using a transfer list which won't contain
the signatures since other loaders are not  aware of internal
U-Boot ABIs. On top of that QEMU creates the DTB on the fly, so adding
the capsule certificate there does not work and requires users to dump
it and re-create it injecting the public keys.

Now that we have proper memory permissions for arm64, move the certificate
to .rodata and read it from there.

[0] https://lore.kernel.org/u-boot/CAPnjgZ2uM=n8Qo-a=DUkx5VW5Bzp5Xy8=Wgmrw8ESqUBK00YJQ@mail.gmail.com/

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Jonathan Humphreys <j-humphreys@ti.com>  # on TI sk-am62p-lp
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on AML-A311D-CC
Tested-by: Raymond Mao <raymond.mao@linaro.org>
efi_loader: efi_net: add EFI_HTTP_PROTOCOL 2024-12-04T11:24:38+00:00 Adriano Cordova adrianox@gmail.com 2024-12-04T03:05:26+00:00 238e0269d82f9662b27cd040e32c3543ccf3380f Add an EFI HTTP driver. This commit implements the EFI_HTTP_PROTOCOL and the EFI_HTTP_SERVICE_BINDING_PROTOCOL. The latter is attached to the handle of th efi network device. This is the same handle where snp, pxe, and ipconfig are attached to. Signed-off-by: Adriano Cordova <adrianox@gmail.com> 
Add an EFI HTTP driver. This commit implements the
EFI_HTTP_PROTOCOL and the EFI_HTTP_SERVICE_BINDING_PROTOCOL.
The latter is attached to the handle of th efi network
device. This is the same handle where snp, pxe, and ipconfig
are attached to.

Signed-off-by: Adriano Cordova <adrianox@gmail.com>
efi_loader: efi_net: add EFI_IP4_CONFIG2_PROTOCOL 2024-12-04T11:24:38+00:00 Adriano Cordova adrianox@gmail.com 2024-12-04T03:05:25+00:00 929363cbb35ef9943f9c02938dc23d2c78582c5f Add an implementation of the EFI_IP4_CONFIG2_PROTOCOL. The protocol is attached to the handle of the efi network device. This is the same handle where snp and pxe are attached to. Signed-off-by: Adriano Cordova <adrianox@gmail.com> 
Add an implementation of the EFI_IP4_CONFIG2_PROTOCOL. The protocol
is attached to the handle of the efi network device. This is the same
handle where snp and pxe are attached to.

Signed-off-by: Adriano Cordova <adrianox@gmail.com>
efi_loader: Add a test app 2024-11-09T08:59:41+00:00 Simon Glass sjg@chromium.org 2024-11-07T21:31:41+00:00 34d2faaef6cf14a0578f09f798b8bf36d28e84ad Add a simple app to use for testing. This is intended to do whatever it needs to for testing purposes. For now it just prints a message and exits boot services. There was a considerable amount of discussion about whether it is OK to call exit-boot-services and then return to U-Boot. This is not normally done in a real application, since exit-boot-services is used to completely disconnect from U-Boot. For now, this part is skipped. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Add a simple app to use for testing. This is intended to do whatever it
needs to for testing purposes. For now it just prints a message and
exits boot services.

There was a considerable amount of discussion about whether it is OK to
call exit-boot-services and then return to U-Boot. This is not normally
done in a real application, since exit-boot-services is used to
completely disconnect from U-Boot. For now, this part is skipped.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Shorten the app rules further 2024-10-10T04:04:56+00:00 Simon Glass sjg@chromium.org 2024-09-26T21:59:34+00:00 369734486687c55382014832405162f5fe6a65d6 Add a way to factor out the CFLAGS changes for each app, since they are all the same. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a way to factor out the CFLAGS changes for each app, since they are
all the same.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Shorten the app rules 2024-10-10T04:04:56+00:00 Simon Glass sjg@chromium.org 2024-09-26T21:59:33+00:00 0cee36784863ef7c84e2ba1934f291a38a0dd99a We have quite a few apps now, so create a way to specify them as a list rather than repeating the same rules again and again. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We have quite a few apps now, so create a way to specify them as a list
rather than repeating the same rules again and again.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Rename and move CMD_BOOTEFI_HELLO_COMPILE 2024-10-10T04:04:56+00:00 Simon Glass sjg@chromium.org 2024-09-26T21:59:31+00:00 6fe80876dcc7d5b22ef1b88db14209770716c3cb This is not actually a command so the name is confusing. Use BOOTEFI_HELLO_COMPILE instead. Put it in the efi_loader directory with the other such config options. The link rule (for $(obj)/%_efi.so) in scripts/Makefile.lib handles pulling in efi_crt0.o and efi_reloc.o so drop the 'extra' rules. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
This is not actually a command so the name is confusing. Use
BOOTEFI_HELLO_COMPILE instead. Put it in the efi_loader directory
with the other such config options.

The link rule (for $(obj)/%_efi.so) in scripts/Makefile.lib handles
pulling in efi_crt0.o and efi_reloc.o so drop the 'extra' rules.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: move distro_efi_get_fdt_name() 2024-06-10T09:43:36+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T14:13:18+00:00 c9463859500c0db85a3e5a0a8e347fcb35e54aae Move distro_efi_get_fdt_name() to a separate C module and rename it to efi_get_distro_fdt_name(). Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Move distro_efi_get_fdt_name() to a separate C module
and rename it to efi_get_distro_fdt_name().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>