u-boot.git/lib/efi_loader, branch v2024.01 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Make DisconnectController follow the EFI spec 2023-12-05T00:38:56+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-11-28T19:10:31+00:00 6805b4dbad72a6e9180426c50f6db6e2681430c0 commit 239d59a65e20 ("efi_loader: reconnect drivers on failure") tried to fix the UninstallProtocol interface which must reconnect any controllers it disconnected by calling ConnectController() in case of failure. However, the reconnect functionality was wired in efi_disconnect_all_drivers() instead of efi_uninstall_protocol(). As a result some SCT tests started failing. Specifically, BBTestOpenProtocolInterfaceTest333CheckPoint3() test - Calls ConnectController for DriverImageHandle1 - Calls DisconnectController for DriverImageHandle1 which will disconnect everything apart from TestProtocol4. That will remain open on purpose. - Calls ConnectController for DriverImageHandle2. TestProtocol4 which was explicitly preserved was installed wth BY_DRIVER attributes. The new protocol will call DisconnectController since its attributes are BY_DRIVER|EXCLUSIVE, but TestProtocol4 will not be removed. The test expects EFI_ACCESS_DENIED which works fine. The problem is that DisconnectController, will eventually call EFI_DRIVER_BINDING_PROTOCOL.Stop(). But on the aforementioned test this will call CloseProtocol -- the binding protocol is defined in 'DBindingDriver3.c' and the .Stop function uses CloseProtocol. If that close protocol call fails with EFI_NOT_FOUND, the current code will try to mistakenly reconnect all drivers and the subsequent tests that rely on the device being disconnected will fail. Move the reconnection in efi_uninstall_protocol() were it belongs. Fixes: commit 239d59a65e20 ("efi_loader: reconnect drivers on failure") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
commit 239d59a65e20 ("efi_loader: reconnect drivers on failure")
tried to fix the UninstallProtocol interface which must reconnect
any controllers it disconnected by calling ConnectController()
in case of failure. However, the reconnect functionality was wired in
efi_disconnect_all_drivers() instead of efi_uninstall_protocol().

As a result some SCT tests started failing.
Specifically, BBTestOpenProtocolInterfaceTest333CheckPoint3() test
 - Calls ConnectController for DriverImageHandle1
 - Calls DisconnectController for DriverImageHandle1 which will
   disconnect everything apart from TestProtocol4. That will remain
   open on purpose.
 - Calls ConnectController for DriverImageHandle2. TestProtocol4
   which was explicitly preserved was installed wth BY_DRIVER attributes.
   The new protocol will call DisconnectController since its attributes
   are BY_DRIVER|EXCLUSIVE, but TestProtocol4 will not be removed. The
   test expects EFI_ACCESS_DENIED which works fine.

   The problem is that DisconnectController, will eventually call
   EFI_DRIVER_BINDING_PROTOCOL.Stop(). But on the aforementioned test
   this will call CloseProtocol -- the binding protocol is defined in
   'DBindingDriver3.c' and the .Stop function uses CloseProtocol.
   If that close protocol call fails with EFI_NOT_FOUND, the current code
   will try to mistakenly reconnect all drivers and the subsequent tests
   that rely on the device being disconnected will fail.

Move the reconnection in efi_uninstall_protocol() were it belongs.

Fixes: commit 239d59a65e20 ("efi_loader: reconnect drivers on failure")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: create memory reservations in ACPI case 2023-12-05T00:38:56+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-11-16T09:29:28+00:00 1be415b21b2da2f7979bdbccf7cf01103883b5de ACPI tables cannot convey memory reservations for ARM and RISC-V. x86 uses the BIOS E820 table for this purpose. We cannot simply ignore the device-tree when booting via ACPI. We have to assign EfiReservedMemory according to the prior stage device-tree ($fdtaddr) or as fallback the control device-tree ($fdtcontroladdr). Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
ACPI tables cannot convey memory reservations for ARM and RISC-V.
x86 uses the BIOS E820 table for this purpose. We cannot simply ignore the
device-tree when booting via ACPI. We have to assign EfiReservedMemory
according to the prior stage device-tree ($fdtaddr) or as fallback the
control device-tree ($fdtcontroladdr).

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
efi_loader: generated SMBIOS table below 4 GiB 2023-12-04T18:42:40+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-11-20T22:25:58+00:00 89cb3a9f0a5583d6a2197de64a22ef1e4d2e220b We currently use an outdated format 32-bit format for SMBIOS tables. So we must allocate SMBIOS tables below 4 GiB. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We currently use an outdated format 32-bit format for SMBIOS tables.
So we must allocate SMBIOS tables below 4 GiB.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: improve efi_var_from_file() description 2023-11-20T18:06:22+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2023-11-13T14:50:16+00:00 ce68a254483817f86f92ffef7c7bc44fee318fb5 It is unclear to developers why efi_var_from_file() returns EFI_SUCCESS if file ubootefi.var is missing or corrupted. Improve the description. Reported-by: Weizhao Ouyang <o451686892@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Weizhao Ouyang <o451686892@gmail.com> 
It is unclear to developers why efi_var_from_file() returns EFI_SUCCESS if
file ubootefi.var is missing or corrupted. Improve the description.

Reported-by: Weizhao Ouyang <o451686892@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Weizhao Ouyang <o451686892@gmail.com>
efi_loader: Correctly account the SCRTM event creation 2023-11-20T18:06:22+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-11-07T11:31:34+00:00 229f9e77fe46efb2516b7cfdc60db1d92721eac5 The result of efi_append_scrtm_version() is overwritten before anyone checks its result. Check it and exit the function on failures Addresses-Coverity-ID: 467399 Code maintainability issues (UNUSED_VALUE) Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The result of efi_append_scrtm_version() is overwritten before anyone
checks its result. Check it and exit the function on failures

Addresses-Coverity-ID: 467399 Code maintainability issues (UNUSED_VALUE)
Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Increase default variable store size to 128K 2023-11-20T18:06:22+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-11-06T15:47:53+00:00 a8062549d6ba81e41596adab83f80e8f819f491d In commit 9fd3f881c6ed ("efi_loader: Increase default variable store size to 64KiB") Alper has a detailed explanation of why the size needs to be bumped to at least 64K. However enabling Secure boot, writing db, KEK, PK etc keys will further increase the size so bump it to 128K. It's worth noting that when U-Boot stores the EFI variables in an RPMB the available storage is defined statically in StandAloneMM at build time. The U-Boot code is detecting the available true size on the fly during writes. When StandAloneMM is present this size defines the reserved memory U-Boot can use to copy any runtime variables, before booting an OS. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
In commit 9fd3f881c6ed ("efi_loader: Increase default variable store size to 64KiB")
Alper has a detailed explanation of why the size needs to be bumped to at
least 64K.  However enabling Secure boot, writing db, KEK, PK etc keys
will further increase the size so bump it to 128K.

It's worth noting that when U-Boot stores the EFI variables in an RPMB the
available storage is defined statically in StandAloneMM at build time.
The U-Boot code is detecting the available true size on the fly during
writes. When StandAloneMM is present this size defines the reserved
memory U-Boot can use to copy any runtime variables, before booting an
OS.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: Correct handling of frame buffer 2023-11-15T03:04:00+00:00 Simon Glass sjg@chromium.org 2023-10-02T01:14:36+00:00 a75cf70d23ac8d4dbccf13f0a9589aaf6a552bff The efi_gop driver uses private fields from the video uclass to obtain a pointer to the frame buffer. Use the platform data instead. Check the VIDEO_COPY setting to determine which frame buffer to use. Once the next stage is running (and making use of U-Boot's EFI boot services) U-Boot does not handle copying from priv->fb to the hardware framebuffer, so we must allow EFI to write directly to the hardware framebuffer. We could provide a function to read this, but it seems better to just document how it works. The original change ignored an explicit comment in the video.h file ("Things that are private to the uclass: don't use these in the driver") which is why this was missed when the VIDEO_COPY feature was added. Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: 8f661a5b662 ("efi_loader: gop: Expose fb when 32bpp") Reviewed-by: Bin Meng <bmeng.cn@gmail.com> 
The efi_gop driver uses private fields from the video uclass to obtain a
pointer to the frame buffer. Use the platform data instead.

Check the VIDEO_COPY setting to determine which frame buffer to use. Once
the next stage is running (and making use of U-Boot's EFI boot services)
U-Boot does not handle copying from priv->fb to the hardware framebuffer,
so we must allow EFI to write directly to the hardware framebuffer.

We could provide a function to read this, but it seems better to just
document how it works. The original change ignored an explicit comment
in the video.h file ("Things that are private to the uclass: don't use
these in the driver") which is why this was missed when the VIDEO_COPY
feature was added.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 8f661a5b662 ("efi_loader: gop: Expose fb when 32bpp")
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
efi_loader: fix EFI_ENTRY point on get_active_pcr_banks 2023-10-27T10:17:21+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2023-10-24T15:43:53+00:00 e9fc018a558ea931e599453e925d6cb5690112cb efi_tcg2_get_active_pcr_banks doesn't immediately call the EFI_ENTRY() wrapper once it enters the function. Move the call a few lines above to cover the error cases properly as well. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Support boot measurements 2023-10-27T10:14:47+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:49+00:00 97707f12fdabf5fab5942504dab711a665854942 Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions. Signed-off-by: Eddie James <eajames@linux.ibm.com> For the API moving around from EFI -> u-boot core Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> For EFI testing Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
For the API moving around from EFI -> u-boot core
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
For EFI testing
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: sandbox: Update for needed TPM2 capabilities 2023-10-27T10:08:25+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:48+00:00 54b96e8b2bae9b61e9e178f9f10cf1b81bcda9ad The driver needs to support getting the PCRs in the capabilities command. Fix various other things and support the max number of PCRs for TPM2. Remove the !SANDBOX dependency for EFI TCG2 as well. Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>