From 73c9a352705a29e3af6ea08c7075efeb12980f1d Mon Sep 17 00:00:00 2001 From: Adriano Cordova Date: Wed, 19 Mar 2025 11:44:59 -0300 Subject: efi_loader: efi_load_initrd: provide a memory mapped initrd U-Boot can pass an initrd to subsequent boot stages via the EFI_LOAD_FILE2_PROTOCOL. The current implementation only supports this functionality via the efi boot manager: the initrd is taken from the load options of the BootCurrent variable. This commit adds support for registering a memory mapped initrd, e.g. loaded from a FIT image. For now this new method takes precedence over loading the initrd from the BootCurrent variable (if both are present) because the BootCurrent variable is not cleared on exiting the boot manager. Signed-off-by: Adriano Cordova Reviewed-by: Ilias Apalodimas --- include/efi_loader.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index 5f769786786..72bee60abaf 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -667,7 +667,7 @@ efi_status_t efi_http_register(const efi_handle_t handle, struct efi_service_binding_protocol *http_service_binding); /* Called by bootefi to make the watchdog available */ efi_status_t efi_watchdog_register(void); -efi_status_t efi_initrd_register(void); +efi_status_t efi_initrd_register(struct efi_device_path *dp_initrd); efi_status_t efi_initrd_deregister(void); /* Called by bootefi to make SMBIOS tables available */ /** -- cgit v1.2.3 From 36835a9105cf14a72556731e54300f8225190b17 Mon Sep 17 00:00:00 2001 From: Adriano Cordova Date: Wed, 19 Mar 2025 11:45:00 -0300 Subject: efi_loader: binary_run: register an initrd Add support to install an initrd when running an EFI binary with efi_binary_run Signed-off-by: Adriano Cordova Acked-by: Ilias Apalodimas --- include/efi_loader.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index 72bee60abaf..144b749278a 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -600,7 +600,7 @@ efi_status_t efi_install_fdt(void *fdt); /* Execute loaded UEFI image */ efi_status_t do_bootefi_exec(efi_handle_t handle, void *load_options); /* Run loaded UEFI image with given fdt */ -efi_status_t efi_binary_run(void *image, size_t size, void *fdt); +efi_status_t efi_binary_run(void *image, size_t size, void *fdt, void *initrd, size_t initrd_sz); /** * efi_bootflow_run() - Run a bootflow containing an EFI application -- cgit v1.2.3 From fd58c275f6ba524101ba0990e53f5a11ac390bd0 Mon Sep 17 00:00:00 2001 From: Ilias Apalodimas Date: Tue, 1 Apr 2025 14:27:25 +0300 Subject: efi_loader: Move public cert for capsules to .rodata commit ddf67daac39d ("efi_capsule: Move signature from DTB to .rodata") was reverted in commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") because that's what U-Boot was usually doing -- using the DT to store configuration and data. Some of the discussions can be found here [0]. (Ab)using the device tree to store random data isn't ideal though. On top of that with new features introduced over the years, keeping the certificates in the DT has proven to be problematic. One of the reasons is that platforms might send U-Boot a DTB from the previous stage loader using a transfer list which won't contain the signatures since other loaders are not aware of internal U-Boot ABIs. On top of that QEMU creates the DTB on the fly, so adding the capsule certificate there does not work and requires users to dump it and re-create it injecting the public keys. Now that we have proper memory permissions for arm64, move the certificate to .rodata and read it from there. [0] https://lore.kernel.org/u-boot/CAPnjgZ2uM=n8Qo-a=DUkx5VW5Bzp5Xy8=Wgmrw8ESqUBK00YJQ@mail.gmail.com/ Signed-off-by: Ilias Apalodimas Tested-by: Jonathan Humphreys # on TI sk-am62p-lp Tested-by: Neil Armstrong # on AML-A311D-CC Tested-by: Raymond Mao --- include/asm-generic/sections.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h index 024b1adde27..d59787948fd 100644 --- a/include/asm-generic/sections.h +++ b/include/asm-generic/sections.h @@ -28,6 +28,8 @@ extern char __efi_helloworld_begin[]; extern char __efi_helloworld_end[]; extern char __efi_var_file_begin[]; extern char __efi_var_file_end[]; +extern char __efi_capsule_sig_begin[]; +extern char __efi_capsule_sig_end[]; /* Private data used by of-platdata devices/uclasses */ extern char __priv_data_start[], __priv_data_end[]; -- cgit v1.2.3