| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Tom Rini <[email protected]>
|
|
Selecting this option can be handled in the Kconfig option itself, as it
is with BLK. Update this an drop the various 'select' clauses.
Signed-off-by: Simon Glass <[email protected]>
|
|
This option is fact really related to SPL. For U-Boot proper we always use
driver model for block devices, so CONFIG_BLK is enabled if block devices
are in use.
It is only for SPL that we have two cases:
- SPL_BLK is enabled, in which case we use driver model and blk-uclass.c
- SPL_BLK is not enabled, in which case (if we need block devices) we must
use blk_legacy.c
Rename the symbol to SPL_LEGACY_BLOCK to make this clear. This is
different enough from BLK and SPL_BLK that there should be no confusion.
Signed-off-by: Simon Glass <[email protected]>
|
|
Display the EBBRv2.0 conformance in the ECPT table.
The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.
Signed-off-by: Jose Marinho <[email protected]>
Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
https://bugzilla.tianocore.org/show_bug.cgi?id=3591
The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.
The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.
Signed-off-by: Jose Marinho <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <[email protected]>
|
|
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Fixes
WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
Depends on [n]: EVENT [=n]
Selected by [y]:
- EFI_LOADER [=y] && OF_LIBFDT [=y] && ...
and the succeeding build breakage.
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
lib/charset.c is not optional for
EFI_APP || EFI_LOADER || UFS || UT_UNICODE.
These must select CONFIG_CHARSET.
Fixes: 726cd9836db0 ("efi: Make unicode printf available to the app")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Add efi_disk_probe() function.
This function creates an efi_disk object for a raw disk device (UCLASS_BLK)
and additional objects for related partitions (UCLASS_PARTITION).
So this function is expected to be called through driver model's "probe"
interface every time one raw disk device is detected and activated.
We assume that partition devices (UCLASS_PARTITION) have been created
when this function is invoked.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
In the current implementation, partition table support (either GPT or DOS)
is not mandatory. So CONFIG_PARTITION_UUIDS should not be enabled
(selected) unconditionally.
Fixes: commit 17f8cda505e3 ("efi_loader: set partition GUID in device path for SIG_TYPE_GUID")
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Currently, there are a bunch of boards which enable the UEFI capsule
update feature. The actual update of the firmware images is done
through the dfu framework which uses the dfu_alt_info environment
variable for getting information on the update, like device, partition
number/address etc. The dfu framework allows the variable to be set
through the set_dfu_alt_info function defined by the platform, or if
the function is not defined, it gets the variable from the
environment. Using the value set in the environment is not very
robust, since the variable can be modified from the u-boot command
line and this can cause an incorrect update.
To prevent this from happening, define the set_dfu_alt_info function
when the capsule update feature is enabled. A weak function is defined
which sets the dfu_alt_info environment variable by getting the string
for the variable from the platform.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Masami Hiramatsu <[email protected]>
|
|
Use sysreset_walk_halt() directly from reset-after-capsule-on-disk
feature to reboot (cold reset) machine instead of using reset command
interface, since this is not a command.
Note that this will make CONFIG_EFI_CAPSULE_ON_DISK depending on
the CONFIG_SYSRESET.
Signed-off-by: Masami Hiramatsu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Since be66b89da306 ("efi_loader: configuration of variables store")
the choice of EFI_VARIABLE_FILE_STORE or EFI_MM_COMM_TEE
is mutually-exclusive, however efi_var_to_file also allows
for "neither". Provide an additional Kconfig option.
Signed-off-by: Tom Saeger <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.
Also drop the prototype for video_get_info_str() which is no-longer used.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Jason Liu <[email protected]>
|
|
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.
The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi
Signed-off-by: Sunil V L <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This commit modify efi_tcg2_register() to return the
appropriate error.
With this fix, sandbox will not boot because efi_tcg2_register()
fails due to some missing feature in GetCapabilities.
So disable sandbox if EFI_TCG2_PROTOCOL is enabled.
UEFI secure boot variable measurement is not directly related
to TCG2 protocol installation, tcg2_measure_secure_boot_variable()
is moved to the separate function.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app
that runs under that. Add a (non-functional) build for this.
Note that --whole-archive causes the gcc 9.2 linker to crash, so disable
this for now. Once this is resolved, things should work.
For now, avoid mentioning the documentation for the 64-bit app, since it
does not work.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).
The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.
Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.
This commit also fixes the following compiler warning:
lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
This code should never have been added as it builds a new feature on top
of legacy code. This has already been improved with the dependency on BLK.
Add a dependency on DM_ETH also, to avoid needing to deal with this old
code.
Boards which want EFI_LOADER should migrate to driver model first.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.
This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.
It might be better to avoid using 'select' in this situation.
Signed-off-by: Simon Glass <[email protected]>
|
|
Prepare v2021.10-rc5
|
|
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.
Revert it before too many other things are built on top of it.
This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492.
Signed-off-by: Simon Glass <[email protected]>
|
|
Prepare v2021.10-rc4
Signed-off-by: Tom Rini <[email protected]>
# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg: using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <[email protected]>" [ultimate]
# Conflicts:
# board/Arcturus/ucp1020/spl.c
# cmd/mvebu/Kconfig
# common/Kconfig.boot
# common/image-fit.c
# configs/UCP1020_defconfig
# configs/sifive_unmatched_defconfig
# drivers/pci/Kconfig
# include/configs/UCP1020.h
# include/configs/sifive-unmatched.h
# lib/Makefile
# scripts/config_whitelist.txt
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-10-rc4-2
Documentation:
* improve documentation of U-Boot for /config DT node
* integrate bloblist documentation
UEFI:
* correct usage of EFI_CALL()
* code tidy up
|
|
The move to driver model should by now be completed. To be able to remove
pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI
support.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice. Kconfig doesn't complain, but this is still wrong
and should be corrected.
Fixes: e60e44993120 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.
From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <[email protected]>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <[email protected]>
|
|
The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.
Reviewed-by: Masami Hiramatsu <[email protected]>
Tested-by: Masami Hiramatsu <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
TCG PC Client PFP spec says "The Log Area Minimum Length
for the TCG event log MUST be at least 64KB." in ACPI chapter.
This commit increase the buffer size to 64KB.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Previously, the GPT device GUID was being used instead of the partition,
which was incorrect.
Signed-off-by: Alfonso Sánchez-Beato <[email protected]>
Let EFI_LOADER select CONFIG_PARTITION_UUIDS.
Use log_warning() instead of printf() for warning.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Although U-Boot supports capsule update on-disk, it's lack of support for
SetVariable at runtime prevents applications like fwupd from using it.
In order to perform the capsule update on-disk the spec says that the OS
must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in
the OsIndications variable. The firmware then checks for the
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications
variable, which is set by the submitter to trigger processing of the
capsule on the next reboot.
Let's add a config option which ignores the bit and just relies on the
capsule being present. Since U-Boot deletes the capsule while processing
it, we won't end up applying it multiple times.
Note that this is allowed for all capsules. In the future, once
authenticated capsules are fully supported, we can limit the functionality
to those only.
Signed-off-by: apalos <[email protected]>
Reword Kconfig description.
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Chapter 23 of the EFI spec (rev 2.9) says:
"A specific updatable hardware firmware store must be represented by
exactly one FMP instance".
This is not the case for us, since both of our FMP protocols can be
installed at the same time because they are controlled by a single
'dfu_alt_info' env variable.
So make the config options depend on each other and allow the user to
install one of them at any given time. If we fix the meta-data provided
by the 'dfu_alt_info' in the future, to hint about the capsule type
(fit or raw) we can revise this and enable both FMPs to be installed, as
long as they target different firmware hardware stores
Note that we are not using a Kconfig 'choice' on purpose, since we
want to allow both of those to be installed and tested in sandbox
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Acked-by: Ilias Apalodimas <[email protected]>
Tested-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Masahisa Kojima <[email protected]>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The hash_calculate() symbol is provided by hash-checksum.c. It depends
on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y.
The issue is that hash_calculate() is used by the efi_loader,
irregardless of CONFIG_FIT_SIGNATURE. As pointed out in
commit 87316da05f2f ("lib: introduce HASH_CALCULATE option"),
enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect.
To resolve this, use CONFIG_HASH as the compile switch for
hash-checksum.c. This ensures that all dependencies are compiled, and
is the most natural Kconfig to use.
There is the issue of having to 'select HASH' in a couple of places
that already 'select SHA256'. This is a deeper problem with how hashes
are organized, and fixing it is beyonf the scope of this change.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Acked-by: Masahisa Kojima <[email protected]>
|
|
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.
The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:
It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.
It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.
This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Acked-by: Masahisa Kojima <[email protected]>
|
|
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.
Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
EFI_TCG2 depends not only on TPMv2 but also on the underlying algorithms.
So select the missing SHA1, SHA256, SHA384 and SHA512 we currently support
Reported-by: Michal Simek <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Add 'default y'.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
enabled
Enable building of the crypto helper functions used during capsule
authentication by selecting IMAGE_SIGN_INFO.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().
The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.
The code ensures that every ESRT entry has a unique fw_class value.
Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.
CC: Heinrich Schuchardt <[email protected]>
CC: Sughosh Ganu <[email protected]>
CC: AKASHI Takahiro <[email protected]>
CC: Ilias Apalodimas <[email protected]>
CC: Andre Przywara <[email protected]>
CC: Alexander Graf <[email protected]>
CC: [email protected]
Signed-off-by: Jose Marinho <[email protected]>
Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.
This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.
So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:
"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"
When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.
This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
GRUB_ARM32_WORKAROUND can be disabled on ARCH_SUNXI as the Allwinner SoCs
only have a level 2 cache controlled via CP15 and not an architecturally
defined cache. Having the cache available speeds up booting Linux.
On ARCH_BCM283X it is already disabled via rpi_2_defconfig. But let's move
this setting to Kconfig.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. It was however required to run the UEFI Self Certification Test
(SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of
running the SCT.
As the SCT does not need the protocol anymore it is time for removal.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.
On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Allow EFI_DT_FIXUP_PROTOCOL to be disabled via configuration.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <[email protected]>
|
|
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.
Make the size of the memory buffer for UEFI variables customizable.
Reported-by: Paulo Alcantara (SUSE) <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
