| Age | Commit message (Collapse) | Author |
|---|
|
efi_disconnect_controller() doesn't reconnect drivers in case of
failure. Reconnect the disconnected drivers properly
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The boot variables automatically generated for removable medias
should be with short form of device path without device nodes.
This is a requirement for the case that a removable media is
plugged into a different port but is still able to work with the
existing boot variables.
Signed-off-by: Raymond Mao <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Correct the return code for out-of-memory and no boot option found
Signed-off-by: Raymond Mao <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Rename and move bootorder and bootoption apis from cmd to lib
for re-use between eficonfig and bootmgr
Fix 'unexpected indentation' when 'make htmldocs' after functions
are moved
Signed-off-by: Raymond Mao <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Uncompressing a 1.7Mbytes FIT image on U-boot 2023.04 takes
approx 7s on a powerpc 8xx.
The same on U-boot 2023.07-rc6 takes approx 28s unless watchdog
is disabled.
During that decompression, LzmaDec_DecodeReal() calls schedule
1.6 million times, that is every 4µs in average.
In the past it used to be a call to WATCHDOG_RESET() which was
just calling hw_watchdog_reset().
But the combination of commit 29caf9305b6 ("cyclic: Use schedule()
instead of WATCHDOG_RESET()") and commit 26e8ebcd7cb ("watchdog:
mpc8xxx: Make it generic") results in an heavier processing.
However, there is absolutely no point in calling schedule() that
often.
By moving and keeping only one call to schedule() in the main
loop the number of calls is reduced to 1.2 million which is still
too much. So add logic to only call schedule every 1024 times.
That leads to a call to schedule approx every 6ms which is still
far enough to entertain the watchdog which has a 1s timeout on
powerpc 8xx.
powerpc 8xx being one of the slowest targets we have today in
U-boot, and most other watchdogs having a timeout of one minutes
instead of one second like the 8xx, this fix should not have
negative impact on other targets.
Fixes: 29caf9305b6 ("cyclic: Use schedule() instead of WATCHDOG_RESET()")
Signed-off-by: Christophe Leroy <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark
Adler's zlib master repo - the original fix of CVE bug [2] and
the fix for the fix [3].
[1]
https://github.com/advisories/GHSA-cfmr-vrgj-vqwv
[2]
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
[3]
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
Fixes: e89516f031d ("zlib: split up to match original source tree")
Signed-off-by: Oleksandr Suvorov <[email protected]>
|
|
At present livetree can only be used for the control FDT. It is useful
to be able to use the ofnode API for other FDTs, e.g. those used by
the upcoming configuration editor.
We already have most of the support present, and tests can be marked with
the UT_TESTF_OTHER_FDT flag to use another FDT as a special case. But
with this change, the functionality becomes more generally available.
Plumb in the require support.
Signed-off-by: Simon Glass <[email protected]>
|
|
Ensure that the block of memory used by live tree is aligned according to
the default for structures. This ensures that the root node appears at
the start of the block, so it can be used with free(), rather than being
4 bytes later in some cases.
This corrects a rather obscure bug in unflatten_device_tree().
Fixes: 8b50d526ea5 ("dm: Add a function to create a 'live' device tree")
Signed-off-by: Simon Glass <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-2023-07-rc7
Documentation:
* Fix links to Linux kernel documentation
UEFI:
* Fix memory leak in efidebug dh subcommand
* Fix underflow when calculating remaining variable store size
* Increase default variable store size to 64 KiB
* mkeficapsule: fix efi_firmware_management_capsule_header data type
|
|
Debian's arm64 UEFI Secure Boot shim makes the EFI variable store run
out of space while mirroring its MOK database to variables. This can be
observed in QEMU like so:
$ tools/buildman/buildman -o build/qemu_arm64 --boards=qemu_arm64 -w
$ cd build/qemu_arm64
$ curl -L -o debian.iso \
https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.0.0-arm64-netinst.iso
$ qemu-system-aarch64 \
-nographic -bios u-boot.bin \
-machine virt -cpu cortex-a53 -m 1G -smp 2 \
-drive if=virtio,file=debian.iso,index=0,format=raw,readonly=on,media=cdrom
[...]
=> # interrupt autoboot
=> env set -e -bs -nv -rt -guid 605dab50-e046-4300-abb6-3dd810dd8b23 SHIM_VERBOSE 1
=> boot
[...]
mok.c:296:mirror_one_esl() SetVariable("MokListXRT43", ... varsz=0x4C) = Out of Resources
mok.c:452:mirror_mok_db() esd:0x7DB92D20 adj:0x30
Failed to set MokListXRT: Out of Resources
mok.c:767:mirror_one_mok_variable() mirror_mok_db("MokListXRT", datasz=17328) returned Out of Resources
mok.c:812:mirror_one_mok_variable() returning Out of Resources
Could not create MokListXRT: Out of Resources
[...]
Welcome to GRUB!
This would normally be fine as shim would continue to run grubaa64.efi,
but shim's error handling code for this case has a bug [1] that causes a
synchronous abort on at least chromebook_kevin (but apparently not on
QEMU arm64).
Double the default variable store size so the variables fit. There is a
note about this value matching PcdFlashNvStorageVariableSize when
EFI_MM_COMM_TEE is enabled, so keep the old default in that case.
[1] https://github.com/rhboot/shim/pull/577
Signed-off-by: Alper Nebi Yasak <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
The efi_var_mem_free() function calculates the available size for a new
EFI variable by subtracting the occupied buffer size and the overhead
for a new variable from the maximum buffer size set in Kconfig. This
is then returned as QueryVariableInfo()'s RemainingVariableStorageSize
output.
This can underflow as the calculation is done in and processed as
unsigned integer types. Check for underflow before doing the subtraction
and return zero if there's no space.
Fixes: f1f990a8c958 ("efi_loader: memory buffer for variables")
Signed-off-by: Alper Nebi Yasak <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Prepare v2023.07-rc6
|
|
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.
Signed-off-by: Stefano Babic <[email protected]>
|
|
Running the protocols selftest more than one times fails with
=> setenv efi_selftest 'manage protocols' && bootefi selftest
Testing EFI API implementation
Selected test: 'manage protocols'
Setting up 'manage protocols'
Setting up 'manage protocols' succeeded
Executing 'manage protocols'
Executing 'manage protocols' succeeded
Tearing down 'manage protocols'
Tearing down 'manage protocols' succeeded
Summary: 0 failures
=> bootefi selftest
Testing EFI API implementation
Selected test: 'manage protocols'
Setting up 'manage protocols'
lib/efi_selftest/efi_selftest_manageprotocols.c(88):
ERROR: InstallProtocolInterface failed
lib/efi_selftest/efi_selftest.c(89):
ERROR: Setting up 'manage protocols' failed
Tearing down 'manage protocols'
Tearing down 'manage protocols' succeeded
Summary: 1 failures
The reason is that we don't set the handles to NULL after deleting and
freeing them. As a result the subsequent protocol installation will try
to use an existing handle which we just removed that from our object list.
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
Instead of discovering the ID of the device and call two different
functions for a block device or a partition, we can rewrite
efi_disk_remove() and handle the minor differences between the two
variants internally. As a results we can simplify efi_disk_remove()
a lot and get rid of the extra efi_disk_delete_raw/blk calls.
Signed-off-by: Ilias Apalodimas <[email protected]>
If a handle is not found, return 0 to let the device be removed.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Running the controller selftest more than one times fails with
=> setenv efi_selftest 'controllers' && bootefi selftest
Testing EFI API implementation
Selected test: 'controllers'
Setting up 'controllers'
Setting up 'controllers' succeeded
Executing 'controllers'
Executing 'controllers' succeeded
Summary: 0 failures
=> bootefi selftest
Testing EFI API implementation
Selected test: 'controllers'
Setting up 'controllers'
lib/efi_selftest/efi_selftest_controllers.c(280):
ERROR: InstallProtocolInterface failed
lib/efi_selftest/efi_selftest.c(89):
ERROR: Setting up 'controllers' failed
Summary: 1 failures
There are multiple reason for this. We don't uninstall the binding
interface from the controller handle and we don't reset the handle
pointers either. So let's uninstall all the protocols properly and
reset the handles to NULL on setup().
While at it add a forgotten check when uninstalling protocols from the
handle_controller and make sure the number of child controllers is 0
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Test ReinstallProtocolInterface() more rigorously.
Replacing the sole installed protocol interface must not result in deleting
the handle and creating a new one.
Check which interface is actually installed before and after
ReinstallProtocolInterface().
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Signed-off-by: Tom Rini <[email protected]>
|
|
Just like fwu_plat_get_update_index, provide a default/weak
implementation of fwu_plat_get_bootidx. So that most platforms
wouldn't have to re-implement the likely case.
Signed-off-by: Jassi Brar <[email protected]>
|
|
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, on a separate
region. Add a driver for reading from and writing to the metadata
when the updatable images and the metadata are stored on a raw
MTD region.
The code is divided into core under drivers/fwu-mdata/ and some helper
functions clubbed together under lib/fwu_updates/
Signed-off-by: Masami Hiramatsu <[email protected]>
Signed-off-by: Jassi Brar <[email protected]>
|
|
fwu_get_mdata() sounds more appropriate than fwu_get_verified_mdata()
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
The common code can now read, verify and fix meta-data copies
while exposing one consistent structure to users.
Only the .read_mdata() and .write_mdata() callbacks of fwu_mdata_ops
are needed. Get rid of .get_mdata() .update_mdata() .get_mdata_part_num()
.read_mdata_partition() and .write_mdata_partition() and also the
corresponding wrapper functions.
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
Instead of each i/f having to implement their own meta-data verification
and storage, move the logic in common code. This simplifies the i/f code
much simpler and compact.
Signed-off-by: Jassi Brar <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Tested-by: Sughosh Ganu <[email protected]>
|
|
The FMP Payload Header which EDK II capsule generation scripts
insert has a firmware version.
This commit reads the lowest supported version stored in the
device tree, then check if the firmware version in FMP payload header
of the ongoing capsule is equal or greater than the
lowest supported version. If the firmware version is lower than
lowest supported version, capsule update will not be performed.
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
This commit gets the lowest supported version from device tree,
then fills the lowest supported version in FMP->GetImageInfo().
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Current FMP->GetImageInfo() always return 0 for the firmware
version, user can not identify which firmware version is currently
running through the EFI interface.
This commit reads the "FmpStateXXXX" EFI variable, then fills the
firmware version in FMP->GetImageInfo().
Now FMP->GetImageInfo() and ESRT have the meaningful version number.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Firmware version management is not implemented in the current
FMP protocol.
EDK II reference implementation capsule generation script inserts
the FMP Payload Header right before the payload, FMP Payload Header
contains the firmware version and lowest supported version.
This commit utilizes the FMP Payload Header, reads the header and
stores the firmware version into "FmpStateXXXX" EFI non-volatile variable.
XXXX indicates the image index, since FMP protocol handles multiple
image indexes.
Note that lowest supported version included in the FMP Payload Header
is not used. If the platform uses file-based EFI variable storage,
it can be tampered. The file-based EFI variable storage is not the
right place to store the lowest supported version for anti-rollback
protection.
This change is compatible with the existing FMP implementation.
This change does not mandate the FMP Payload Header.
If no FMP Payload Header is found in the capsule file, fw_version,
lowest supported version, last attempt version and last attempt
status is 0 and this is the same behavior as existing FMP
implementation.
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
The number of image array entries global variable is required
to support EFI capsule update. This information is exposed as a
num_image_type_guids variable, but this information
should be included in the efi_capsule_update_info structure.
This commit adds the num_images member in the
efi_capsule_update_info structure. All board files supporting
EFI capsule update are updated.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Check that LocateHandleBuffer() return EFI_NOT_FOUND when called with
ByRegisterNotify and all handles already have been retrieved.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
part_get_info() may return an error code. Check it.
Update function description of dp_part_node().
Addresses-Coverity-ID: 184067 ("Unchecked return value")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
These files should have both 'always' and 'targets' so that dependencies
are detected correctly.
When only 'always' is used, the target is built every time, although I am
not quite sure why.
Make sure each has both 'always' and 'targets' to avoid this problem.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present two acpi files are built every time since they use a version
number from version.h
This is not necessary. Make use of the same technique as for the version
string, so that they are build only when they change.
Signed-off-by: Simon Glass <[email protected]>
|
|
* When called from efi_dp_from_name() we miss to append the filename
for non-block devices.
* expand_media_path() could be simplified by using efi_dp_from_file to
prepend the device path of the boot device.
This can be avoided by passing a device path to efi_dp_from_file() instead
of a block device descriptor and a partition number.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Don't do the same check and assignment in multiple places.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use EFI_OUT_OF_RESOURCES if the device path cannot be constructed.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
* Improve variable name usage: Use pos instead of buf to indicate the
current position in a buffer.
* Avoid double assignment in a single code line.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
efi_dp_from_name() has duplicate code to replace slash by backslash.
path_to_uefi() called by efi_dp_from_file() already does this.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
According to our coding style guide #ifdef should be avoided.
Use IS_ENABLED() instead.
Sort string comparisons alphabetically.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Executing an EFI binary fails for files loaded via semihosting.
Construct a dummy device path for EFI binaries loaded via semihosting.
A future complete solution may include the creation of a handle with a
simple file system protocol.
Reported-by: Andre Przywara <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Helloworld.efi should print the file path even if the boot device is
not set.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Symbol CONFIG_EFI_SETUP_EARLY does not exist anymore.
CONFIG_FWU_MULTI_BANK_UPDATE without CONFIG_FWU_MDATA results in
lib/fwu_updates/fwu.c:49: undefined reference to `fwu_get_mdata'
Fixes: 86794052418b ("FWU: Add support for the FWU Multi Bank Update feature")
Fixes: 023d9c93932c ("efi_loader: remove CONFIG_EFI_SETUP_EARLY")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Acked-by: Sughosh Ganu <[email protected]>
|
|
This is useful for other features. Move the function into library code
so it can be used outside just the 'acpi' command.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
Tested-by: Bin Meng <[email protected]>
|
|
We have several Kconfig options for ACPI, but all relate to specific
functions, such as generating tables and AML code.
Add a new option which controls including basic ACPI library code,
including the lib/acpi directory. This will allow us to add functions
which are available even if table generation is not supported.
Adjust the command to avoid a build error when ACPIGEN is not enabled.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
Please pull the second part of the sunxi pull request for this cycle.
Another bunch of patches that replace old-school U-Boot hacks with
proper DM based code, this time for the raw NAND flash driver, and the
USB PHY VBUS detection code. Plus two smaller patches that were sitting
in my inbox for a while.
Gitlab CI passed. In lack of some supported board with NAND flash I
couldn't really test this part, but apparently this was tested by the
reviewer. I briefly ran the branch on some boards with USB-OTG, and
this still worked.
|
|
Add a note to the comment at the top of this file.
Signed-off-by: Simon Glass <[email protected]>
|
|
As a first step toward converting this driver to the driver model, use
the ofnode abstraction to replace direct references to the FDT blob.
Using ofnode_read_u32_index removes an extra pair of loops and makes the
allwinner,rb property optional, matching the devicetree binding.
Signed-off-by: Samuel Holland <[email protected]>
Acked-by: Andre Przywara <[email protected]>
Signed-off-by: Andre Przywara <[email protected]>
|
|
Remove an unused implementation of efi_capsule_authenticate().
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
efi_runtime_mmio is only referenced in efi_boottime.c
Signed-off-by: Bin Meng <[email protected]>
|
|
efi_mem is only referenced in efi_memory.c
Signed-off-by: Bin Meng <[email protected]>
|
|
efi_event_queue and efi_register_notify_events are only referenced
in efi_boottime.c
Signed-off-by: Bin Meng <[email protected]>
|
