u-boot.git/lib/efi_loader, branch v2021.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Allow capsule update on-disk without checking OsIndications 2021-07-02T16:29:06+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-06-29T04:55:51+00:00 0fa5020c024e49222ca97ead3502b332d35dea76 Although U-Boot supports capsule update on-disk, it's lack of support for SetVariable at runtime prevents applications like fwupd from using it. In order to perform the capsule update on-disk the spec says that the OS must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in the OsIndications variable. The firmware then checks for the EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications variable, which is set by the submitter to trigger processing of the capsule on the next reboot. Let's add a config option which ignores the bit and just relies on the capsule being present. Since U-Boot deletes the capsule while processing it, we won't end up applying it multiple times. Note that this is allowed for all capsules. In the future, once authenticated capsules are fully supported, we can limit the functionality to those only. Signed-off-by: apalos <ilias.apalodimas@linaro.org> Reword Kconfig description. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Although U-Boot supports capsule update on-disk, it's lack of support for
SetVariable at runtime prevents applications like fwupd from using it.

In order to perform the capsule update on-disk the spec says that the OS
must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in
the OsIndications variable.  The firmware then checks for the
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications
variable, which is set by the submitter to trigger processing of the
capsule on the next reboot.

Let's add a config option which ignores the bit and just relies on the
capsule being present. Since U-Boot deletes the capsule while processing
it, we won't end up applying it multiple times.

Note that this is allowed for all capsules. In the future, once
authenticated capsules are fully supported, we can limit the functionality
to those only.

Signed-off-by: apalos <ilias.apalodimas@linaro.org>

Reword Kconfig description.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: clear OsIndications 2021-07-02T07:37:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-29T11:33:09+00:00 149108a3eb594b03561073aa6fd512cacab57c62 After each reboot we must clear flag EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in variable OsIndications. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
After each reboot we must clear flag
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in variable
OsIndications.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Improve the parameter check for QueryVariableInfo() 2021-07-02T07:37:01+00:00 Masami Hiramatsu masami.hiramatsu@linaro.org 2021-06-30T15:49:48+00:00 417a3c24c9991d3d9df8401063188324bf404952 Improve efi_query_variable_info() to check the parameter settings and return correct error code according to the UEFI Specification 2.9, and the Self Certification Test (SCT) II Case Specification, June 2017, chapter 4.1.4 QueryVariableInfo(). Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com> Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Improve efi_query_variable_info() to check the parameter settings and
return correct error code according to the UEFI Specification 2.9,
and the Self Certification Test (SCT) II Case Specification, June
2017, chapter 4.1.4 QueryVariableInfo().

Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: missing parentheses in query_console_size 2021-07-02T07:37:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-29T08:09:14+00:00 abd62e4d41112893d70ddcbe7faad887116ed323 After if we should use parentheses to keep the code readable. Fixes: a95f4c885991 ("efi_loader: NULL dereference in EFI console") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
After if we should use parentheses to keep the code readable.

Fixes: a95f4c885991 ("efi_loader: NULL dereference in EFI console")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Always install FMPs 2021-07-02T07:37:01+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-06-22T14:38:53+00:00 6e0184b86f689045a0acc268e1899ce7757c65d0 We only install FMPs if a CapsuleUpdate is requested. Since we now have an ESRT table which relies on FMPs to build the required information, it makes more sense to unconditionally install them. This will allow userspace applications (e.g fwupd) to make use of the ERST and provide us with files we can use to run CapsuleUpdate on-disk Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We only install FMPs if a CapsuleUpdate is requested.  Since we now have an
ESRT table which relies on FMPs to build the required information, it
makes more sense to unconditionally install them. This will allow userspace
applications (e.g fwupd) to make use of the ERST and provide us with files
we can use to run CapsuleUpdate on-disk

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Force a single FMP instance per hardware store 2021-07-02T07:37:01+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-06-22T14:38:52+00:00 b891ff18f8999c89d00e1a963a4bc07afe3ae061 Chapter 23 of the EFI spec (rev 2.9) says: "A specific updatable hardware firmware store must be represented by exactly one FMP instance". This is not the case for us, since both of our FMP protocols can be installed at the same time because they are controlled by a single 'dfu_alt_info' env variable. So make the config options depend on each other and allow the user to install one of them at any given time. If we fix the meta-data provided by the 'dfu_alt_info' in the future, to hint about the capsule type (fit or raw) we can revise this and enable both FMPs to be installed, as long as they target different firmware hardware stores Note that we are not using a Kconfig 'choice' on purpose, since we want to allow both of those to be installed and tested in sandbox Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Chapter 23 of the EFI spec (rev 2.9) says:
"A specific updatable hardware firmware store must be represented by
exactly one FMP instance".
This is not the case for us, since both of our FMP protocols can be
installed at the same time because they are controlled by a single
'dfu_alt_info' env variable.
So make the config options depend on each other and allow the user to
install one of them at any given time.  If we fix the meta-data provided
by the 'dfu_alt_info' in the future,  to hint about the capsule type
(fit or raw) we can revise this and enable both FMPs to be installed, as
long as they target different firmware hardware stores

Note that we are not using a Kconfig 'choice' on purpose, since we
want to allow both of those to be installed and tested in sandbox

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi: Fix to use null handle to create new handle for efi_fmp_raw 2021-07-02T07:37:01+00:00 Masami Hiramatsu masami.hiramatsu@linaro.org 2021-06-22T14:38:51+00:00 3ef772230db077a7122de11d93cfc4ff570fb4a7 When running the efidebug capsule disk-update command, the efi_fmp_raw protocol installation fails with 2 (EFI_INVALID_PARAMETER) as below. This is because the code passes efi_root instead of the handle local var. => efidebug capsule disk-update EFI: Call: efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL) EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbaf5988) EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface) EFI: Entry efi_install_protocol_interface(00000000fbaf5988, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6ee8) EFI: new handle 00000000fbb37520 EFI: Exit: efi_install_protocol_interface: 0 EFI: 0 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface) EFI: Exit: efi_install_multiple_protocol_interfaces: 0 EFI: 0 returned by efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL) EFI: Call: efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL) EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbfec648) EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface) EFI: Entry efi_install_protocol_interface(00000000fbfec648, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6f18) EFI: handle 00000000fbaf8520 EFI: Exit: efi_install_protocol_interface: 2 EFI: 2 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface) EFI: Exit: efi_install_multiple_protocol_interfaces: 2 EFI: 2 returned by efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL) Command failed, result=1 To fix this issue, pass the handle local var which is set NULL right before installing efi_fmp_raw as same as the installing efi_fmp_fit. (In both cases, the local reference to the handle will be just discarded) Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
When running the efidebug capsule disk-update command, the efi_fmp_raw
protocol installation fails with 2 (EFI_INVALID_PARAMETER) as below.
This is because the code passes efi_root instead of the handle local var.

=> efidebug capsule disk-update
EFI: Call: efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
  EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbaf5988)
    EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
      EFI: Entry efi_install_protocol_interface(00000000fbaf5988, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6ee8)
        EFI: new handle 00000000fbb37520
      EFI: Exit: efi_install_protocol_interface: 0
    EFI: 0 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
  EFI: Exit: efi_install_multiple_protocol_interfaces: 0
EFI: 0 returned by efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
EFI: Call: efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
  EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbfec648)
    EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
      EFI: Entry efi_install_protocol_interface(00000000fbfec648, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6f18)
        EFI: handle 00000000fbaf8520
      EFI: Exit: efi_install_protocol_interface: 2
    EFI: 2 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
  EFI: Exit: efi_install_multiple_protocol_interfaces: 2
EFI: 2 returned by efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
Command failed, result=1

To fix this issue, pass the handle local var which is set NULL right
before installing efi_fmp_raw as same as the installing efi_fmp_fit.
(In both cases, the local reference to the handle will be just discarded)

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: TPL_HIGH_LEVEL not allowed for CreateEvent 2021-06-28T17:57:13+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-10T21:10:52+00:00 7891fe675d03f2407b040c472ae76050bc88c24e According to chapter 7.1 "Event, Timer, and Task Priority Services" TPL_HIGH_LEVEL should not be exposed to applications and drivers. According to the discussion with EDK II contributors this implies that CreateEvent() shall not allow to create events with TPL_HIGH_LEVEL. Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com> 
According to chapter 7.1 "Event, Timer, and Task Priority Services"
TPL_HIGH_LEVEL should not be exposed to applications and drivers.

According to the discussion with EDK II contributors this implies that
CreateEvent() shall not allow to create events with TPL_HIGH_LEVEL.

Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
efi_loader: fix Sphinx warning 2021-06-09T10:35:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-08T22:21:24+00:00 b95e5edc424a14c1d03848c03f92389a945d3e61 Brackets '[' need to be escaped to avoid a build warning lib/efi_loader/efi_image_loader.c:223: WARNING: Inline strong start-string without end-string. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
Brackets '[' need to be escaped to avoid a build warning

    lib/efi_loader/efi_image_loader.c:223:
    WARNING: Inline strong start-string without end-string.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: efi_capsule_delete_file() NULL dereference 2021-06-08T22:16:39+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-02T17:28:22+00:00 e27b0ff1b7135f966c1379acde48134dd6b15545 If opening a file fails, the file handle pointer is not valid and must not be dereferenced. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
If opening a file fails, the file handle pointer is not valid and must not
be dereferenced.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>