aboutsummaryrefslogtreecommitdiff
path: root/hw/uefi
AgeCommit message (Collapse)AuthorFilesLines
2025-03-21hw/uefi-vars-sysbus: allow for loongarch virtGerd Hoffmann1-1/+1
Allow the device being added to loongarch virt VMs. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250319141159.1461621-6-kraxel@redhat.com>
2025-03-21hw/uefi-vars-sysbus: allow for riscv virtGerd Hoffmann1-1/+1
Allow the device being added to riscv virt VMs. Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250319141159.1461621-5-kraxel@redhat.com>
2025-03-21hw/uefi: fix error handling in uefi_vars_json_loadGerd Hoffmann1-1/+8
Catch lseek errors. Return on read errors. Fixes: CID 1593154 Fixes: CID 1593157 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250319141159.1461621-4-kraxel@redhat.com>
2025-03-21hw/uefi: fix error handling in uefi_vars_json_saveGerd Hoffmann1-4/+11
Catch lseek errors. Return on errors. Use autoptr for the GString to simplify cleanup. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250319141159.1461621-3-kraxel@redhat.com>
2025-03-21hw/uefi: flush variable store to disk in post loadGerd Hoffmann1-0/+1
Make live migration more robust. Commit 4c0cfc72b31a ("pflash_cfi01: write flash contents to bdrv on incoming migration") elaborates in detail on the motivation. Cc: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250319141159.1461621-2-kraxel@redhat.com>
2025-03-04docs: add uefi variable service documentationGerd Hoffmann1-0/+7
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-25-kraxel@redhat.com>
2025-03-04hw/uefi-vars-sysbus: add x64 variantGerd Hoffmann1-0/+32
The x86 variant of the device is mapped on the fixed address 0xfef10000 and uses etc/hardware-info instead of FDT to pass the mapping location to the edk2 firmware. The latter allows to move the device to a different location should that turn out to be necessary in the future. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-21-kraxel@redhat.com>
2025-03-04hw/uefi-vars-sysbus: qemu platform bus supportGerd Hoffmann1-0/+1
Add and register function to create an device tree entry when the device is added to the qemu platform bus. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-20-kraxel@redhat.com>
2025-03-04hw/uefi: add uefi-vars-sysbus deviceGerd Hoffmann2-1/+93
This adds sysbus bindings for the variable service. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-19-kraxel@redhat.com>
2025-03-04hw/uefi: add to mesonGerd Hoffmann1-0/+19
Wire up uefi-vars in the build system. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-18-kraxel@redhat.com>
2025-03-04hw/uefi: add UEFI_VARS to KconfigGerd Hoffmann1-0/+3
Add UEFI_VARS config option, enable by default for x86_64 and aarch64. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-17-kraxel@redhat.com>
2025-03-04hw/uefi: add trace-eventsGerd Hoffmann1-0/+17
Add trace events for debugging and trouble shooting. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-16-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-json.c + qapi for NV vars.Gerd Hoffmann1-0/+243
Define qapi schema for the uefi variable store state. Use it and the generated visitor helper functions to store persistent (EFI_VARIABLE_NON_VOLATILE) variables in JSON format on disk. Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-15-kraxel@redhat.com> [ incremental fix squashed in ] Message-ID: <pji24p6oag7cn2rovus7rquo7q2c6tokuquobfro2sqorky7vu@tk7cxud6jw7f>
2025-03-04hw/uefi: add var-service-siglist.cGerd Hoffmann1-0/+212
Functions to serialize and de-serialize EFI signature databases. This is needed to merge signature databases (happens in practice when appending dbx updates) and also to extract the certificates for pkcs7 signature verification. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-14-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-pkcs7-stub.cGerd Hoffmann1-0/+16
pkcs7 stub which is used in case gnutls is not available. It throws EFI_WRITE_PROTECTED errors unconditionally, so all authenticated variables are readonly for the guest. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-13-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-pkcs7.cGerd Hoffmann1-0/+436
This implements pkcs7 signature verification using gnutls. Needed to check authenticated variable updates. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-12-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-core.cGerd Hoffmann1-0/+321
This is the core code for guest <-> host communication. This accepts request messages from the guest, dispatches them to the service called, and sends back the response message. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-11-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-policy.cGerd Hoffmann1-0/+370
Implement variable policies (Edk2VariablePolicyProtocol). This EFI protocol allows to define restrictions for variables. It also allows to lock down variables (disallow write access). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-10-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-auth.cGerd Hoffmann1-0/+361
This implements authenticated variable handling (see AuthVariableLib in edk2). The by far most common use case for auth variables is secure boot. The secure boot certificate databases ('PK', 'KEK', 'db' and 'dbx') are authenticated variables, with update rules being specified in the UEFI specification. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-9-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-vars.cGerd Hoffmann1-0/+725
This is the uefi variable service (EfiSmmVariableProtocol), providing functions for listing, reading and updating variables. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-8-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-utils.cGerd Hoffmann1-0/+241
Add utility functions. Helpers for UEFI (ucs2) string handling. Helpers for readable trace messages. Compare UEFI time stamps. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-7-kraxel@redhat.com>
2025-03-04hw/uefi: add var-service-guid.cGerd Hoffmann1-0/+99
Add variables for a bunch of UEFI GUIDs we will need. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-6-kraxel@redhat.com>
2025-03-04Add support for etc/hardware-info fw_cfg fileGerd Hoffmann2-0/+32
edk2 looks for the etc/hardware-info fw_cfg file to discover hardware which can not easily be found in other ways. Entries consist of a header with hardware type and entry size (HARDWARE_INFO_HEADER), followed by the actual hardware description (which is type specific). The file can have multiple entries. This patch adds the infrastructure to add entries to the file and an entry struct for simple devices (HARDWARE_INFO_SIMPLE_DEVICE) which have an mmio address only. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-ID: <20250225163031.1409078-2-kraxel@redhat.com>
generated by cgit v1.1 at 2025-04-14 23:35:18 +0000