From c7d4dfcd142d624ed43ac590c6ef5eca24233e30 Mon Sep 17 00:00:00 2001
From: Sughosh Ganu <sughosh.ganu@linaro.org>
Date: Tue, 22 Aug 2023 23:10:05 +0530
Subject: scripts/Makefile.lib: Embed capsule public key in platform's dtb

The EFI capsule authentication logic in u-boot expects the public key
in the form of an EFI Signature List(ESL) to be provided as part of
the platform's dtb. Currently, the embedding of the ESL file into the
dtb needs to be done manually.

Add a target for generating a dtsi file which contains the signature
node with the ESL file included as a property under the signature
node. Include the dtsi file in the dtb. This brings the embedding of
the ESL in the dtb into the U-Boot build flow.

The path to the ESL file is specified through the
CONFIG_EFI_CAPSULE_ESL_FILE symbol.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 lib/efi_loader/Kconfig             |  8 ++++++++
 lib/efi_loader/capsule_esl.dtsi.in | 11 +++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 lib/efi_loader/capsule_esl.dtsi.in

(limited to 'lib/efi_loader')

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 9989e3f384e..d20aaab6dba 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -272,6 +272,14 @@ config EFI_CAPSULE_MAX
 	  Select the max capsule index value used for capsule report
 	  variables. This value is used to create CapsuleMax variable.
 
+config EFI_CAPSULE_ESL_FILE
+	string "Path to the EFI Signature List File"
+	depends on EFI_CAPSULE_AUTHENTICATE
+	help
+	  Provides the path to the EFI Signature List file which will
+	  be embedded in the platform's device tree and used for
+	  capsule authentication at the time of capsule update.
+
 config EFI_DEVICE_PATH_TO_TEXT
 	bool "Device path to text protocol"
 	default y
diff --git a/lib/efi_loader/capsule_esl.dtsi.in b/lib/efi_loader/capsule_esl.dtsi.in
new file mode 100644
index 00000000000..61a9f2b25e9
--- /dev/null
+++ b/lib/efi_loader/capsule_esl.dtsi.in
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0+
+/**
+ * Devicetree file with the public key EFI Signature List(ESL)
+ * node. This file is used to generate the dtsi file to be
+ * included into the DTB.
+*/
+/ {
+	signature {
+		capsule-key = /incbin/("ESL_BIN_FILE");
+	};
+};
-- 
cgit v1.2.3


From 53e8e6f98679a30eb338ca98ec173aa6ddd28d54 Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Tue, 19 Sep 2023 21:00:12 -0600
Subject: efi: x86: Correct the condition for installing ACPI tables

It is not always the case that U-Boot builds the ACPI tables itself. For
example, when booting from coreboot, the ACPI tables are built by
coreboot.

Correct the Makefile condition so that U-Boot can pass on tables built
by a previous firmware stage.

Tidy up the installation-condition code while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
---
 lib/efi_loader/Makefile    |  2 +-
 lib/efi_loader/efi_setup.c | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'lib/efi_loader')

diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index 1a8c8d7cab5..0eb748ff1a5 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -78,7 +78,7 @@ obj-$(CONFIG_EFI_ESRT) += efi_esrt.o
 obj-$(CONFIG_VIDEO) += efi_gop.o
 obj-$(CONFIG_BLK) += efi_disk.o
 obj-$(CONFIG_NETDEVICES) += efi_net.o
-obj-$(CONFIG_GENERATE_ACPI_TABLE) += efi_acpi.o
+obj-$(CONFIG_ACPI) += efi_acpi.o
 obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
 obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
 obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 58d4e134023..ad719afd632 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -321,11 +321,11 @@ efi_status_t efi_init_obj_list(void)
 	if (ret != EFI_SUCCESS)
 		goto out;
 #endif
-#ifdef CONFIG_GENERATE_ACPI_TABLE
-	ret = efi_acpi_register();
-	if (ret != EFI_SUCCESS)
-		goto out;
-#endif
+	if (IS_ENABLED(CONFIG_ACPI)) {
+		ret = efi_acpi_register();
+		if (ret != EFI_SUCCESS)
+			goto out;
+	}
 #ifdef CONFIG_GENERATE_SMBIOS_TABLE
 	ret = efi_smbios_register();
 	if (ret != EFI_SUCCESS)
-- 
cgit v1.2.3


From 53fab13a7b11630aeb731c8ef7553cf773311a9f Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Wed, 20 Sep 2023 07:29:51 -0600
Subject: efi: Use the installed SMBIOS tables

U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.

Tidy up the installation-condition code while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
---
 lib/efi_loader/Makefile     |  2 +-
 lib/efi_loader/efi_setup.c  | 10 +++----
 lib/efi_loader/efi_smbios.c | 72 +++++++++++++++++++++++++++++----------------
 3 files changed, 52 insertions(+), 32 deletions(-)

(limited to 'lib/efi_loader')

diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index 0eb748ff1a5..8d31fc61c60 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -79,7 +79,7 @@ obj-$(CONFIG_VIDEO) += efi_gop.o
 obj-$(CONFIG_BLK) += efi_disk.o
 obj-$(CONFIG_NETDEVICES) += efi_net.o
 obj-$(CONFIG_ACPI) += efi_acpi.o
-obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
+obj-$(CONFIG_SMBIOS) += efi_smbios.o
 obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
 obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
 obj-$(CONFIG_EFI_RISCV_BOOT_PROTOCOL) += efi_riscv.o
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index ad719afd632..e6de685e879 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -326,11 +326,11 @@ efi_status_t efi_init_obj_list(void)
 		if (ret != EFI_SUCCESS)
 			goto out;
 	}
-#ifdef CONFIG_GENERATE_SMBIOS_TABLE
-	ret = efi_smbios_register();
-	if (ret != EFI_SUCCESS)
-		goto out;
-#endif
+	if (IS_ENABLED(CONFIG_SMBIOS)) {
+		ret = efi_smbios_register();
+		if (ret != EFI_SUCCESS)
+			goto out;
+	}
 	ret = efi_watchdog_register();
 	if (ret != EFI_SUCCESS)
 		goto out;
diff --git a/lib/efi_loader/efi_smbios.c b/lib/efi_loader/efi_smbios.c
index 306c0bc54f9..48446f654d9 100644
--- a/lib/efi_loader/efi_smbios.c
+++ b/lib/efi_loader/efi_smbios.c
@@ -10,8 +10,14 @@
 #include <common.h>
 #include <efi_loader.h>
 #include <log.h>
+#include <malloc.h>
 #include <mapmem.h>
 #include <smbios.h>
+#include <linux/sizes.h>
+
+enum {
+	TABLE_SIZE	= SZ_4K,
+};
 
 /*
  * Install the SMBIOS table as a configuration table.
@@ -20,36 +26,50 @@
  */
 efi_status_t efi_smbios_register(void)
 {
-	/* Map within the low 32 bits, to allow for 32bit SMBIOS tables */
-	u64 dmi_addr = U32_MAX;
+	ulong addr;
 	efi_status_t ret;
-	void *dmi;
 
-	/* Reserve 4kiB page for SMBIOS */
-	ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
-				 EFI_RUNTIME_SERVICES_DATA, 1, &dmi_addr);
+	addr = gd->arch.smbios_start;
+	if (!addr) {
+		log_err("No SMBIOS tables to install\n");
+		return EFI_NOT_FOUND;
+	}
+
+	/* Mark space used for tables */
+	ret = efi_add_memory_map(addr, TABLE_SIZE, EFI_RUNTIME_SERVICES_DATA);
+	if (ret)
+		return ret;
+
+	log_debug("EFI using SMBIOS tables at %lx\n", addr);
+
+	/* Install SMBIOS information as configuration table */
+	return efi_install_configuration_table(&smbios_guid,
+					       map_sysmem(addr, 0));
+}
+
+static int install_smbios_table(void)
+{
+	ulong addr;
+	void *buf;
 
-	if (ret != EFI_SUCCESS) {
-		/* Could not find space in lowmem, use highmem instead */
-		ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
-					 EFI_RUNTIME_SERVICES_DATA, 1,
-					 &dmi_addr);
+	if (!IS_ENABLED(CONFIG_GENERATE_SMBIOS_TABLE) || IS_ENABLED(CONFIG_X86))
+		return 0;
 
-		if (ret != EFI_SUCCESS)
-			return ret;
+	/* Align the table to a 4KB boundary to keep EFI happy */
+	buf = memalign(SZ_4K, TABLE_SIZE);
+	if (!buf)
+		return log_msg_ret("mem", -ENOMEM);
+
+	addr = map_to_sysmem(buf);
+	if (!write_smbios_table(addr)) {
+		log_err("Failed to write SMBIOS table\n");
+		return log_msg_ret("smbios", -EINVAL);
 	}
 
-	/*
-	 * Generate SMBIOS tables - we know that efi_allocate_pages() returns
-	 * a 4k-aligned address, so it is safe to assume that
-	 * write_smbios_table() will write the table at that address.
-	 */
-	assert(!(dmi_addr & 0xf));
-	dmi = (void *)(uintptr_t)dmi_addr;
-	if (write_smbios_table(map_to_sysmem(dmi)))
-		/* Install SMBIOS information as configuration table */
-		return efi_install_configuration_table(&smbios_guid, dmi);
-	efi_free_pages(dmi_addr, 1);
-	log_err("Cannot create SMBIOS table\n");
-	return EFI_SUCCESS;
+	/* Make a note of where we put it */
+	log_debug("SMBIOS tables written to %lx\n", addr);
+	gd->arch.smbios_start = addr;
+
+	return 0;
 }
+EVENT_SPY_SIMPLE(EVT_LAST_STAGE_INIT, install_smbios_table);
-- 
cgit v1.2.3