| Age | Commit message (Collapse) | Author |
|---|
|
The EFI_HII_KEYBOARD_LAYOUT field `layout_length' is expressed in bytes,
but we add it to the `layout' pointer with (scaled) pointer arithmetic.
When adding an HII keyboard package with multiple keyboard layouts, this
results in only the first layout being added correctly; fix it.
Fixes: 8d3b77e36e10 ("efi: hii: add keyboard layout package support")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: AKASHI Takahiro <[email protected]>
|
|
Return EFI_NOT_FOUND for EFI_ALLOCATE_ADDRESS overlap
When efi_allocate_pages() is called with EFI_ALLOCATE_ADDRESS, UEFI
expects EFI_NOT_FOUND if the requested address range is already
allocated or unavailable. U-Boot currently returns
EFI_OUT_OF_RESOURCES when efi_update_memory_map() detects an overlap
after a successful lmb_alloc_mem(), which does not match
EFI_ALLOCATE_ADDRESS semantics.
Return EFI_NOT_FOUND for EFI_ALLOCATE_ADDRESS requests that fail due
to an overlapping EFI memory descriptor, while keeping
EFI_OUT_OF_RESOURCES for other allocation types.
The UEFI specification [1] specifies that
EFI_BOOT_SERVICES.AllocatePages must return EFI_NOT_FOUND when the
requested address range is unavailable or already allocated;
EFI_OUT_OF_RESOURCES applies to non‑address‑specific allocation
failures.
[1] https://uefi.org/specs/UEFI/2.10_A/07_Services_Boot_Services.html
Signed-off-by: Harsimran Singh Tungal <[email protected]>
The UEFI specification does not clearly specify the behavior.
But let's follow the EDK II precedent here.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Use list_for_each_entry_safe and comparisons against the current and
next efi_mem_desc. This reduces the computation required for merging
regions, prevents unnecessary additional iterations of the list, and
requires less temporary values.
Signed-off-by: Randolph Sapp <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Use the more straightforward fdtdec_get_bool instead of fdt_getprop and
a return code check.
Signed-off-by: Randolph Sapp <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Anshul Dalal <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
When using lwIP, efi_dp_from_http() may fail to initialize ip or mask.
Initialize the variables before the call.
Addresses-Coverity-ID: 645840 - Uninitialized variables (UNINIT)
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
If efi_init_obj_list() fails we cannot use the UEFI sub-system.
* Instead of having messages for this everywhere write an error message
in efi_init_obj_list().
* Always use (ret != EFI_SUCCESS) when checking the return value of
efi_init_obj_list().
* Remove the return code from the error message as it does not help
users to understand which initialization went wrong.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
efi_binary_run_dp() is expected to return an efi_status_t value.
Reported-by: Simon Glass <[email protected]>
Fixes: 6422820ac3e5 ("efi_loader: split unrelated code from efi_bootmgr.c")
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
efi_bootmgr_run() is expected to return an efi_status_t value.
Reported-by: Simon Glass <[email protected]>
Fixes: 0bef4b0123f2 ("cmd: bootefi: move library interfaces under lib/efi_loader")
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
As exposed by "make randconfig", we have an issue with the dependencies
for EFI_HTTP_BOOT. As this is implemented by running commands (as seen
by what it selects) it must depend on CMDLINE as well.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Quentin Schulz <[email protected]> says:
This migrates the net options away from the main Kconfig to net/Kconfig,
rename the current NET option to NET_LEGACY to really highlight what it
is and hopefully encourage more people to use lwIP, add a new NET
menuconfig (but keep NO_NET as an alias to NET=n for now) which then
allows us to replace all the "if legacy_stack || lwip_stack" checks with
"if net_support" which is easier to read and maintain.
The only doubt I have is wrt SYS_RX_ETH_BUFFER which seems to be needed
for now even when no network is configured? Likely due to
include/net-common.h with PKTBUFSRX?
No change in behavior is intended. Only change in defconfig including
other defconfigs where NO_NET=y or NET is not set, in which case NO_NET
is not set or NET=y should be set in the top defconfig. Similar change
required for config fragments. See commit log in patch adding NET
menuconfig for details.
This was tested based on 70fd0c3bb7c2 ("x86: there is no
CONFIG_UBOOT_ROMSIZE_KB_12288"), from within the GitLab CI container
trini/u-boot-gitlab-ci-runner:noble-20251013-23Jan2026 and set up
similarly as in "build all platforms in a single job" GitLab CI job.
#!/usr/bin/env bash
set -o pipefail
set -eux
ARGS="-BvelPEWM --reproducible-builds --step 0"
./tools/buildman/buildman -o ${O} --force-build $ARGS -CE $*
./tools/buildman/buildman -o ${O} $ARGS -Ssd $*
O=../build/u-boot/ ../u-boot.sh -b master^..b4/net-kconfig |& tee ../log.txt
I can't really decipher the log.txt, but there's no line starting with
+ which would be an error according to tools/buildman/builder.py help
text. Additionally, because I started the script with set -e set and
because buildman has an exit code != 0 when it fails to build a board,
and I have the summary printed (which is the second buildman call), I
believe it means all builds passed.
The summary is the following:
aarch64: (for 537/537 boards) all +0.0 rodata +0.0
uniphier_v8 : all +1 rodata +1
u-boot: add: 0/0, grow: 1/0 bytes: 1/0 (1)
function old new delta
data_gz 10640 10641 +1
arm: (for 733/733 boards) all -0.0 rodata -0.0
uniphier_v7 : all -1 rodata -1
u-boot: add: 0/0, grow: 0/-1 bytes: 0/-1 (-1)
function old new delta
data_gz 11919 11918 -1
opos6uldev : all -3 rodata -3
u-boot: add: 0/0, grow: 0/-1 bytes: 0/-3 (-3)
function old new delta
data_gz 18778 18775 -3
uniphier_ld4_sld8: all -3 rodata -3
u-boot: add: 0/0, grow: 0/-1 bytes: 0/-3 (-3)
function old new delta
data_gz 11276 11273 -3
stemmy : all -20 rodata -20
u-boot: add: 0/0, grow: 0/-1 bytes: 0/-20 (-20)
function old new delta
data_gz 15783 15763 -20
As far as I could tell this data_gz is an automatically generated array
when CONFIG_CMD_CONFIG is enabled. It is the compressed .config stored
in binary form. Because I'm changing the name of symbols, replacing a
menu with a menuconfig, additional text makes it to .config and the
"# Networking" section in .config disappears.
Here is the diff for the 5 defconfigs listed above, generated with:
for f in build/*-m; do
diff --unified=0 $f/.config $(dirname $f)/$(basename -a -s '-m' $f)/.config
done
(-m is the build directory for master, and without the suffix, it's the
top commit of this series)
"""
--- build/opos6uldev-m/.config 2026-04-20 10:53:49.804528526 +0200
+++ build/opos6uldev/.config 2026-04-20 11:03:37.430242767 +0200
@@ -970,4 +969,0 @@
-
-#
-# Networking
-#
@@ -975,0 +972 @@
+CONFIG_NET_LEGACY=y
--- build/stemmy-m/.config 2026-04-20 11:01:33.653698123 +0200
+++ build/stemmy/.config 2026-04-20 11:04:53.452577311 +0200
@@ -733,4 +732,0 @@
-
-#
-# Networking
-#
@@ -738,2 +733,0 @@
-# CONFIG_NET is not set
-# CONFIG_NET_LWIP is not set
--- build/uniphier_ld4_sld8-m/.config 2026-04-20 11:00:41.605469071 +0200
+++ build/uniphier_ld4_sld8/.config 2026-04-20 11:04:22.226439899 +0200
@@ -997,4 +996,0 @@
-
-#
-# Networking
-#
@@ -1002,0 +999 @@
+CONFIG_NET_LEGACY=y
--- build/uniphier_v7-m/.config 2026-04-20 10:53:04.019307319 +0200
+++ build/uniphier_v7/.config 2026-04-20 11:03:01.688085486 +0200
@@ -1004,4 +1003,0 @@
-
-#
-# Networking
-#
@@ -1009,0 +1006 @@
+CONFIG_NET_LEGACY=y
--- build/uniphier_v8-m/.config 2026-04-20 10:43:05.614441175 +0200
+++ build/uniphier_v8/.config 2026-04-20 10:41:03.214852130 +0200
@@ -875,4 +874,0 @@
-
-#
-# Networking
-#
@@ -880,0 +877 @@
+CONFIG_NET_LEGACY=y
"""
This is fine:
- Networking menu doesn't exist anymore so "#\n# Networking\n#\n" won't
be in .config anymore.
- opos6uldev, uniphier_ld4_sld8, uniphier_v7 and uniphier_v8 all have
(old) CONFIG_NET enabled, (new) CONFIG_NET will still be set but
CONFIG_NET_LEGACY also needs to be defined now to reflect the stack
choice (even if default),
- stemmy has CONFIG_NO_NET set, which means CONFIG_NET and
CONFIG_NET_LWIP are not reachable anymore hence why they don't need to
be part of .config,
GitLab CI was run on this series (well, not exactly, but it's only
changes to the git logs that were made):
https://source.denx.de/u-boot/contributors/qschulz/u-boot/-/pipelines/29849
It passes.
Link: https://lore.kernel.org/r/[email protected]
|
|
Since the move to make NET a menuconfig and NO_NET a synonym of NET=n,
when NET is enabled, NET_LEGACY || NET_LWIP is necessarily true, so
let's simplify the various checks across the codebase.
SPL_NET_LWIP doesn't exist but SPL_NET_LEGACY is an alias for SPL_NET so
the proper symbol is still defined in SPL whenever needed.
Signed-off-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Peter Robinson <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Highlight that NET really is the legacy networking stack by renaming the
option to NET_LEGACY.
This requires us to add an SPL_NET_LEGACY alias to SPL_NET as otherwise
CONFIG_IS_ENABLED(NET_LEGACY) will not work for SPL.
The "depends on !NET_LWIP" for SPL_NET clearly highlights that it is
using the legacy networking app so this seems fine to do.
This also has the benefit of removing potential confusion on NET being a
specific networking stack instead of "any" network stack.
Signed-off-by: Quentin Schulz <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Peter Robinson <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Expose EFI_HAVE_RUNTIME_RESET as a proper Kconfig boolean with a prompt
so platforms can explicitly enable or disable advertising the EFI reset
runtime service.
The current PSCI-based EFI runtime reset implementation is always
enabled whenever CONFIG_PSCI_RESET is selected, but it does not support
passing the additional arguments required for specialized reset modes.
As a result, reboot requests such as bootloader mode or EDL mode cannot
be propagated correctly and instead fall back to a normal reboot.
By making EFI_HAVE_RUNTIME_RESET user-configurable, platforms that
depend on extended PSCI reset can now explicitly disable EFI runtime
reset handling even when CONFIG_PSCI_RESET is enabled, ensuring
that the kernel retains full control of advanced reboot paths.
Default behavior for existing platforms remains unchanged.
Signed-off-by: Aswin Murugan <[email protected]>
Reviewed-by: Sumit Garg <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Casey Connolly <[email protected]>
|
|
Add a common helper console_flush_stdin() to drain all pending
characters from stdin. This consolidates the open-coded
while (tstc()) getchar() pattern that appeared in multiple places
across the tree.
Signed-off-by: Gregor Herburger <[email protected]>
Reviewed-by: Alexander Sverdlin <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Commit 4cb724364030 ("efi_loader: Disable ANSI output for tests")
introduced efi_console_set_ansi() to suppress ANSI escape sequences
during unit tests. Extend this mechanism to be configurable via a new
Kconfig option CONFIG_EFI_CONSOLE_DISABLE_ANSI.
When CONFIG_EFI_CONSOLE_DISABLE_ANSI is enabled,
efi_console_set_ansi(false) is called at the start of
efi_setup_console_size(). This prevents query_console_serial() from
sending ANSI escape sequences to the terminal, using default 25x80
dimensions instead. This is useful for platforms where the serial
console cannot handle ANSI queries.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When SPI Flash is blank (first boot or erased), efi_var_from_storage()
returns EFI_DEVICE_ERROR because efi_var_restore() fails on invalid
magic/CRC. This prevents the EFI subsystem from initializing.
Check the magic value before attempting to restore variables. If
the magic does not match EFI_VAR_FILE_MAGIC, treat it as an empty
store and return EFI_SUCCESS, matching the behavior of the file-based
efi_var_file.c which deliberately returns EFI_SUCCESS on missing or
corrupted variable files to avoid blocking the boot process.
Similarly, if the magic matches but efi_var_restore() fails (e.g.
corrupted CRC), log the error but still return EFI_SUCCESS.
Suggested-by: John Toomey <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Currently U-Boot uses ESP as storage for EFI variables.
Devices with SPI Flash are used for storing environment with this
commit we allow EFI variables to be stored on SPI Flash.
Signed-off-by: Shantur Rathore <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Tested-by: Neil Armstrong <[email protected]> # on AML-S905D3-CC
Acked-by: Ilias Apalodimas <[email protected]>
|
|
Every SetVariable() call triggers efi_var_mem_ins() followed by
efi_var_to_storage(), even when the variable value is not actually
changing. This is unfriendly to flash-backed stores that suffer
wear from unnecessary erase/write cycles.
Add a change-detection path to efi_var_mem_ins(): when size2 == 0
(i.e. not an append) and the caller passes a non-NULL changep flag,
look up the existing variable and compare attributes, length, time
and data byte-by-byte. If everything matches, set *changep = false
and return EFI_SUCCESS without touching the variable buffer.
Both efi_set_variable_int() and efi_set_variable_runtime() now
check the flag and skip efi_var_mem_del() / efi_var_to_storage()
when nothing changed.
Introduce efi_memcmp_runtime() - a runtime-safe byte-by-byte memory
comparison helper, following the same pattern as the existing
efi_memcpy_runtime(). The standard memcmp() is not available after
ExitBootServices() and calling it from Linux will crash.
Tested-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The value of buf->length comes from outside U-Boot and may be incorrect.
We must avoid to overrun our internal buffer for excessive values.
If buf->length is shorter than the variable file header, the variable
file is invalid.
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Michal Simek <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Export the ECPT GUID, to prepare accessing it from more than one location.
The C file containing the GUID is compiled only when CONFIG_EFI_ECPT is
set; gate the export accordingly.
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The UEFI specification requires at least 128 KiB stack space. Consider this
value as a prerequisite for CONFIG_EFI_LOADER.
Mention the requirement in the CONFIG_STACK_SPACE description and decribe
that the UEFI sub-system uses CONFIG_STACK_SPACE when defining the memory
map.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Prepare v2026.04-rc4
|
|
When the LoadImage() UEFI function is called with both its SourceBuffer and
DevicePath input arguments equal to NULL, it must return EFI_NOT_FOUND [1].
However, it does return EFI_INVALID_PARAMETER instead; fix it.
Link: https://uefi.org/specs/UEFI/2.11/07_Services_Boot_Services.html#efi-boot-services-loadimage [1]
Reported-by: Sathisha Shivaramappa <[email protected]>
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
|
|
Prepare v2026.04-rc3
|
|
Peng Fan (OSS) <[email protected]> says:
This patch set primarily removes unused DECLARE_GLOBAL_DATA_PTR
instances.
Many files declare DECLARE_GLOBAL_DATA_PTR and include
asm/global_data.h even though gd is never used. In these cases,
asm/global_data.h is effectively treated as a proxy header, which is
not a good practice.
Following the Include What You Use principle, files should include
only the headers they actually depend on, rather than relying on
global_data.h indirectly. This approach is also adopted in Linux kernel
[1].
The first few patches are prepartion to avoid building break after
remove the including of global_data.h.
A script is for filtering the files:
list=`find . -name "*.[ch]"`
for source in ${list}
do
result=`sed -n '/DECLARE_GLOBAL_DATA_PTR/p' ${source}`
if [ "${result}" == "DECLARE_GLOBAL_DATA_PTR;" ]; then
echo "Found in ${source}"
result=`sed -n '/\<gd\>/p' ${source}`
result2=`sed -n '/\<gd_/p' ${source}`
result3=`sed -n '/\<gd->/p' ${source}`
if [ "${result}" == "" ] && [ "${result2}" == "" ] && [ "${result3}" == "" ];then
echo "Cleanup ${source}"
sed -i '/DECLARE_GLOBAL_DATA_PTR/{N;/\n[[:space:]]*$/d;s/.*\n//;}' ${source}
sed -i '/DECLARE_GLOBAL_DATA_PTR/d' ${source}
sed -i '/global_data.h/d' ${source}
git add ${source}
fi
fi
done
[1] https://lpc.events/event/17/contributions/1620/attachments/1228/2520/Linux%20Kernel%20Header%20Optimization.pdf
CI: https://github.com/u-boot/u-boot/pull/865
Link: https://lore.kernel.org/r/[email protected]
|
|
Remove DECLARE_GLOBAL_DATA_PTR from files where gd is not used, and
drop the unnecessary inclusion of asm/global_data.h.
Headers should be included directly by the files that need them,
rather than indirectly via global_data.h.
Reviewed-by: Patrice Chotard <[email protected]> #STMicroelectronics boards and STM32MP1 ram test driver
Tested-by: Anshul Dalal <[email protected]> #TI boards
Acked-by: Yao Zi <[email protected]> #TH1520
Signed-off-by: Peng Fan <[email protected]>
|
|
EFI_VARIABLE_FILE_STORE is only available when FAT_WRITE is enabled but
that's not valid for all platforms and dependency should be covered.
Also Kconfig behavior is that if default option is not valid then Kconfig
selects the first presented valid option instead hence it is better to
record EFI_VARIABLE_NO_STORE as safe default option.
Suggested-by: Tom Rini <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
efi_var_to/from_file() suggest method where variables are placed. But there
is no reason for it and generic name can be used to wire also different
locations for variables.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Neil Armstrong <[email protected]> # on AML-S905D3-CC
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Currently efi_var_file.c has functions to store/read
EFI variables to/from memory buffer. These functions
can be used with other EFI variable stores so move
them out to efi_var_common.c
Signed-off-by: Shantur Rathore <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Tested-by: Neil Armstrong <[email protected]> # on AML-S905D3-CC
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The EFI_PARTITION_INFO_PROTOCOL provides detailed information about
partitions. The UEFI specification mentions that both GPT and MBR
partition schemes are supported, but the U-Boot implementation only
supports the former.
This can cause compatibility issues for platforms whose boot ROM only
supports MBR. This change adds support for MBR partition tables to
the protocol, making U-Boot compatible with systems that require a
legacy MBR table.
Signed-off-by: Javier Martinez Canillas <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The size of the memory allocated for the EFI Conformance Profiles Table is
computed with `num_entries' always equal to zero, which is incorrect when
CONFIG_EFI_EBBR_2_1_CONFORMANCE is enabled.
This can be verified by allocating the ECPT memory with malloc() instead of
efi_allocate_pool(), building u-boot with sandbox_defconfig and
CONFIG_VALGRIND=y, and by finally running the following command:
valgrind --suppressions=scripts/u-boot.supp \
./u-boot -T -c 'efidebug tables'
Fix this by using an array of the supported profiles GUIDs instead, which
should also be easier to extend in the future as U-Boot should publish the
GUIDs for all supported EBBR revisions.
Fixes: 6b92c1735205 ("efi: Create ECPT table")
Suggested-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Jose Marinho <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The read_blocks() function from the Block IO protocol is a UEFI function;
make sure to call it from within U-Boot using the EFI_CALL() macro.
To demonstrate the issue on an AArch64 machine, define the DEBUG macro in
include/efi_loader.h and build u-boot with sandbox_defconfig, then download
and uncompress the ACS-DT image [1], and finally execute the following
command:
$ ./u-boot -T -c " \
host bind 0 systemready-dt_acs_live_image.wic; \
setenv loadaddr 0x10000; \
load host 0 \${loadaddr} EFI/BOOT/Shell.efi; \
bootefi \${loadaddr} \${fdtcontroladdr}"
The following assertion should fail:
lib/efi_loader/efi_net.c:858: efi_network_timer_notify: Assertion `__efi_entry_check()' failed.
This happens due to the following EFIAPI functions call chain:
efi_start_image()
efi_disk_read_blocks()
(due to the missing EFI_CALL, entry_count == 2)
efi_network_timer_notify()
Link: https://github.com/ARM-software/arm-systemready/releases/download/v25.12_DT_3.1.1/systemready-dt_acs_live_image.wic.xz [1]
Fixes: ce3dbc5d080d ("efi_loader: add UEFI GPT measurement")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Acked-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Change fwu_state_machine_updates() to accept an enum fwu_bank_states
parameter instead of a boolean. This makes the function interface more
explicit and prepares for adding FWU_BANK_INVALID support to handle
boot failures on the active bank.
Convert the FWU_BANK_* defines to an enum and update all call sites
accordingly.
Signed-off-by: Kory Maincent <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The efi_reinstall_protocol_interface() function is a UEFI function;
make sure to call it from within U-Boot using the EFI_CALL() macro.
This fixes the following assertion:
lib/efi_loader/efi_boottime.c:3752: efi_reinstall_protocol_interface: Assertion `__efi_entry_check()' failed.
To reproduce the issue, define LOG_DEBUG in lib/efi_loader/efi_boottime.c
and build u-boot for your platform. Then, boot the U-Boot helloworld.efi
application over the network. Example commands (adjust the URL and boot
entry number):
=> efidebug boot add -u 0 net http://10.0.2.2:8000/helloworld.efi
=> efidebug boot order 0
=> bootefi bootmgr
Fixes: dd5d82a59995 ("efi_loader: efi_net: Add device path cache")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Adriano Cordova <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When adding a new EFI Debug Image Info entry, we allocate memory for a new
EFI Debug Image Info Normal structure and we add a new entry into the EFI
Debug Image Info Table, which is in fact just a pointer to the allocated
structure.
However, when allocating memory for the new structure we allocate memory
for the wrong type, leading to allocating memory for just a pointer instead
of the desired structure.
Fix the type used during allocation.
Fixes: 146546138af5 ("efi: add EFI_DEBUG_IMAGE_INFO for debug")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Ying-Chun Liu (PaulLiu) <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Change the EFI variable load message from log_err() to log_info() with
neutral wording. The previous "Failed to load" message caused customer
confusion as it appeared to indicate an error condition.
The efi_var_from_file() function deliberately returns EFI_SUCCESS in
this case to allow the boot process to continue normally. This is
documented in the function's comment block but was not reflected in
the log message level or content.
The message now uses informational wording to reflect that this is
normal behavior when the ubootefi.var file does not yet exist.
Signed-off-by: Pranav Tilak <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The efi_exit() function frees the loaded image memory by calling
efi_delete_image(). However, when CONFIG_EFI_TCG2_PROTOCOL is enabled, the
image_obj->image_type structure member is accessed after the memory has
been freed.
Fix this by performing the tcg2 measurement before the image deletion.
Fixes: 8fc4e0b4273a ("efi_loader: add boot variable measurement")
Suggested-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Tom Rini <[email protected]>
Cc: Masahisa Kojima <[email protected]>
Acked-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Our last sync with the kernel was 5.1.
We are so out of sync now, that tracking the patches and backporting
them one by one makes little sense and it's going to take ages.
This is an attempt to sync up Makefiles to 6.1.
Unfortunately due to sheer amount of patches this is not easy to review,
but that's what we decided during a community call for the bump to 5.1,
so we are following the same guidelines here.
Signed-off-by: Sughosh Ganu <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>a #rebased on -next
|
|
The EFI spec in §8.5.5 says
"The directory \EFI\UpdateCapsule is checked for capsules only within
the EFI system partition on the device specified in the active boot
option determine by reference to BootNext variable or BootOrder variable
processing."
Automatically generated boot options don't point to the ESP, they point to
the disk itself and find_handle() won't match when searching for an ESP
during a capsule update.
This happens because find_handle() only matches device paths that are
shorter or equal to the device path passed as an argument.
Since the EFI spec allows it we want to allow capsule updates, when the
boot option points to a disk, but that disk contains an ESP with a
\EFI\UpdateCapsule directory.
So, let's change device_is_present_and_system_part() and check if the
supplied device path contains an ESP. If it does return the handle of
the device. Otherwise, iterate over child devices and return the handle
of the first child that contains an ESP.
The returned handle can then be reused later. Rather than calling
efi_fs_from_path(), we can simply look up the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL
on the discovered handle, avoiding the need to re-parse device paths.
Reported-by: Balaji Selvanathan <[email protected]>
Reported-by: John Toomey <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Prepare v2026.01-rc4
|
|
get_dp_device() is used to derive the device path from a boot variable.
However, if the last efi_get_variable_int() call fails, we return an
error without freeing 'buf'.
There's no need to call efi_get_variable_int() for variables we don't
know the size since we have the efi_get_var() wrapper.
Replace that in the two instances we use it. The first one will also
fix the memory leak.
A nice sideeffect is that the code size is also reduced, since we are
re-using functions instead of open coding them
$~ bloat-o-meter u-boot u-boot.new
add/remove: 0/0 grow/shrink: 1/2 up/down: 6/-196 (-190)
Function old new delta
version_string 70 76 +6
efi_launch_capsules 2288 2196 -92
get_dp_device 244 140 -104
Total: Before=1222331, After=1222141, chg -0.02%
Fixes: c74cd8bd08d1 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
add sm3 256 hash support, so TPM2 chips which report
5 pcrs with sm3 hash do not fail with:
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
Signed-off-by: Heiko Schocher <[email protected]>
|
|
The fitImage may be stored in EFI update capsule at address that
is not aligned to 8 bytes. Since fitImage is a DT, new version of
libfdt 1.7.2 rejects such an unaligned DT. Patch the code and copy
the fitImage into aligned buffer in case it is not aligned. This
does increase overhead for unaligned fitImages in EFI capsules, but
tries to keep the overhead low for aligned ones.
Signed-off-by: Marek Vasut <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
%s/eventfor/event for/
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
%s/mange/manage/
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
When editing eficonfig "optional data" (typically cmdline arguments)
it's useful to be able to edit the string rather than having to re-type
the entire thing. Implement support for editing buffers to make this a
whole lot nicer. Specifically, add support for moving the cursor with
the arrow keys and End key as well as deleting backwards with the delete
key.
Signed-off-by: Casey Connolly <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Tested-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use the Debug Image Info Table GUID definition from efi_api.h instead or
redefining it locally.
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
We currently set the firmware image type to ESRT_FW_TYPE_UNKNOWN.
The spec defines the following:
ESRT_FW_TYPE_UNKNOWN 0x00000000
ESRT_FW_TYPE_SYSTEMFIRMWARE 0x00000001
ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002
ESRT_FW_TYPE_UEFIDRIVER 0x00000003
Since we don't support updating DEVICEFIRMWARE or UEFIDRIVER types,
let's switch over to SYSTEMFIRMWARE which seems more appropriate.
Suggested-by: Michal Simek <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value)
Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
After the malloc of tmp_files and before its value is recorded an early
exit will need to free tmp_files to prevent leaking that memory.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
