| Age | Commit message (Collapse) | Author |
|---|
|
This commit add the "eficonfig" command.
The "eficonfig" command implements the menu-driven UEFI boot option
maintenance feature. This commit implements the addition of
new boot option. User can select the block device volume having
efi_simple_file_system_protocol and select the file corresponding
to the Boot#### variable. User can also enter the description and
optional_data of the BOOT#### variable in utf8.
This commit adds "include/efi_config.h", it contains the common
definition to be used from other menus such as UEFI Secure Boot
key management.
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
UEFI block devices can either mirror U-Boot's internal devices or be
provided by an EFI application like iPXE.
When ConnectController() is invoked for the EFI_BLOCK_IO_PROTOCOL
interface for such an application provided device we create a virtual
U-Boot block device of type "efi_blk".
Currently we do not call ConnectController() when handles for U-Boot's
internal block devices are created. If an EFI application calls
ConnectController() for a handle relating to an internal block device,
we erroneously create an extra "efi_blk" block device.
E.g. the UEFI shell has a command 'connect -r' which calls
ConnectController() for all handles with device path protocol.
In the Supported() method of our EFI_DRIVER_BINDING_PROTOCOL return
EFI_UNSUPPORTED when dealing with an U-Boot internal device.
Reported-by: Etienne Carriere <[email protected]>
Fixes: commit 05ef48a2484b ("efi_driver: EFI block driver")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Tested-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Change efi_delete_handle() to not free EFI handles twice.
This change tries to resolved an issue seen since U-Boot v2022.07
in which ExitBootService() attempts to release some EFI handles twice.
The issue was seen booting a EFI shell that invokes 'connect -r' and
then boots a Linux kernel. Execution of connect command makes EFI
subsystem to bind a block device for each root block devices EFI handles.
However these EFI device handles are already bound to a driver and we
can have 2 registered devices relating to the same EFI handler. On
ExitBootService(), the loop removing the devices makes these EFI handles
to be released twice which corrupts memory.
This patch prevents the memory release operation caused by the issue but
but does not resolve the underlying problem.
Signed-off-by: Etienne Carriere <[email protected]>
Add log message.
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Add a new unit test to test the integrity of the
EFI Conformance Profile Table.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
We can use efi_st_get_config_table() in multiple unit tests.
Export the function.
Export system-table and boot-services.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
TPM fixes and state reporting
|
|
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.
Add definitions for the rest of the Cr50 commands while we are here.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The message format is incorrect. Fix it.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The offset here is incorrect. Fix it.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
UEFI specification 2.9A requires to display the EUI-64 "in hexadecimal
format with byte 7 first (i.e., on the left) and byte 0 last".
This is in contrast to what the NVMe specification wants.
But it is what EDK II has been implementing.
Here is an example with the patch applied:
qemu-system-aarch64 -machine virt -cpu cortex-a72 -nographic \
-bios denx/u-boot.bin \
-device nvme,id=nvme1,serial=9ff81223 \
-device nvme-ns,bus=nvme1,drive=nvme1n0,eui64=0x123456789ABCDEF0 \
-drive file=arm64.img,if=none,format=raw,id=nvme1n0
=> nvme scan
=> efidebug devices
Device Path
====================
/VenHw(…)/NVMe(0x1,f0-de-bc-9a-78-56-34-12)
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Display the EBBRv2.0 conformance in the ECPT table.
The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.
Signed-off-by: Jose Marinho <[email protected]>
Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
https://bugzilla.tianocore.org/show_bug.cgi?id=3591
The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.
The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.
Signed-off-by: Jose Marinho <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The selftest checking the handling of exceptions in UEFI binaries is using
assembly to provide an undefined instruction. On the sandbox the correct
form of the instruction depends on the host architecture.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
In the extended text input protocol support input of control letters
0x1c - 0x1f.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
We cannot expect the buffers passed to the input protocols to be zero
filled. If only modifier keys are pressed, we have to return EFI_NOT_READY
but we still have to fill the key structure.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
We need to support multiple digits in the parts of the UEFI verision
number. E.g.
EFI_SPECIFICATION_VERSION = (123 << 16) | 456
must be printed as
123.45.6
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Only probed block devices are available in the UEFI sub-system. Multiple
block devices may be involved in the boot process. So we have to make sure
that all block devices are probed. Another reason is that we store UEFI
variables on the ESP which may be on any block device.
On the sandbox before the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
After the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0)
000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)
000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1)
000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1)
000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2)
000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
Fixes: a9bf024b2933 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
CONFIG_SYS_TIMER_RATE might be a dynamic value, i.e. a function call
instead of a static value, thus it has to be evaluated at runtime. If it
is a static value, the compiler should be able to optimize the unused
branches out.
This will be needed for kirkwoods dynamic CONFIG_SYS_TCLK setting.
Cc: Pali Rohár <[email protected]>
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Pali Rohár <[email protected]>
Reviewed-by: Stefan Roese <[email protected]>
|
|
The field, ifname, in efi_disk_obj is set but never used anywhere.
Just remove it.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This is a preparation patch to provide the unified method
to access udevice pointer associated with the EFI handle
by adding udevice pointer into struct efi_object.
The patch also introduces a helper function efi_link_dev()
to link the udevice and EFI handle.
The EFI handles of both EFI block io driver implemented in
lib/efi_loader/efi_disk.c and EFI block io driver implemented
as EFI payload can access the udevice pointer in the struct efi_object.
We can use this udevice pointer to get the U-Boot friendly
block device name(e.g. mmc 0:1, nvme 0:1) through EFI handle.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Ensure that the string we convert to UTF-16 is NUL terminated even
if the device path only contains end nodes.
Fixes: bd3d75bb0c58 ("efi_loader: multi part device paths to text")
Addresses-Coverity: 350434 ("Uninitialized scalar variable")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This converts the following to Kconfig:
CONFIG_SYS_FDT_PAD
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present ofnode only works with a single device tree, for the most part.
This is the control FDT used by U-Boot.
When booting an OS we may obtain a different device tree and want to
modify it. Add some initial support for this into the ofnode API.
Note that we don't permit aliases in this other device tree, since the
of_access implementation maintains a list of aliases collected at
start-up. Also, we don't need aliases to do fixups in the other FDT. So
make sure that flat tree and live tree processing are consistent in this
area.
Signed-off-by: Simon Glass <[email protected]>
|
|
We want to use VBE to mean Verfiied Boot for Embedded in U-Boot. Rename
the existing VBE (Vesa BIOS extensions) to allow this.
Verified Boot for Embedded is documented doc/develop/vbe.rst
Signed-off-by: Simon Glass <[email protected]>
|
|
In file included from include/linux/bitops.h:22,
from include/log.h:15,
from include/linux/printk.h:4,
from include/common.h:20,
from lib/lz4_wrapper.c:6:
lib/lz4_wrapper.c: In function ‘ulz4fn’:
include/linux/kernel.h:184:17: warning: comparison of distinct pointer types lacks a cast
(void) (&_min1 == &_min2); \
^~
lib/lz4_wrapper.c:104:18: note: in expansion of macro ‘min’
size_t size = min((ptrdiff_t)block_size, end - out);
^~~
Signed-off-by: Pali Rohár <[email protected]>
|
|
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <[email protected]>
|
|
This patch is fixing a broken boot observed on stm32mp157c-dk2 board.
IS_ENABLED macro should be used to check if a compilation flag is set
to "y" or "m".
LMB_MEMORY_REGIONS is set to a numerical value, IS_ENABLED macro is not
suitable in this case.
Fixes: 7c1860fce4e3 ("lmb: Fix lmb property's defination under struct lmb")
Signed-off-by: Patrice Chotard <[email protected]>
Acked-by: Michal Simek <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
The TPM device has a builtin random number generator(RNG)
functionality. Expose the RNG functions of the TPM device to the
driver model so that they can be used by the EFI_RNG_PROTOCOL if the
protocol is installed.
Also change the function arguments and return type of the random
number functions to comply with the driver model api.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Due to U-Boot's lazy binding the RNG presented by the TCG is not available
until the EFI_TCG2 protocol has been initialized. Since the TPM has a
built-in RNG device we can use for the OS randomization, move the RNG
protocol installation after the TCG.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
These functions should really be available outside the TPM code, so that
other callers can find out which version the TPM is. Rename them to have
a tpm_ prefix() and add them to the header file.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-dm.git
minor dm- and fdt-related fixes
start of test for fdt command
|
|
Update this feature so that it works on sandbox, using a basic identity
mapping. This allows us to run the 'ut addrmap' test.
Also fix up the test to use the correct macros to access the linker
list, so that the 'ut addrmap' command actually works.
Signed-off-by: Simon Glass <[email protected]>
|
|
Under struct lmb {} the lmb property's should be defined only if
CONFIG_LMB_MEMORY_REGIONS is defined.
Signed-off-by: Ashok Reddy Soma <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Signed-off-by: Michal Simek <[email protected]>
Link: https://lore.kernel.org/r/c24a2b1d6f5db4eb65393f6a77fae129b30b6233.1657183534.git.michal.simek@amd.com
|
|
There is no board left using CONFIG_LCD without CONFIG_DM_VIDEO.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This commit exposes the END device path node.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
|
|
Tighten up symbol dependencies in a number of places. Ensure that a SPL
specific option has at least a direct dependency on SPL. In places
where it's clear that we depend on something more specific, use that
dependency instead. This means in a very small number of places we can
drop redundant dependencies.
Reported-by: Pali Rohár <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
Now We are migrating from EFI_PRINT() to log macro's.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
This function is used to calculate a message digest as part of
authentication process in a later patch.
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.
This parser is used in image authentication to parse the field and
retrieve a message digest.
Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).
Signed-off-by: AKASHI Takahiro <[email protected]>
|
|
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.
Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.
This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.
Signed-Off-by: Paul Barbieri <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: AKASHI Takahiro <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This converts the following to Kconfig:
CONFIG_ENV_MIN_ENTRIES
CONFIG_ENV_MAX_ENTRIES
Cc: Michal Simek <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Since bb5930d5c97f ("exynos: video: Convert several boards to driver
model for video") there have been no callers of any of the exynos_lcd_*
family of functions. Remove these from the boards, and then remove
unused logo and related code as well.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Minkyu Kang <[email protected]>
|
|
Tighten up symbol dependencies in a number of places. Ensure that a VPL
specific option has at least a direct dependency on VPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Tighten up symbol dependencies in a number of places. Ensure that a TPL
specific option has at least a direct dependency on TPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Mark sha256_process as weak to allow hardware specific implementation.
Add parameter for supporting multiple blocks processing.
Signed-off-by: Loic Poulain <[email protected]>
|
