u-boot.git/lib/efi_loader, branch v2022.07-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: add sha384/512 on certificate revocation 2022-05-07T21:17:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-05-06T12:36:00+00:00 b436cc6a57cae017343a549f4b701e748d7e6448 Currently we don't support sha384/512 for the X.509 certificate in dbx. Moreover if we come across such a hash we skip the check and approve the image, although the image might needs to be rejected. Rework the code a bit and fix it by adding an array of structs with the supported GUIDs, len and literal used in the U-Boot crypto APIs instead of hardcoding the GUID types. It's worth noting here that efi_hash_regions() can now be reused from efi_signature_lookup_digest() and add sha348/512 support there as well Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Select EVENT as well 2022-05-07T21:17:26+00:00 Jan Kiszka jan.kiszka@siemens.com 2022-04-27T05:47:15+00:00 6ae494831d13e96e5bc82b70c8061f5771219c3c Fixes WARNING: unmet direct dependencies detected for EVENT_DYNAMIC Depends on [n]: EVENT [=n] Selected by [y]: - EFI_LOADER [=y] && OF_LIBFDT [=y] && ... and the succeeding build breakage. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Fixes

WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
  Depends on [n]: EVENT [=n]
  Selected by [y]:
  - EFI_LOADER [=y] && OF_LIBFDT [=y] && ...

and the succeeding build breakage.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: bootmgr: add booting from removable media 2022-05-03T19:39:22+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-28T08:09:39+00:00 4e65ca00f3a30791752529fe9ffe8c02da104c62 Under the current implementation, booting from removable media using a architecture-specific default image name, say BOOTAA64.EFI, is supported only in distro_bootcmd script. See the commit 74522c898b35 ("efi_loader: Add distro boot script for removable media"). This is, however, half-baked implementation because 1) UEFI specification requires this feature to be implemented as part of Boot Manager's responsibility: 3 - Boot Manager 3.5.1 Boot via the Simple File Protocol When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will start with a device path that points to the device that implements the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next part of the FilePath may point to the file name, including subdirectories, which contain the bootable image. If the file name is a null device path, the file name must be generated from the rules defined below. ... 3.5.1.1 Removable Media Boot Behavior To generate a file name when none is present in the FilePath, the firmware must append a default file name in the form \EFI\BOOT\BOOT{machine type short-name}.EFI ... 2) So (1) entails the hehavior that the user's preference of boot media order should be determined by Boot#### and BootOrder variables. With this patch, the semantics mentioned above is fully implemented. For example, if you want to boot the system from USB and SCSI in this order, * define Boot0001 which contains only a device path to the USB device (without any file path/name) * define Boot0002 which contains only a device path to the SCSI device, and * set BootOrder to Boot0001:Boot0002 To avoid build error for sandbox, default file name "BOOTSANDBOX.efi" is defined even if it is out of scope of UEFI specification. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> On sandbox use binary name corresponding to host architecture. Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Under the current implementation, booting from removable media using
a architecture-specific default image name, say BOOTAA64.EFI, is
supported only in distro_bootcmd script. See the commit 74522c898b35
("efi_loader: Add distro boot script for removable media").

This is, however, half-baked implementation because
1) UEFI specification requires this feature to be implemented as part
   of Boot Manager's responsibility:

  3 - Boot Manager
  3.5.1 Boot via the Simple File Protocol
  When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will
  start with a device path that points to the device that implements the
  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next
  part of the FilePath may point to the file name, including
  subdirectories, which contain the bootable image. If the file name is
  a null device path, the file name must be generated from the rules
  defined below.
  ...
  3.5.1.1 Removable Media Boot Behavior
  To generate a file name when none is present in the FilePath, the
  firmware must append a default file name in the form
  \EFI\BOOT\BOOT{machine type short-name}.EFI ...

2) So (1) entails the hehavior that the user's preference of boot media
   order should be determined by Boot#### and BootOrder variables.

With this patch, the semantics mentioned above is fully implemented.
For example, if you want to boot the system from USB and SCSI in this
order,
* define Boot0001 which contains only a device path to the USB device
  (without any file path/name)
* define Boot0002 which contains only a device path to the SCSI device,
and
* set BootOrder to Boot0001:Boot0002

To avoid build error for sandbox, default file name "BOOTSANDBOX.efi"
is defined even if it is out of scope of UEFI specification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
On sandbox use binary name corresponding to host architecture.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: export efi_locate_device_handle() 2022-05-03T19:39:22+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-28T08:09:38+00:00 d8465ffc019a742ae6c8770179f359317c5f101a This function will be used in the next commit where some behavior of EFI boot manager will be expanded. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lib: fix selection of CONFIG_CHARSET 2022-05-03T19:39:22+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-05-02T04:27:00+00:00 d30924f16bdceb4c34bfa1f230b04e91e28d5666 lib/charset.c is not optional for EFI_APP || EFI_LOADER || UFS || UT_UNICODE. These must select CONFIG_CHARSET. Fixes: 726cd9836db0 ("efi: Make unicode printf available to the app") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
lib/charset.c is not optional for
EFI_APP || EFI_LOADER || UFS || UT_UNICODE.
These must select CONFIG_CHARSET.

Fixes: 726cd9836db0 ("efi: Make unicode printf available to the app")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: reset colors before clearing screen 2022-05-03T19:39:22+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-04-30T07:05:04+00:00 5c1037d57835eb1cbeb9c78069839a445f8ab86b When resetting the text console the colors have to be set before clearing the screen. Otherwise the background color may be wrong. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
When resetting the text console the colors have to be set before clearing
the screen. Otherwise the background color may be wrong.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: disk: allow blk devices even without UCLASS_PARTITION 2022-04-29T12:25:40+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-28T04:49:16+00:00 6c640422baa46c5061efa5d2ff1b386bca72253c While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is seen optional under the current implementation. So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices. Fixes: commit d97e98c887ed ("efi_loader: disk: use udevice instead of blk_desc") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Mark Kettenis <kettenis@openbsd.org> 
While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is
seen optional under the current implementation.
So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices.

Fixes: commit d97e98c887ed ("efi_loader: disk: use udevice instead of blk_desc")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Mark Kettenis <kettenis@openbsd.org>
efi_loader: simplify efi_add_conventional_memory_map() 2022-04-29T12:25:39+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-04-25T21:54:48+00:00 8da26f51569aa3f9b6a0be49058399a0a036c14a Remove redundant constraint. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Remove redundant constraint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: simplify try_load_entry() 2022-04-29T12:25:39+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-04-25T21:35:01+00:00 4f419960bff5bbc646e28da3f8c953455319ea16 Use function efi_create_indexed_name() to create the BootXXXX variable name. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Use function efi_create_indexed_name() to create the BootXXXX variable
name.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: don't call log with __func__ as parameter 2022-04-29T12:23:30+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-04-29T05:15:04+00:00 7ea79e511d308fb8aea4189d1617ee59887d3807 The log functions print file name, line number, and function name if selected via the log command or customizing. Don't print the function name twice. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The log functions print file name, line number, and function name if
selected via the log command or customizing. Don't print the function
name twice.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>