| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Francois Berder <[email protected]>
|
|
It is unclear to developers why efi_var_from_file() returns EFI_SUCCESS if
file ubootefi.var is missing or corrupted. Improve the description.
Reported-by: Weizhao Ouyang <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Weizhao Ouyang <[email protected]>
|
|
The result of efi_append_scrtm_version() is overwritten before anyone
checks its result. Check it and exit the function on failures
Addresses-Coverity-ID: 467399 Code maintainability issues (UNUSED_VALUE)
Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
In commit 9fd3f881c6ed ("efi_loader: Increase default variable store size to 64KiB")
Alper has a detailed explanation of why the size needs to be bumped to at
least 64K. However enabling Secure boot, writing db, KEK, PK etc keys
will further increase the size so bump it to 128K.
It's worth noting that when U-Boot stores the EFI variables in an RPMB the
available storage is defined statically in StandAloneMM at build time.
The U-Boot code is detecting the available true size on the fly during
writes. When StandAloneMM is present this size defines the reserved
memory U-Boot can use to copy any runtime variables, before booting an
OS.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Prepare v2024.01-rc3
|
|
This supports to boot from the URI device path.
When user selects the URI device path, bootmgr downloads
the file using wget into the address specified by loadaddr
env variable.
If the file is .iso or .img file, mount the image with blkmap
then try to boot with the default file(e.g. EFI/BOOT/BOOTAA64.EFI).
Since boot option indicating the default file is automatically
created when new disk is detected, system can boot by selecting
the automatically created blkmap boot option.
If the file is PE-COFF file, load and start the downloaded file.
The buffer used to download the ISO image file must be
reserved to avoid the unintended access to the image and
expose the ramdisk to the OS.
For PE-COFF file case, this memory reservation is done
in LoadImage Boot Service.
[Ilias fix a few memory leaks by replacing returns with gotos]
Lore: https://lore.kernel.org/u-boot/[email protected]/T/#mbac31da301ff465b60894b38f3a587b2868cf817
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
When the image loaded by efibootmgr returns, efibootmgr
needs to clean the resources. Adding the event of returning
to efibootmgr is useful to simplify the implementation.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
const classifier is missing in EventGroup parameter of
CreateEventEx(). Fix it to remove the compiler warning.
NotifyContext parameter of CreateEventEx() is also defined
with const in UEFI specification, but NotifyContext parameter
of CreateEvent() is defined without const.
Since current implementation calls the common efi_create_event()
function from both CreateEventEx() and CreateEvent() services,
NotifyContext parameter leaves as is.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Changes for complying to EFI spec §3.5.1.1
'Removable Media Boot Behavior'.
Boot variables can be automatically generated during a removable
media is probed. At the same time, unused boot variables will be
detected and removed.
Please note that currently the function 'efi_disk_remove' has no
ability to distinguish below two scenarios
a) Unplugging of a removable media under U-Boot
b) U-Boot exiting and booting an OS
Thus currently the boot variables management is not added into
'efi_disk_remove' to avoid boot options being added/erased
repeatedly under scenario b) during power cycles
See TODO comments under function 'efi_disk_remove' for more details
The original efi_secboot tests expect that BootOrder EFI variable
is not defined. With this commit, the BootOrder EFI variable is
automatically added when the disk is detected. The original
efi_secboot tests end up with unexpected failure.
The efi_secboot tests need to be modified to explicitly set
the BootOrder EFI variable.
squashfs and erofs ls tests are also affected by this modification,
need to clear the previous state before squashfs ls test starts.
Co-developed-by: Masahisa Kojima <[email protected]>
Signed-off-by: Masahisa Kojima <[email protected]>
Signed-off-by: Raymond Mao <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Joao Marcos Costa <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The efi_gop driver uses private fields from the video uclass to obtain a
pointer to the frame buffer. Use the platform data instead.
Check the VIDEO_COPY setting to determine which frame buffer to use. Once
the next stage is running (and making use of U-Boot's EFI boot services)
U-Boot does not handle copying from priv->fb to the hardware framebuffer,
so we must allow EFI to write directly to the hardware framebuffer.
We could provide a function to read this, but it seems better to just
document how it works. The original change ignored an explicit comment
in the video.h file ("Things that are private to the uclass: don't use
these in the driver") which is why this was missed when the VIDEO_COPY
feature was added.
Signed-off-by: Simon Glass <[email protected]>
Fixes: 8f661a5b662 ("efi_loader: gop: Expose fb when 32bpp")
Reviewed-by: Bin Meng <[email protected]>
|
|
Add support for a semihosting fallback on 32-bit ARM. The assembly is
lightly adapted from the irq return code, except there is no offset
since lr already points to the correct instruction. The C side is mostly
like ARM64, except we have fewer cases to deal with.
Signed-off-by: Sean Anderson <[email protected]>
|
|
This option is independent from any commands and should be managed
under lib. For instance, drivers/block/rkmtd.c is a user.
It would be better to remove this configuration.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
The command should not be used to enable library functionality. Add a
new BOOTEFI_BOOTMGR Kconfig for that. Adjust the conditions so that the
same code is built.
Signed-off-by: Simon Glass <[email protected]>
Suggested-by: AKASHI Takahiro <[email protected]>
|
|
genimage create android-sparse file with CRC32 chunk at end. When
U-Boot's fastboot receives this chunk it returns error message:
`Fail Bogus chunk size for chunk type Dont Care`
According to reference implementation of Android's sparse file format:
<https://android.googlesource.com/platform/system/core/+/refs/heads/main/
libsparse/output_file.cpp#513>
the chunk_header.total_sz is CHUNK_HEADER_LEN + 4 (CRC32 size).
Signed-off-by: Wojciech Nizinski <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
Tested-by: Mattijs Korpershoek <[email protected]> # on vim3
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mattijs Korpershoek <[email protected]>
|
|
The > comparison needs to be changed to >= to prevent an out of bounds
write on th next line.
Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-tpm
bootX measurements and measurement API moved to u-boot core:
Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.
The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.
With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.
I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions. Eddie tested the bootX part.
Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.
There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.
Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.
Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree. The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless. The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.
Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case. I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
|
|
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James <[email protected]>
For the API moving around from EFI -> u-boot core
Reviewed-by: Ilias Apalodimas <[email protected]>
For EFI testing
Tested-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
If EXT4_WRITE is enabled, write capabilities will be compiled into SPL, but
not CRC16. Add an option to enable CRC16 to avoid linker errors.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The BitBlt test leaves the serial console output in disarray.
* Call ClearScreen() where needed.
* Test CheckEvent() for EFI_SIMPLE_TEXT_INPUT_PROTOCOL.WaitForKey
via adding navigation keys
* Correct timer comment
For testing on the sandbox:
CONFIG_CMD_BOOTEFI_SELFTEST=y
CONFIG_CONSOLE_TRUETYPE=n
$ ./u-boot -T -l
=> setenv efi_selftest block image transfer
=> bootefi selftest
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
In case of new memory range to be added is coalesced
with any already added non last lmb region.
And there is possibility that, then region in which new memory
range added is not adjacent to next region. But have some
sections are overlapping.
So along with adjacency check with next lmb region,
check for overlap should be done.
In case overlap is found, adjust and merge these two lmb
region into one.
Reported-by: Suman Anna <[email protected]>
Signed-off-by: Udit Kumar <[email protected]>
|
|
Add a way to flatten a devicetree into binary form. For livetree this
involves generating the devicetree using fdt_property() and other calls.
For flattree it simply involves providing the buffer containing the tree.
Signed-off-by: Simon Glass <[email protected]>
|
|
Provide a function to create a new, empty tree.
Signed-off-by: Simon Glass <[email protected]>
|
|
Use the new SPL/TPL/VPL_SYS_MALLOC_F symbols to determine whether the
malloc pool exists.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Sean Anderson <[email protected]>
|
|
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <[email protected]>
|
|
U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
When booted from coreboot, U-Boot does not build the SMBIOS tables, but
it should still pass them on to the OS. Add a new option which indicates
whether SMBIOS tables are present, however they were built.
Flip the ordering so that the dependency is listed first, which is less
confusing.
Adjust GENERATE_SMBIOS_TABLE to depend on this new symbol.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
It is not always the case that U-Boot builds the ACPI tables itself. For
example, when booting from coreboot, the ACPI tables are built by
coreboot.
Correct the Makefile condition so that U-Boot can pass on tables built
by a previous firmware stage.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
This is needed so we can find the DBG2 table provided by coreboot. Add a
Kconfig so it can be enabled.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
Move this to be with the other devicetree-fixup options.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Use a menuconfig to avoid showing a menu which cannot be selected in many
cases.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Sughosh Ganu <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
These should not be part of the 'system tables' menu. Move them outside
on their own.
Signed-off-by: Simon Glass <[email protected]>
Fixes: 7d0f3fbb93c ("lib: rational: copy the rational fraction lib...")
Reviewed-by: Tom Rini <[email protected]>
|
|
The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Prepare v2023.10-rc4
|
|
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the manual-relocation code to the initcall file. Make sure to avoid
manually relocating event types. Only true function pointers should be
relocated.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present the initcall list consists of a list of function pointers. Over
time the initcall lists will likely change to mostly emitting events,
since most of the calls are board- or arch-specific.
As a first step, allow an initcall to be an event type instead of a
function pointer. Add the required macro and update initcall_run_list() to
emit an event in that case, or ignore it if events are not enabled.
The bottom 8 bits of the function pointer are used to hold the event type,
with the rest being all ones. This should avoid any collision, since
initcalls should not be above 0xffffff00 in memory.
Convert misc_init_f over to use this mechanism.
Add comments to the initcall header file while we are here. Also fix up
the trace test to handle the change.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move the failure message outside the loop, so it is easier to follow the
code. Avoid swallowing the error code - just pass it along.
Drop the initcall-list address from the output. This is confusing since
we show two addresses. Really it is only the function address which is
useful, since it can be looked up in the map, e.g. with:
grep -A1 -B1 serial_init u-boot.map
Signed-off-by: Simon Glass <[email protected]>
|
|
Use a variable to hold the function, so we don't need to repeat the
pointer access each time. Rename the init pointer to 'ptr' since we only
refer to it in the for() statement now.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move this into a function and do it once, not each time around the loop.
Signed-off-by: Simon Glass <[email protected]>
|
|
Somehow I do not see any inlining with initcalls now. I was sure I saw
it when this commit went in, but now it seems to make things worse.
This reverts commit 47870afab92fca6e672c03d0dea802a55e200675.
Signed-off-by: Simon Glass <[email protected]>
|
|
The current CI test worked by sheer luck, the g_dev global pointer
in the fwu library was never initialized and the test equally well
failed on sandbox64. Trigger the main loop in sandbox tests too to
initialize that global state, and move the sandbox specific exit
from fwu_boottime_checks after g_dev is initialized.
Signed-off-by: Marek Vasut <[email protected]>
Acked-by: Sughosh Ganu <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The EFI capsule authentication logic in u-boot expects the public key
in the form of an EFI Signature List(ESL) to be provided as part of
the platform's dtb. Currently, the embedding of the ESL file into the
dtb needs to be done manually.
Add a target for generating a dtsi file which contains the signature
node with the ESL file included as a property under the signature
node. Include the dtsi file in the dtb. This brings the embedding of
the ESL in the dtb into the U-Boot build flow.
The path to the ESL file is specified through the
CONFIG_EFI_CAPSULE_ESL_FILE symbol.
Signed-off-by: Sughosh Ganu <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
This reverts commit c5b68ef8af3c2f515c1f5b8d63a69359a85d753b.
CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.
Signed-off-by: Ricardo Salveti <[email protected]>
Signed-off-by: Oleksandr Suvorov <[email protected]>
|
|
If one of SHA* algorithms is disabled in u-boot, its code is not
included in SPL even if a given SHA* option is enabled in SPL. Fix
this.
Fixes: 603d15a572d ("spl: cypto: Bring back SPL_ versions of SHA")
Signed-off-by: Oleksandr Suvorov <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
When a notification event is registered for a protocol the handle of the
protocol is added in our event notification list. When all the protocols
of the handle are uninstalled we delete the handle but we do not remove
it from the event notification list.
Clean up the protocol removal functions and add a wrapper which
- Removes the to-be deleted handle from any lists it participates
- Remove the handle if no more protocols are present
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
If hash_calculate is invoked with region_count = 0, it will try to hash
INT_MAX regions. We should check this parameter.
* Avoid a comparison with different signedness.
* Check that region_count is at least 1.
* Avoid a superfluous assignment.
Fixes: b37b46f042cc ("rsa: Use checksum algorithms from struct hash_algo")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add some GUIDs for ChromiumOS so we can detect the partitions.
Signed-off-by: Simon Glass <[email protected]>
|
