| Age | Commit message (Collapse) | Author |
|---|
|
Provide an EFI binary that prints the boot hart ID as found in the
device-tree as /chosen/boot-hartid property and as provided by the
RISCV_EFI_BOOT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
CONFIG_NET does not imply that there are actually network devices
available, only CONFIG_NETDEVICES does. Changing to this dependency
obsoletes the check in Kconfig because NETDEVICES means DM_ETH.
Fixes: 0efe1bcf5c2c ("efi_loader: Add network access support")
Suggested-by: Tom Rini <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Now that all the old code is gone, rename this option. Driver model
migration is now complete.
Signed-off-by: Simon Glass <[email protected]>
|
|
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
https://bugzilla.tianocore.org/show_bug.cgi?id=3591
The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.
The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.
Signed-off-by: Jose Marinho <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
There is no board left using CONFIG_LCD without CONFIG_DM_VIDEO.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Now we can build efi_loader with block device support (CONFIG_BLK) and
without CONFIG_PARTITIONS.
So change Makefile.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
It seems a copy'n'paste typo when tool had been introduced.
It has never had the 'exit' suffix in the file name. Hence,
the custom CFLAGS never been applied and, for example, BFD
linker complains:
LD lib/efi_loader/initrddump_efi.so
ld.bfd: lib/efi_loader/initrddump.o: warning: relocation in read-only section `.text.efi_main'
ld.bfd: warning: creating DT_TEXTREL in a shared object
Remove wrong 'exit' suffix from the custom CFLAGS variable.
Fixes: 65ab48d69ddb ("efi_selftest: provide initrddump test tool")
Fixes: 9c045a49a9c9 ("efi_loader: move dtbdump.c, initrddump.c to lib/efi_loader")
Signed-off-by: Andy Shevchenko <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The tools dtbdump.efi and initrddump.efi are useful for Python testing even
if CONFIG_EFI_SELFTEST=n.
Don't clear the screen as it is incompatible with Python testing.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.
The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi
Signed-off-by: Sunil V L <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.
Revert it before too many other things are built on top of it.
This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492.
Signed-off-by: Simon Glass <[email protected]>
|
|
%s/cerificate/certificate/
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.
Reviewed-by: Masami Hiramatsu <[email protected]>
Tested-by: Masami Hiramatsu <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The ESRT is initialised during efi_init_objlist after
efi_initialize_system_table().
The ESRT is recreated from scratch at the following events:
- successful UpdateCapsule;
- FMP instance install.
The code ensures that every ESRT entry has a unique fw_class value.
Limitations:
- The ESRT is not updated if an FMP instance is uninstalled;
- the fields image_type and flags are in the current implementation left
undefined. Setting these values will require a per-platform function
that returns the image_type/flags as a function of the image fw_class.
CC: Heinrich Schuchardt <[email protected]>
CC: Sughosh Ganu <[email protected]>
CC: AKASHI Takahiro <[email protected]>
CC: Ilias Apalodimas <[email protected]>
CC: Andre Przywara <[email protected]>
CC: Alexander Graf <[email protected]>
CC: [email protected]
Signed-off-by: Jose Marinho <[email protected]>
Remove two EFI_CALL() indirections.
Move ESRT GUID in efidebug's list of GUIDs.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
A following patch introduces a different logic for loading initrd's
based on the EFI_LOAD_FILE2_PROTOCOL.
Since similar logic can be applied in the future for other system files
(i.e DTBs), let's add some helper functions which will retrieve and
parse file paths stored in EFI variables.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Allow the EFI_DEVICE_PATH_UTILITIES_PROTOCOL to be disabled via
configuration.
On systems that are very tight on U-Boot image size we may want to disable
the protocol. As it is required to run the UEFI Shell enable it by default.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Move all load options related functions to a new module. So that they can
be compiled independently.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In this commit, a very simple firmware management protocol driver
is implemented. It will take a binary image in a capsule file and
apply the data using dfu backend storage drivers via dfu_write_by_alt()
interface.
So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
In this commit, a very simple firmware management protocol driver
is implemented. It will take a common FIT image firmware in a capsule
file and apply the data using dfu backend storage drivers via
update_fit() interface.
So "dfu_alt_info" variable should be properly set to specify a device
and location to be updated. Please read README.dfu.
Fit image is a common file format for firmware update on U-Boot, and
this protocol works neatly just as a wrapper for one.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
In this commit, skeleton functions for capsule-related API's are
added under CONFIG_EFI_UPDATE_CAPSULE configuration.
Detailed implementation for a specific capsule type will be added
in the succeeding patches.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.
This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.
Signed-off-by: Ilias Apalodimas <[email protected]>
Acked-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This function will be used from several places in UEFI subsystem
to generate some specific form of utf-16 variable name.
For example, L"Capsule0001"
Signed-off-by: AKASHI Takahiro <[email protected]>
Move function to separate module.
Use char * as argument instead of u16 *.
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
We recently added functions for storing/restoring variables
from a file to a memory backed buffer marked as __efi_runtime_data
commit f1f990a8c958 ("efi_loader: memory buffer for variables")
commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence")
Using the same idea we now can support GetVariable() and GetNextVariable()
on the OP-TEE based variables as well.
So let's re-arrange the code a bit and move the commmon code for
accessing variables out of efi_variable.c. Create common functions for
reading variables from memory that both implementations can use on
run-time. Then just use those functions in the run-time variants of the
OP-TEE based EFI variable implementation and initialize the memory
buffer on ExitBootServices()
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Saving UEFI variable as encoded U-Boot environment variables does not allow
support at runtime.
Provide functions to manage a memory buffer with UEFI variables.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Persist non-volatile UEFI variables in a file on the EFI system partition.
The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.
The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
We currently have two implementations of UEFI variables:
* variables provided via an OP-TEE module
* variables stored in the U-Boot environment
Read only variables are up to now only implemented in the U-Boot
environment implementation.
Provide a common interface for both implementations that allows handling
read-only variables.
As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.
So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.
Signed-off-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Pipat Methavanitpong <[email protected]>
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Add a couple of missing targets so that helloworld and other efi targets
are not needlessly rebuilt.
CC: Heinrich Schuchardt <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
Tested-by: Heinrich Schuchardt <[email protected]>
|
|
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/[email protected]/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Add support for the EFI_RNG_PROTOCOL routines for the qemu arm64
platform. EFI_RNG_PROTOCOL is an uefi boottime service which is
invoked by the efi stub in the kernel for getting random seed for
kaslr.
The routines are platform specific, and use the virtio-rng device on
the platform to get random data.
The feature can be enabled through the following config
CONFIG_EFI_RNG_PROTOCOL
Signed-off-by: Sughosh Ganu <[email protected]>
Changed SPDX header to use /* instead of //.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
On the sandbox the UEFI binaries must match the host architectures.
Adjust the Makefiles. Provide the PE/COFF header and relocation files.
Allow building helloworld.efi on the sandbox.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Rename variables to make it clear they refer to the Unicode collation
protocol identified by the EFI_UNICODE_PROTOCOL2_GUID.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The device path to text protocol is not needed for EBBR compliance. So
let's make it a customizable option.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The Unicode collation protocol is not needed for EBBR compliance. So let's
make it a customizable option.
The Unicode capitalization table is only needed by this protocol. So let it
depend on the Unicode collation protocol.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
If EFI_LOADER_HII is not set, do not unnecessarily compile files for HII
protocols.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This patch is a place holder for HII configuration routing protocol and
HII configuration access protocol.
Signed-off-by: AKASHI Takahiro <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
This patch provides enough implementation of the following protocols to
run EDKII's Shell.efi and UEFI SCT:
* EfiHiiDatabaseProtocol
* EfiHiiStringProtocol
Not implemented are:
* ExportPackageLists()
* RegisterPackageNotify()/UnregisterPackageNotify()
* SetKeyboardLayout() (i.e. *current* keyboard layout)
HII database protocol in this patch series can handle only:
* GUID package
* string package
* keyboard layout package
(The other packages, except Device path package, will be necessary
for interactive and graphical UI.)
Signed-off-by: Leif Lindholm <[email protected]>
Signed-off-by: Rob Clark <[email protected]>
Signed-off-by: AKASHI Takahiro <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
At the same time adding and removing the -Os flag does not make any sense.
Actually it leads to -Os not being used.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
The function, efi_init_obj_list(), can be shared in different pseudo efi
applications, like bootefi/bootmgr as well as my efishell. Moreover, it
will be utilized to extend efi initialization, for example, my "removable
disk support" patch and "capsule-on-disk support" patch in the future.
So with this patch, it will be moved to a new file, efi_setup.c, under
lib/efi_loader and exported, making no changes in functionality.
Signed-off-by: AKASHI Takahiro <[email protected]>
Remove lines deactivated by #if 1 #else
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
Currently we assign a lot of protocols to loaded images though
these protocols are not related to them. Instead they should be
installed on a separate handle. Via the device path it is the
parent to the devices like the network adapter.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
The patch implements the EFI_UNICODE_COLLATION_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
Provide a firmware revision in the system table using the Makefile
variables VERSION and PATCHLEVEL, e.g. 0x20180700 for v2018.07.
Correct the type of the firmware vendor. It is a u16* pointer.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
Signed-off-by: Alexander Graf <[email protected]>
|
|
ACPI tables can be passed via EFI configuration table to an EFI
application. This is only supported on x86 so far.
Signed-off-by: Bin Meng <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
As part of the main conversion a few files were missed. These files had
additional whitespace after the '*' and before the SPDX tag and my
previous regex was too strict. This time I did a grep for all SPDX tags
and then filtered out anything that matched the correct styles.
Fixes: 83d290c56fab ("SPDX: Convert all of our single license tags to Linux Kernel style")
Reported-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
This reverts the parts of commit 3b3ea2c56ec4bc5588281fd103c744e608f8b25c
where it changed the EFI dependency on NET.
Signed-off-by: Joe Hershberger <[email protected]>
Reviewed-by: Duncan Hare <[email protected]>
|
