diff options
| author | Tom Rini <trini@konsulko.com> | 2022-01-29 13:50:19 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-01-29 13:50:19 -0500 |
| commit | c7d042f315d89ab2f0122920829f18a8f8897a05 (patch) | |
| tree | 380446358ad24e2ed24e1696d898b019d82eb6cd | |
| parent | 98a90b2730696c1ba773359b7944f6685ae13344 (diff) | |
| parent | 5ee900c14ff57b8c9201d7d42f018b33df3ea42a (diff) | |
| download | u-boot-c7d042f315d89ab2f0122920829f18a8f8897a05.zip u-boot-c7d042f315d89ab2f0122920829f18a8f8897a05.tar.gz u-boot-c7d042f315d89ab2f0122920829f18a8f8897a05.tar.bz2 | |
Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efiWIP/29Jan2022
Pull request for efi-2022-04-rc1-3
Documentation:
* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board
UEFI:
* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
55 files changed, 613 insertions, 274 deletions
diff --git a/board/nokia/rx51/MAINTAINERS b/board/nokia/rx51/MAINTAINERS index 58b16bf..25f8b3c 100644 --- a/board/nokia/rx51/MAINTAINERS +++ b/board/nokia/rx51/MAINTAINERS @@ -4,5 +4,5 @@ S: Maintained F: board/nokia/rx51/ F: include/configs/nokia_rx51.h F: configs/nokia_rx51_defconfig -F: doc/README.nokia_rx51 +F: doc/board/nokia/rx51.rst F: test/nokia_rx51_test.sh diff --git a/doc/README.nokia_rx51 b/doc/README.nokia_rx51 deleted file mode 100644 index 7f22ed4..0000000 --- a/doc/README.nokia_rx51 +++ /dev/null @@ -1,96 +0,0 @@ -Board: Nokia RX-51 aka N900 - -This board definition results in a u-boot.bin which can be chainloaded -from NOLO in qemu or on a real N900. It does very little hardware config -because NOLO has already configured the board. Only needed is enabling -internal eMMC memory via twl4030 regulator which is not enabled by NOLO. - -NOLO is expecting a kernel image and will treat any image it finds in -onenand as such. This u-boot is intended to be flashed to the N900 like -a kernel. In order to transparently boot the original kernel, it will be -appended to u-boot.bin at 0x40000. NOLO will load the entire image into -(random) memory and execute u-boot, which saves hw revision, boot reason -and boot mode ATAGs set by NOLO. Then the bootscripts will attempt to load -uImage, zImage or boot.scr from a fat or ext2/3/4 filesystem on external -SD card or internal eMMC memory. If this fails or keyboard is closed then -the appended kernel image will be booted using some generated and some -stored ATAGs (see boot order). - -For generating combined image of u-boot and kernel (either in uImage or zImage -format) there is a simple script called u-boot-gen-combined. It is available in -following repository: - - https://github.com/pali/u-boot-maemo - -There is support for hardware watchdog. Hardware watchdog is started by -NOLO so u-boot must kick watchdog to prevent reboot device (but not very -often, max every 2 seconds). There is also support for framebuffer display -output with ANSI escape codes and the N900 HW keyboard input. - -When U-Boot is starting it enable IBE bit in Auxiliary Control Register, -which is needed for Thumb-2 ISA support. It is workaround for errata 430973. - -Default boot order: - - * 0. if keyboard is closed boot automatically attached kernel image - * 1. try boot from external SD card - * 2. try boot from internal eMMC memory - * 3. try boot from attached kernel image - -Boot from SD or eMMC in this order: - - * 1. - * 1.1 find boot.scr on first fat partition - * 1.2 find uImage on first fat partition - * 1.3 find zImage on first fat partition - * 1.4 same order for 2. - 4. fat partition - * 2. same as 1. but for ext2/3 partition - * 3. same as 1. but for ext4 partition - - -Available additional commands/variables: - - * run sdboot - Boot from external SD card (see boot order) - * run emmcboot - Boot from internal eMMC memory (see boot order) - * run attachboot - Boot attached kernel image (attached to U-Boot binary) - - * run scriptload - Load boot script ${mmcscriptfile} - * run scriptboot - Run loaded boot script - * run kernload - Load kernel image ${mmckernfile} - * run initrdload - Load initrd image ${mmcinitrdfile} - * run kernboot - Boot loaded kernel image - * run kerninitrdboot - Boot loaded kernel image with loaded initrd image - - * run trymmcscriptboot - Try to load and boot script ${mmcscriptfile} - * run trymmckernboot - Try to load and boot kernel image ${mmckernfile} - * run trymmckerninitrdboot - Try to load and boot kernel image ${mmckernfile} - with initrd image ${mmcinitrdfile} - -Additional variables for loading files from mmc: - - * mmc ${mmcnum} (0 - external, 1 - internal) - * partition number ${mmcpart} (1 - 4) - * parition type ${mmctype} (fat, ext2, ext4) - -Additional variables for booting kernel: - - * setup_omap_atag - Add OMAP table into atags structure (needs maemo kernel) - * setup_console_atag - Enable serial console in OMAP table - * setup_boot_reason_atag - Change boot reason in OMAP table - * setup_boot_mode_atag - Change boot mode in OMAP table - - Variable setup_omap_atag is automatically set when booting attached kernel. - When variable setup_omap_atag is set, variable setup_console_atag is unset - and u-boot standard output is set to serial then setup_console_atag is - automatically set to 1. So output from Maemo kernel would go to serial port. - -UBIFS support: - - UBIFS support is disabled, because U-Boot image is too big and cannot be - flashed with attached zImage to RX-51 kernel nand area. For enabling UBIFS - support add following lines into file configs/nokia_rx51_defconfig - - CONFIG_CMD_UBI=y - CONFIG_CMD_UBIFS=y - CONFIG_MTD_UBI_FASTMAP=y - CONFIG_MTD_UBI_FASTMAP_AUTOCONVERT=1 diff --git a/doc/board/index.rst b/doc/board/index.rst index 5607e1f..75c34c4 100644 --- a/doc/board/index.rst +++ b/doc/board/index.rst @@ -22,6 +22,7 @@ Board-specific doc intel/index kontron/index microchip/index + nokia/index nxp/index openpiton/index qualcomm/index diff --git a/doc/board/nokia/index.rst b/doc/board/nokia/index.rst new file mode 100644 index 0000000..b68c3c6 --- /dev/null +++ b/doc/board/nokia/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +Nokia +===== + +.. toctree:: + :maxdepth: 2 + + rx51 diff --git a/doc/board/nokia/rx51.rst b/doc/board/nokia/rx51.rst new file mode 100644 index 0000000..941f78e --- /dev/null +++ b/doc/board/nokia/rx51.rst @@ -0,0 +1,162 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +Nokia RX-51 aka N900 +==================== + +The ``nokia_rx51_defconfig`` configuration file results in a ``u-boot.bin`` +which can be chainloaded by the Nokia second stage bootloader (NOLO) in QEMU or +on a real N900. It does very little hardware configuration because NOLO has +already configured the board. It is only needed to enable the internal eMMC +memory via the twl4030 regulator which is not enabled by NOLO. + +NOLO is expecting a kernel image and will treat any image it finds in +OneNAND as such. This u-boot is intended to be flashed to the N900 like +a kernel. In order to transparently boot the original kernel, it will be +appended to ``u-boot.bin`` at 0x40000. NOLO will load the entire image into +(random) memory and execute U-Boot, which saves hardware revision, boot reason +and boot mode ATAGs set by NOLO. Then the bootscripts will attempt to load +``uImage``, ``zImage`` or ``boot.scr`` file from a FAT or ext2/3/4 filesystem +on external SD card or internal eMMC memory. If this fails or keyboard is +closed then the appended kernel image will be booted using some generated +and some stored ATAGs (see boot order). + +For generating combined image of U-Boot and kernel (either in uImage or zImage +format) there is a simple script called ``u-boot-gen-combined``. It is available +in following repository: https://github.com/pali/u-boot-maemo. + +To generate the ``combined.bin`` image from ``u-boot.bin`` and ``kernel.bin`` +(in either uImage or zImage format) use: + +.. code-block:: bash + + sh u-boot-gen-combined u-boot.bin kernel.bin combined.bin + +The original Maemo Fremantle PR1.3 zImage kernel binary is available at: +http://repository.maemo.org/pool/maemo5.0/free/k/kernel/kernel_2.6.28-20103103+0m5_armel.deb + +To unpack it (from DEB/AR, TAR and FIASCO) execute the following commands: + +.. code-block:: bash + + ar x kernel_2.6.28-20103103+0m5_armel.deb data.tar.gz + tar -O -xf data.tar.gz ./boot/zImage-2.6.28-20103103+0m5.fiasco > kernel_2.6.28-20103103+0m5.fiasco + 0xFFFF -M kernel_2.6.28-20103103+0m5.fiasco -u + +The flashed image must start with a 2 KiB ``NOLO!img`` header which contains +size of the image. The header consists of the bytes +``NOLO!img\x02\x00\x00\x00\x00\x00\x00\x00`` followed by the 4 byte little +endian size of the image. The rest of the 2 KiB header just contains zero bytes. + +The Nokia proprietary flasher and also the open source 0xFFFF flasher +automatically prepend the required ``NOLO!img`` header and both applications +expect that the image does not contain a ``NOLO!img`` header. Adding a +``NOLO!img`` header is required only in case of using the ``nandwrite`` tool for +flashing. + +The open source 0xFFFF flasher is available in the following repository: +https://github.com/pali/0xFFFF + +It is possible to load ``u-boot.bin`` via USB to the N900 RAM and boot it +without needing to flash it. This is done via 0xFFFF running on the host PC: + +.. code-block:: bash + + 0xFFFF -m u-boot.bin -l -b + +0xFFFF also supports flashing a kernel image either via USB or directly on +N900 device. Flashing u-boot/kernel/combined image is done as: + +.. code-block:: bash + + 0xFFFF -m combined.bin -f + +Via 0xFFFF it is also possible to generate a standard flashable image in +Nokia FIASCO format which contains metadata information like device +identification (RX-51) and version string (v2021.04): + +.. code-block:: bash + + 0xFFFF -m RX-51:v2021.04:kernel:u-boot.bin -g u-boot.fiasco + +There is support for the hardware watchdog. The hardware watchdog is started by +NOLO so U-Boot must reset the watchdog to prevent rebooting the device (but not +very often, max every 2 seconds). There is also support for framebuffer display +output with ANSI escape codes and the N900 hardware keyboard input. + +When U-Boot is starting it sets the IBE bit in the Auxiliary Control Register, +which is needed for Thumb-2 ISA support. This is a workaround for erratum +430973. + +Default boot order +------------------ + +0. if keyboard is closed boot automatically attached kernel image +1. try boot from external SD card +2. try boot from internal eMMC memory +3. try boot from attached kernel image + +Boot from SD or eMMC in this order: + +1. boot from FAT partition + + a. find ``boot.scr`` on first FAT partition + b. find ``uImage`` on first FAT partition + c. find ``zImage`` on first FAT partition + d. same order for 2nd - 4th FAT partition + +2. same as 1. but for ext2/3/4 partition + +Available additional commands/variables +--------------------------------------- + +* run sdboot - Boot from external SD card (see boot order) +* run emmcboot - Boot from internal eMMC memory (see boot order) +* run attachboot - Boot attached kernel image (attached to U-Boot binary) + +\ + +* run scriptload - Load boot script ``${mmcscriptfile}`` +* run scriptboot - Run loaded boot script +* run kernload - Load kernel image ``${mmckernfile}`` +* run initrdload - Load initrd image ``${mmcinitrdfile}`` +* run kernboot - Boot loaded kernel image +* run kerninitrdboot - Boot loaded kernel image with loaded initrd image + +\ + +* run trymmcscriptboot - Try to load and boot script ``${mmcscriptfile}`` +* run trymmckernboot - Try to load and boot kernel image ``${mmckernfile}`` +* run trymmckerninitrdboot - Try to load and boot kernel image ``${mmckernfile}`` + with initrd image ``${mmcinitrdfile}`` + +Additional variables for loading files from mmc +----------------------------------------------- + +* mmc ``${mmcnum}`` (0 - external, 1 - internal) +* partition number ``${mmcpart}`` (1 - 4) +* partition type ``${mmctype}`` (fat, ext2, ext4; ext2 is just alias for ext4) + +Additional variables for booting a kernel +----------------------------------------- + +* ``setup_omap_atag`` - Add OMAP table into atags structure (needed for maemo kernel) +* ``setup_console_atag`` - Enable serial console in OMAP table +* ``setup_boot_reason_atag`` - Change boot reason in OMAP table +* ``setup_boot_mode_atag`` - Change boot mode in OMAP table + +Variable ``setup_omap_atag`` is automatically set when booting attached kernel. +When variable ``setup_omap_atag`` is set, variable ``setup_console_atag`` is unset +and u-boot standard output is set to serial then ``setup_console_atag`` is +automatically set to 1. So output from Maemo kernel would go to serial port. + +UBIFS support +------------- + +UBIFS support is disabled, because U-Boot image is too big and cannot be +flashed with attached kernel image to RX-51 kernel nand area. For enabling +UBIFS support add following lines into file ``configs/nokia_rx51_defconfig``:: + + CONFIG_CMD_UBI=y + CONFIG_CMD_UBIFS=y + CONFIG_MTD_UBI_FASTMAP=y + CONFIG_MTD_UBI_FASTMAP_AUTOCONVERT=1 diff --git a/doc/board/sifive/unmatched.rst b/doc/board/sifive/unmatched.rst index b52a1f6..24a8899 100644 --- a/doc/board/sifive/unmatched.rst +++ b/doc/board/sifive/unmatched.rst @@ -20,8 +20,11 @@ The support for following drivers are already enabled: 4. SiFive SPI Driver. 5. MMC SPI Driver for MMC/SD support. -Booting from uSD using U-Boot SPL ---------------------------------- +Booting from micro SD card using U-Boot SPL +------------------------------------------- + +Booting from an SD card requires that the boot mode selection DIP switches +MSEL[3:0] are set to 1011. Building -------- diff --git a/include/efi_api.h b/include/efi_api.h index 8d5d835..982c200 100644 --- a/include/efi_api.h +++ b/include/efi_api.h @@ -438,6 +438,10 @@ struct efi_runtime_services { EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, \ 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f) +#define RISCV_EFI_BOOT_PROTOCOL_GUID \ + EFI_GUID(0xccd15fec, 0x6f73, 0x4eec, 0x83, \ + 0x95, 0x3e, 0x69, 0xe4, 0xb9, 0x40, 0xbf) + /** * struct efi_configuration_table - EFI Configuration Table * @@ -1845,9 +1849,21 @@ struct efi_system_resource_table { #define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000 /* Certificate types in signature database */ +#define EFI_CERT_SHA1_GUID \ + EFI_GUID(0x826ca512, 0xcf10, 0x4ac9, 0xb1, 0x87, \ + 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd) +#define EFI_CERT_SHA224_GUID \ + EFI_GUID(0xb6e5233, 0xa65c, 0x44c9, 0x94, 0x07, \ + 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd) #define EFI_CERT_SHA256_GUID \ EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, \ 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28) +#define EFI_CERT_SHA384_GUID \ + EFI_GUID(0xff3e5307, 0x9fd0, 0x48c9, 0x85, 0xf1, \ + 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01) +#define EFI_CERT_SHA512_GUID \ + EFI_GUID(0x93e0fae, 0xa6c4, 0x4f50, 0x9f, 0x1b, \ + 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a) #define EFI_CERT_RSA2048_GUID \ EFI_GUID(0x3c5766e8, 0x269c, 0x4e34, 0xaa, 0x14, \ 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6) diff --git a/include/efi_loader.h b/include/efi_loader.h index 701efcd..4e50f2d 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -527,6 +527,8 @@ efi_status_t efi_disk_register(void); efi_status_t efi_rng_register(void); /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */ efi_status_t efi_tcg2_register(void); +/* Called by efi_init_obj_list() to install RISCV_EFI_BOOT_PROTOCOL */ +efi_status_t efi_riscv_register(void); /* Called by efi_init_obj_list() to do initial measurement */ efi_status_t efi_tcg2_do_initial_measurement(void); /* measure the pe-coff image, extend PCR and add Event Log */ @@ -910,7 +912,8 @@ struct x509_certificate; struct pkcs7_message; bool efi_signature_lookup_digest(struct efi_image_regions *regs, - struct efi_signature_store *db); + struct efi_signature_store *db, + bool dbx); bool efi_signature_verify(struct efi_image_regions *regs, struct pkcs7_message *msg, struct efi_signature_store *db, diff --git a/include/efi_riscv.h b/include/efi_riscv.h new file mode 100644 index 0000000..4bd39c4 --- /dev/null +++ b/include/efi_riscv.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * RISCV_EFI_BOOT_PROTOCOL + * + * Copyright (c) 2022 Ventana Micro Systems Inc + */ + +#include <efi_api.h> + +#define RISCV_EFI_BOOT_PROTOCOL_REVISION 0x00010000 + +/** + * struct riscv_efi_boot_protocol - RISCV_EFI_BOOT_PROTOCOL + * @revision: Version of the protocol implemented + * @get_boot_hartid: Get the boot hart ID + */ +struct riscv_efi_boot_protocol { + u64 revision; + + efi_status_t (EFIAPI * get_boot_hartid) (struct riscv_efi_boot_protocol *this, + efi_uintn_t *boot_hartid); +}; + +extern struct riscv_efi_boot_protocol riscv_efi_boot_prot; diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 24f9a2b..e5e35fe 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -369,4 +369,14 @@ config EFI_ESRT help Enabling this option creates the ESRT UEFI system table. +config EFI_RISCV_BOOT_PROTOCOL + bool "RISCV_EFI_BOOT_PROTOCOL support" + default y + depends on RISCV + help + The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID + to the next boot stage. It should be enabled as it is meant to + replace the transfer via the device-tree. The latter is not + possible on systems using ACPI. + endif diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index fd344ce..b2c664d 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -62,6 +62,7 @@ obj-$(CONFIG_GENERATE_ACPI_TABLE) += efi_acpi.o obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o +obj-$(CONFIG_EFI_RISCV_BOOT_PROTOCOL) += efi_riscv.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c index 9aa0030..7a7077e 100644 --- a/lib/efi_loader/efi_file.c +++ b/lib/efi_loader/efi_file.c @@ -1084,7 +1084,7 @@ static const struct efi_file_handle efi_file_handle_protocol = { * efi_file_from_path() - open file via device path * * @fp: device path - * @return: EFI_FILE_PROTOCOL for the file or NULL + * Return: EFI_FILE_PROTOCOL for the file or NULL */ struct efi_file_handle *efi_file_from_path(struct efi_device_path *fp) { diff --git a/lib/efi_loader/efi_freestanding.c b/lib/efi_loader/efi_freestanding.c index bd0dff1..c85df02 100644 --- a/lib/efi_loader/efi_freestanding.c +++ b/lib/efi_loader/efi_freestanding.c @@ -97,8 +97,8 @@ void *memset(void *s, int c, size_t n) * * We do nothing here. * - * @param func_ptr Pointer to function being entered - * @param caller Pointer to function which called this function + * func_ptr: Pointer to function being entered + * caller: Pointer to function which called this function */ void __attribute__((no_instrument_function)) __cyg_profile_func_enter(void *func_ptr, void *caller) @@ -113,8 +113,8 @@ __cyg_profile_func_enter(void *func_ptr, void *caller) * * We do nothing here. * - * @param func_ptr Pointer to function being entered - * @param caller Pointer to function which called this function + * func_ptr: Pointer to function being entered + * caller: Pointer to function which called this function */ void __attribute__((no_instrument_function)) __cyg_profile_func_exit(void *func_ptr, void *caller) diff --git a/lib/efi_loader/efi_gop.c b/lib/efi_loader/efi_gop.c index 7683a34..2c81859 100644 --- a/lib/efi_loader/efi_gop.c +++ b/lib/efi_loader/efi_gop.c @@ -407,7 +407,7 @@ out: * @width: width of rectangle * @height: height of rectangle * @delta: length in bytes of a line in the pixel buffer (optional) - * @return: status code + * Return: status code */ efi_status_t EFIAPI gop_blt(struct efi_gop *this, struct efi_gop_pixel *buffer, u32 operation, efi_uintn_t sx, diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 255613e..f43dfb3 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -545,13 +545,13 @@ static bool efi_image_unsigned_authenticate(struct efi_image_regions *regs) } /* try black-list first */ - if (efi_signature_lookup_digest(regs, dbx)) { + if (efi_signature_lookup_digest(regs, dbx, true)) { EFI_PRINT("Image is not signed and its digest found in \"dbx\"\n"); goto out; } /* try white-list */ - if (efi_signature_lookup_digest(regs, db)) + if (efi_signature_lookup_digest(regs, db, false)) ret = true; else EFI_PRINT("Image is not signed and its digest not found in \"db\" or \"dbx\"\n"); @@ -633,7 +633,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) goto err; } - if (efi_signature_lookup_digest(regs, dbx)) { + if (efi_signature_lookup_digest(regs, dbx, true)) { EFI_PRINT("Image's digest was found in \"dbx\"\n"); goto err; } @@ -734,7 +734,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) EFI_PRINT("Signature was not verified by \"db\"\n"); - if (efi_signature_lookup_digest(regs, db)) { + if (efi_signature_lookup_digest(regs, db, false)) { ret = true; break; } diff --git a/lib/efi_loader/efi_riscv.c b/lib/efi_loader/efi_riscv.c new file mode 100644 index 0000000..bccfefd --- /dev/null +++ b/lib/efi_loader/efi_riscv.c @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Defines APIs that allow an OS to interact with UEFI firmware to query + * information about the boot hart ID. + * + * Copyright (c) 2022, Ventana Micro Systems Inc + */ + +#define LOG_CATEGORY LOGC_EFI +#include <common.h> +#include <efi_loader.h> +#include <efi_variable.h> +#include <log.h> +#include <asm/global_data.h> +#include <efi_riscv.h> + +DECLARE_GLOBAL_DATA_PTR; + +static const efi_guid_t efi_guid_riscv_boot_protocol = RISCV_EFI_BOOT_PROTOCOL_GUID; + +/** + * efi_riscv_get_boot_hartid() - return boot hart ID + * @this: RISCV_EFI_BOOT_PROTOCOL instance + * @boot_hartid: caller allocated memory to return boot hart id + * Return: status code + */ +static efi_status_t EFIAPI +efi_riscv_get_boot_hartid(struct riscv_efi_boot_protocol *this, + efi_uintn_t *boot_hartid) +{ + EFI_ENTRY("%p, %p", this, boot_hartid); + + if (this != &riscv_efi_boot_prot || !boot_hartid) + return EFI_INVALID_PARAMETER; + + *boot_hartid = gd->arch.boot_hart; + + return EFI_EXIT(EFI_SUCCESS); +} + +struct riscv_efi_boot_protocol riscv_efi_boot_prot = { + .revision = RISCV_EFI_BOOT_PROTOCOL_REVISION, + .get_boot_hartid = efi_riscv_get_boot_hartid +}; + +/** + * efi_riscv_register() - register RISCV_EFI_BOOT_PROTOCOL + * + * Return: status code + */ +efi_status_t efi_riscv_register(void) +{ + efi_status_t ret = EFI_SUCCESS; + + ret = efi_add_protocol(efi_root, &efi_guid_riscv_boot_protocol, + (void *)&riscv_efi_boot_prot); + if (ret != EFI_SUCCESS) + log_err("Cannot install RISCV_EFI_BOOT_PROTOCOL\n"); + return ret; +} diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index 49172e3..380adc1 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -247,6 +247,12 @@ efi_status_t efi_init_obj_list(void) goto out; } + if (IS_ENABLED(CONFIG_EFI_RISCV_BOOT_PROTOCOL)) { + ret = efi_riscv_register(); + if (ret != EFI_SUCCESS) + goto out; + } + /* Secure boot */ ret = efi_init_secure_boot(); if (ret != EFI_SUCCESS) diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index 3243e2c..1bd1fdc 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -147,9 +147,34 @@ static bool efi_hash_regions(struct image_region *regs, int count, } /** + * hash_algo_supported - check if the requested hash algorithm is supported + * @guid: guid of the algorithm + * + * Return: true if supported false otherwise + */ +static bool hash_algo_supported(const efi_guid_t guid) +{ + int i; + const efi_guid_t unsupported_hashes[] = { + EFI_CERT_SHA1_GUID, + EFI_CERT_SHA224_GUID, + EFI_CERT_SHA384_GUID, + EFI_CERT_SHA512_GUID, + }; + + for (i = 0; i < ARRAY_SIZE(unsupported_hashes); i++) { + if (!guidcmp(&unsupported_hashes[i], &guid)) + return false; + } + + return true; +} + +/** * efi_signature_lookup_digest - search for an image's digest in sigdb * @regs: List of regions to be authenticated * @db: Signature database for trusted certificates + * @dbx Caller needs to set this to true if he is searching dbx * * A message digest of image pointed to by @regs is calculated and * its hash value is compared to entries in signature database pointed @@ -158,13 +183,16 @@ static bool efi_hash_regions(struct image_region *regs, int count, * Return: true if found, false if not */ bool efi_signature_lookup_digest(struct efi_image_regions *regs, - struct efi_signature_store *db) + struct efi_signature_store *db, + bool dbx) + { struct efi_signature_store *siglist; struct efi_sig_data *sig_data; void *hash = NULL; size_t size = 0; bool found = false; + bool hash_done = false; EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db); @@ -172,17 +200,27 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs, goto out; for (siglist = db; siglist; siglist = siglist->next) { - /* TODO: support other hash algorithms */ - if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) { - EFI_PRINT("Digest algorithm is not supported: %pUs\n", - &siglist->sig_type); - break; - } + /* + * if the hash algorithm is unsupported and we get an entry in + * dbx reject the image + */ + if (dbx && !hash_algo_supported(siglist->sig_type)) { + found = true; + continue; + }; + /* + * Only support sha256 for now, that's what + * hash-to-efi-sig-list produces + */ + if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) + continue; - if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) { + if (!hash_done && + !efi_hash_regions(regs->reg, regs->num, &hash, &size)) { EFI_PRINT("Digesting an image failed\n"); break; } + hash_done = true; for (sig_data = siglist->sig_data_list; sig_data; sig_data = sig_data->next) { diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c index 3f215e2..33e4fbc 100644 --- a/lib/efi_loader/helloworld.c +++ b/lib/efi_loader/helloworld.c @@ -133,7 +133,7 @@ efi_status_t print_device_path(struct efi_device_path *device_path, * * @handle: handle of the loaded image * @systab: system table - * @return: status code + * Return: status code */ efi_status_t EFIAPI efi_main(efi_handle_t handle, struct efi_system_table *systab) diff --git a/lib/efi_selftest/dtbdump.c b/lib/efi_selftest/dtbdump.c index ed3b985..6e1eaa4 100644 --- a/lib/efi_selftest/dtbdump.c +++ b/lib/efi_selftest/dtbdump.c @@ -495,7 +495,7 @@ efi_status_t do_save(u16 *filename) * * @handle: handle of the loaded image * @systab: system table - * @return: status code + * Return: status code */ efi_status_t EFIAPI efi_main(efi_handle_t image_handle, struct efi_system_table *systab) diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c index 3da34b1..474a8b8 100644 --- a/lib/efi_selftest/efi_selftest.c +++ b/lib/efi_selftest/efi_selftest.c @@ -149,7 +149,7 @@ static int teardown(struct efi_unit_test *test, unsigned int *failures) * Check that a test requiring reset exists. * * @testname: name of the test - * @return: test, or NULL if not found + * Return: test, or NULL if not found */ static bool need_reset(const u16 *testname) { @@ -170,7 +170,7 @@ static bool need_reset(const u16 *testname) * Check that a test exists. * * @testname: name of the test - * @return: test, or NULL if not found + * Return: test, or NULL if not found */ static struct efi_unit_test *find_test(const u16 *testname) { diff --git a/lib/efi_selftest/efi_selftest_bitblt.c b/lib/efi_selftest/efi_selftest_bitblt.c index fb33150..1def843 100644 --- a/lib/efi_selftest/efi_selftest_bitblt.c +++ b/lib/efi_selftest/efi_selftest_bitblt.c @@ -94,7 +94,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -198,7 +198,7 @@ static int setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -225,7 +225,7 @@ static int teardown(void) /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_block_device.c b/lib/efi_selftest/efi_selftest_block_device.c index ad53dac..62b3e04 100644 --- a/lib/efi_selftest/efi_selftest_block_device.c +++ b/lib/efi_selftest/efi_selftest_block_device.c @@ -180,7 +180,7 @@ static efi_handle_t disk_handle; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -240,7 +240,7 @@ static int setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -292,7 +292,7 @@ static efi_uintn_t dp_size(struct efi_device_path *dp) /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_config_table.c b/lib/efi_selftest/efi_selftest_config_table.c index 2bf12b5..1961e29 100644 --- a/lib/efi_selftest/efi_selftest_config_table.c +++ b/lib/efi_selftest/efi_selftest_config_table.c @@ -68,7 +68,7 @@ static int check_table(const void *table) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -85,7 +85,7 @@ static int setup(const efi_handle_t handle, * A table is installed, updated, removed. The table entry and the * triggering of events is checked. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_console.c b/lib/efi_selftest/efi_selftest_console.c index 3187e10..fd2b3d0 100644 --- a/lib/efi_selftest/efi_selftest_console.c +++ b/lib/efi_selftest/efi_selftest_console.c @@ -274,7 +274,7 @@ void efi_st_printc(int color, const char *fmt, ...) /* * Reads an Unicode character from the input device. * - * @return: Unicode character + * Return: Unicode character */ u16 efi_st_get_key(void) { diff --git a/lib/efi_selftest/efi_selftest_crc32.c b/lib/efi_selftest/efi_selftest_crc32.c index 19153c7..f2be353 100644 --- a/lib/efi_selftest/efi_selftest_crc32.c +++ b/lib/efi_selftest/efi_selftest_crc32.c @@ -68,7 +68,7 @@ static int check_table(const void *table) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -112,7 +112,7 @@ static int setup(const efi_handle_t handle, * * Check tables after ExitBootServices() * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_devicepath_util.c b/lib/efi_selftest/efi_selftest_devicepath_util.c index c846e05..1801e30 100644 --- a/lib/efi_selftest/efi_selftest_devicepath_util.c +++ b/lib/efi_selftest/efi_selftest_devicepath_util.c @@ -49,7 +49,7 @@ static int setup(const efi_handle_t img_handle, * * @length: length of the media device node * @dp: device path - * @return: status code + * Return: status code */ static int create_single_node_device_path(unsigned int length, struct efi_device_path **dp) diff --git a/lib/efi_selftest/efi_selftest_esrt.c b/lib/efi_selftest/efi_selftest_esrt.c index 99793de..922ff25 100644 --- a/lib/efi_selftest/efi_selftest_esrt.c +++ b/lib/efi_selftest/efi_selftest_esrt.c @@ -108,7 +108,7 @@ static void *lib_test_get_esrt(void) * @esrt: pointer to the ESRT * @img_info: an image_info_descriptor output by the FMP get_image_info * - * @return: true if matching ESRT entry is found and if all the ESRT entry fields match the + * Return: true if matching ESRT entry is found and if all the ESRT entry fields match the * corresponding @img_info fields. */ static bool lib_test_check_uuid_entry(struct efi_system_resource_table *esrt, @@ -168,7 +168,7 @@ static bool lib_test_check_uuid_entry(struct efi_system_resource_table *esrt, * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -185,7 +185,7 @@ static int setup(const efi_handle_t handle, * * Uninstall the test FMP. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { diff --git a/lib/efi_selftest/efi_selftest_event_groups.c b/lib/efi_selftest/efi_selftest_event_groups.c index 6dcde50..7a6d9fb 100644 --- a/lib/efi_selftest/efi_selftest_event_groups.c +++ b/lib/efi_selftest/efi_selftest_event_groups.c @@ -38,7 +38,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -54,7 +54,7 @@ static int setup(const efi_handle_t handle, * Create multiple events in an event group. Signal each event once and check * that all events are notified once in each round. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_events.c b/lib/efi_selftest/efi_selftest_events.c index 1077cbd..9007153 100644 --- a/lib/efi_selftest/efi_selftest_events.c +++ b/lib/efi_selftest/efi_selftest_events.c @@ -39,7 +39,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -69,7 +69,7 @@ static int setup(const efi_handle_t handle, * * Close the events created in setup. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -103,7 +103,7 @@ static int teardown(void) * Run a 100 ms single shot timer and check that it is called once * while waiting for 100 ms periodic timer for two periods. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_exception.c b/lib/efi_selftest/efi_selftest_exception.c index d86228a..dca7f7d 100644 --- a/lib/efi_selftest/efi_selftest_exception.c +++ b/lib/efi_selftest/efi_selftest_exception.c @@ -99,7 +99,7 @@ static efi_status_t decompress(u8 **image) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -118,7 +118,7 @@ static int setup(const efi_handle_t handle, * * Load and start the application image. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_exitbootservices.c b/lib/efi_selftest/efi_selftest_exitbootservices.c index 59ab154..f5e0d9d 100644 --- a/lib/efi_selftest/efi_selftest_exitbootservices.c +++ b/lib/efi_selftest/efi_selftest_exitbootservices.c @@ -63,7 +63,7 @@ static void EFIAPI ebs_notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -101,7 +101,7 @@ static int setup(const efi_handle_t handle, * Call ExitBootServices again and check that the notification function is * not called again. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index 739f029..70fe06e 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -165,7 +165,7 @@ static void *efi_st_get_config_table(const efi_guid_t *guid) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t img_handle, const struct efi_system_table *systable) @@ -192,7 +192,7 @@ static int setup(const efi_handle_t img_handle, /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_gop.c b/lib/efi_selftest/efi_selftest_gop.c index d64294a..e500752 100644 --- a/lib/efi_selftest/efi_selftest_gop.c +++ b/lib/efi_selftest/efi_selftest_gop.c @@ -18,7 +18,7 @@ static struct efi_gop *gop; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -39,7 +39,7 @@ static int setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -49,7 +49,7 @@ static int teardown(void) /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_hii.c b/lib/efi_selftest/efi_selftest_hii.c index f4b70f7..66ccec1 100644 --- a/lib/efi_selftest/efi_selftest_hii.c +++ b/lib/efi_selftest/efi_selftest_hii.c @@ -28,7 +28,7 @@ static struct efi_hii_string_protocol *hii_string_protocol; * @handle: handle of the loaded image * @systable: system table * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -1033,7 +1033,7 @@ static int test_hii_string_protocol(void) /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success, EFI_ST_FAILURE for failure + * Return: EFI_ST_SUCCESS for success, EFI_ST_FAILURE for failure */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_load_file.c b/lib/efi_selftest/efi_selftest_load_file.c index bf955cb..bac0e6b 100644 --- a/lib/efi_selftest/efi_selftest_load_file.c +++ b/lib/efi_selftest/efi_selftest_load_file.c @@ -284,7 +284,7 @@ static struct efi_load_file_protocol lf2_prot = {load_file2}; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int efi_st_load_file_setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -326,7 +326,7 @@ static int efi_st_load_file_setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int efi_st_load_file_teardown(void) { @@ -377,7 +377,7 @@ static int efi_st_load_file_teardown(void) * Try loading an image via the EFI_LOAD_FILE_PROTOCOL and the * EFI_LOAD_FILE2_PROTOCOL. Finally execute the image. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int efi_st_load_file_execute(void) { diff --git a/lib/efi_selftest/efi_selftest_loadimage.c b/lib/efi_selftest/efi_selftest_loadimage.c index 4975d80..72c8d51 100644 --- a/lib/efi_selftest/efi_selftest_loadimage.c +++ b/lib/efi_selftest/efi_selftest_loadimage.c @@ -411,7 +411,7 @@ static efi_status_t decompress(u8 **image) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -447,7 +447,7 @@ static int setup(const efi_handle_t handle, * * Uninstall protocols and free memory. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -486,7 +486,7 @@ static int teardown(void) * * Load and start the application image. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_miniapp_exit.c b/lib/efi_selftest/efi_selftest_miniapp_exit.c index 6b5cfb0..2ea19f2 100644 --- a/lib/efi_selftest/efi_selftest_miniapp_exit.c +++ b/lib/efi_selftest/efi_selftest_miniapp_exit.c @@ -21,7 +21,7 @@ static efi_guid_t loaded_image_protocol_guid = EFI_LOADED_IMAGE_PROTOCOL_GUID; * * @image_handle: handle of the loaded image * @systable: system table - * @return: status code + * Return: status code */ static efi_status_t EFIAPI check_loaded_image_protocol (efi_handle_t image_handle, struct efi_system_table *systable) @@ -60,7 +60,7 @@ static efi_status_t EFIAPI check_loaded_image_protocol * * @handle: handle of the loaded image * @systable: system table - * @return: status code + * Return: status code */ efi_status_t EFIAPI efi_main(efi_handle_t handle, struct efi_system_table *systable) diff --git a/lib/efi_selftest/efi_selftest_reset.c b/lib/efi_selftest/efi_selftest_reset.c index 8b6ac24..f888054 100644 --- a/lib/efi_selftest/efi_selftest_reset.c +++ b/lib/efi_selftest/efi_selftest_reset.c @@ -17,7 +17,7 @@ static struct efi_runtime_services *runtime; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -29,7 +29,7 @@ static int setup(const efi_handle_t handle, /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_rng.c b/lib/efi_selftest/efi_selftest_rng.c index fca9749..007d1c8 100644 --- a/lib/efi_selftest/efi_selftest_rng.c +++ b/lib/efi_selftest/efi_selftest_rng.c @@ -20,7 +20,7 @@ static efi_guid_t efi_rng_guid = EFI_RNG_PROTOCOL_GUID; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -35,7 +35,7 @@ static int setup(const efi_handle_t handle, * Retrieve available RNG algorithms. * Retrieve two random values and compare them. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_rtc.c b/lib/efi_selftest/efi_selftest_rtc.c index 6f7035d..e9e47e9 100644 --- a/lib/efi_selftest/efi_selftest_rtc.c +++ b/lib/efi_selftest/efi_selftest_rtc.c @@ -19,7 +19,7 @@ static struct efi_runtime_services *runtime; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -35,7 +35,7 @@ static int setup(const efi_handle_t handle, * Set a new value and read it back. * Set the real time clock back the current time. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_set_virtual_address_map.c b/lib/efi_selftest/efi_selftest_set_virtual_address_map.c index 8e2e8ba..d28ed83 100644 --- a/lib/efi_selftest/efi_selftest_set_virtual_address_map.c +++ b/lib/efi_selftest/efi_selftest_set_virtual_address_map.c @@ -73,7 +73,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -176,7 +176,7 @@ static int setup(const efi_handle_t handle, * The triggering of the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event is checked via * the call count of the notification function. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_snp.c b/lib/efi_selftest/efi_selftest_snp.c index 818cbfc..15af8d3 100644 --- a/lib/efi_selftest/efi_selftest_snp.c +++ b/lib/efi_selftest/efi_selftest_snp.c @@ -77,7 +77,7 @@ static unsigned int net_ip_id; * * @buf: IP header * @len: length of header in bytes - * @return: checksum + * Return: checksum */ static unsigned int efi_ip_checksum(const void *buf, size_t len) { @@ -175,7 +175,7 @@ static efi_status_t send_dhcp_discover(void) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -282,7 +282,7 @@ static int setup(const efi_handle_t handle, * A DHCP discover message is sent. The test is successful if a * DHCP reply is received within 10 seconds. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { @@ -422,7 +422,7 @@ received: * Close the timer event created in setup. * Shut down the network adapter. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { diff --git a/lib/efi_selftest/efi_selftest_startimage_exit.c b/lib/efi_selftest/efi_selftest_startimage_exit.c index 5d4c0a6..b65a10b 100644 --- a/lib/efi_selftest/efi_selftest_startimage_exit.c +++ b/lib/efi_selftest/efi_selftest_startimage_exit.c @@ -79,7 +79,7 @@ static efi_status_t decompress(u8 **image) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -96,7 +96,7 @@ static int setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -117,7 +117,7 @@ static int teardown(void) * * Load and start the application image. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_startimage_return.c b/lib/efi_selftest/efi_selftest_startimage_return.c index 44c2364..3e0c5a9 100644 --- a/lib/efi_selftest/efi_selftest_startimage_return.c +++ b/lib/efi_selftest/efi_selftest_startimage_return.c @@ -79,7 +79,7 @@ static efi_status_t decompress(u8 **image) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -96,7 +96,7 @@ static int setup(const efi_handle_t handle, /* * Tear down unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -117,7 +117,7 @@ static int teardown(void) * * Load and start the application image. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_tcg2.c b/lib/efi_selftest/efi_selftest_tcg2.c index 2eed588..a2b4a79 100644 --- a/lib/efi_selftest/efi_selftest_tcg2.c +++ b/lib/efi_selftest/efi_selftest_tcg2.c @@ -612,7 +612,7 @@ static efi_status_t setup_smbios_table(const struct efi_system_table *systable) * * @handle: handle of the loaded image * @systable: system table - * @return: status code + * Return: status code */ static int efi_st_tcg2_setup(const efi_handle_t img_handle, const struct efi_system_table *systable) @@ -949,7 +949,7 @@ static int efi_st_tcg2_execute(void) /* * efi_st_tcg2_teardown() - Tear down unit test * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int efi_st_tcg2_teardown(void) { diff --git a/lib/efi_selftest/efi_selftest_textinput.c b/lib/efi_selftest/efi_selftest_textinput.c index b90671c..141856a 100644 --- a/lib/efi_selftest/efi_selftest_textinput.c +++ b/lib/efi_selftest/efi_selftest_textinput.c @@ -21,7 +21,7 @@ static struct efi_boot_services *boottime; * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -34,7 +34,7 @@ static int setup(const efi_handle_t handle, /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_textinputex.c b/lib/efi_selftest/efi_selftest_textinputex.c index de44224..bd221d6 100644 --- a/lib/efi_selftest/efi_selftest_textinputex.c +++ b/lib/efi_selftest/efi_selftest_textinputex.c @@ -45,7 +45,7 @@ static efi_status_t EFIAPI efi_key_notify_function * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -93,7 +93,7 @@ static int setup(const efi_handle_t handle, * * Unregister notify function. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -112,7 +112,7 @@ static int teardown(void) /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_textoutput.c b/lib/efi_selftest/efi_selftest_textoutput.c index a87f65e..450fe97 100644 --- a/lib/efi_selftest/efi_selftest_textoutput.c +++ b/lib/efi_selftest/efi_selftest_textoutput.c @@ -15,7 +15,7 @@ /* * Execute unit test. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_tpl.c b/lib/efi_selftest/efi_selftest_tpl.c index 0c0e412..f4e4672 100644 --- a/lib/efi_selftest/efi_selftest_tpl.c +++ b/lib/efi_selftest/efi_selftest_tpl.c @@ -37,7 +37,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -68,7 +68,7 @@ static int setup(const efi_handle_t handle, * * Close the events created in setup. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -106,7 +106,7 @@ static int teardown(void) * Lower the TPL level and check that the queued notification * function is called. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_unaligned.c b/lib/efi_selftest/efi_selftest_unaligned.c index 1802948..6fce110 100644 --- a/lib/efi_selftest/efi_selftest_unaligned.c +++ b/lib/efi_selftest/efi_selftest_unaligned.c @@ -19,7 +19,7 @@ struct aligned_buffer { * occurs. * * @addr: address to read - * @return: value at the address + * Return: value at the address */ static inline u32 deref(u32 *addr) { @@ -37,7 +37,7 @@ static inline u32 deref(u32 *addr) * Execute unit test. * An unaligned memory access is executed. The result is checked. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/efi_selftest_watchdog.c b/lib/efi_selftest/efi_selftest_watchdog.c index cbc6761..a352d4a 100644 --- a/lib/efi_selftest/efi_selftest_watchdog.c +++ b/lib/efi_selftest/efi_selftest_watchdog.c @@ -65,7 +65,7 @@ static void EFIAPI notify(struct efi_event *event, void *context) * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup(const efi_handle_t handle, const struct efi_system_table *systable) @@ -98,7 +98,7 @@ static int setup(const efi_handle_t handle, * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup_timer(const efi_handle_t handle, const struct efi_system_table *systable) @@ -112,7 +112,7 @@ static int setup_timer(const efi_handle_t handle, * * @handle: handle of the loaded image * @systable: system table - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int setup_reboot(const efi_handle_t handle, const struct efi_system_table *systable) @@ -126,7 +126,7 @@ static int setup_reboot(const efi_handle_t handle, * * Close the events created in setup. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int teardown(void) { @@ -166,7 +166,7 @@ static int teardown(void) * Run a 1350 ms single shot timer and check that the 600ms timer has * been called 2 times. * - * @return: EFI_ST_SUCCESS for success + * Return: EFI_ST_SUCCESS for success */ static int execute(void) { diff --git a/lib/efi_selftest/initrddump.c b/lib/efi_selftest/initrddump.c index 325951b..efdcf0d 100644 --- a/lib/efi_selftest/initrddump.c +++ b/lib/efi_selftest/initrddump.c @@ -405,7 +405,7 @@ out: * * @handle: handle of the loaded image * @systab: system table - * @return: status code + * Return: status code */ efi_status_t EFIAPI efi_main(efi_handle_t image_handle, struct efi_system_table *systab) @@ -220,7 +220,13 @@ static const struct { "TCG2 Final Events Table", EFI_TCG2_FINAL_EVENTS_TABLE_GUID, }, +#ifdef CONFIG_EFI_RISCV_BOOT_PROTOCOL + { + "RISC-V Boot", + RISCV_EFI_BOOT_PROTOCOL_GUID, + }, #endif +#endif /* CONFIG_CMD_EFIDEBUG */ #ifdef CONFIG_CMD_NVEDIT_EFI /* signature database */ { diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 4995ba4..243fd6e 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -7,6 +7,7 @@ #include <getopt.h> #include <malloc.h> #include <stdbool.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -51,27 +52,132 @@ static struct option options[] = { static void print_usage(void) { printf("Usage: %s [options] <output file>\n" - "Options:\n" - - "\t-f, --fit <fit image> new FIT image file\n" - "\t-r, --raw <raw image> new raw image file\n" - "\t-i, --index <index> update image index\n" - "\t-I, --instance <instance> update hardware instance\n" - "\t-h, --help print a help message\n", - tool_name); + "Options:\n" + + "\t-f, --fit <fit image> new FIT image file\n" + "\t-r, --raw <raw image> new raw image file\n" + "\t-i, --index <index> update image index\n" + "\t-I, --instance <instance> update hardware instance\n" + "\t-h, --help print a help message\n", + tool_name); +} + +/** + * read_bin_file - read a firmware binary file + * @bin: Path to a firmware binary file + * @data: Pointer to pointer of allocated buffer + * @bin_size: Size of allocated buffer + * + * Read out a content of binary, @bin, into @data. + * A caller should free @data. + * + * Return: + * * 0 - on success + * * -1 - on failure + */ +static int read_bin_file(char *bin, void **data, off_t *bin_size) +{ + FILE *g; + struct stat bin_stat; + void *buf; + size_t size; + int ret = 0; + + g = fopen(bin, "r"); + if (!g) { + fprintf(stderr, "cannot open %s\n", bin); + return -1; + } + if (stat(bin, &bin_stat) < 0) { + fprintf(stderr, "cannot determine the size of %s\n", bin); + ret = -1; + goto err; + } + if (bin_stat.st_size > SIZE_MAX) { + fprintf(stderr, "file size is too large for malloc: %s\n", bin); + ret = -1; + goto err; + } + buf = malloc(bin_stat.st_size); + if (!buf) { + fprintf(stderr, "cannot allocate memory: %zx\n", + (size_t)bin_stat.st_size); + ret = -1; + goto err; + } + + size = fread(buf, 1, bin_stat.st_size, g); + if (size < bin_stat.st_size) { + fprintf(stderr, "read failed (%zx)\n", size); + ret = -1; + goto err; + } + + *data = buf; + *bin_size = bin_stat.st_size; +err: + fclose(g); + + return ret; +} + +/** + * write_capsule_file - write a capsule file + * @bin: FILE stream + * @data: Pointer to data + * @bin_size: Size of data + * + * Write out data, @data, with the size @bin_size. + * + * Return: + * * 0 - on success + * * -1 - on failure + */ +static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg) +{ + size_t size_written; + + size_written = fwrite(data, 1, size, f); + if (size_written < size) { + fprintf(stderr, "%s: write failed (%zx != %zx)\n", msg, + size_written, size); + return -1; + } + + return 0; } +/** + * create_fwbin - create an uefi capsule file + * @path: Path to a created capsule file + * @bin: Path to a firmware binary to encapsulate + * @guid: GUID of related FMP driver + * @index: Index number in capsule + * @instance: Instance number in capsule + * @mcount: Monotonic count in authentication information + * @private_file: Path to a private key file + * @cert_file: Path to a certificate file + * + * This function actually does the job of creating an uefi capsule file. + * All the arguments must be supplied. + * If either @private_file ror @cert_file is NULL, the capsule file + * won't be signed. + * + * Return: + * * 0 - on success + * * -1 - on failure + */ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, unsigned long index, unsigned long instance) { struct efi_capsule_header header; struct efi_firmware_management_capsule_header capsule; struct efi_firmware_management_capsule_image_header image; - FILE *f, *g; - struct stat bin_stat; - u8 *data; - size_t size; + FILE *f; + void *data; + off_t bin_size; u64 offset; + int ret; #ifdef DEBUG printf("For output: %s\n", path); @@ -79,25 +185,28 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, printf("\tindex: %ld\n\tinstance: %ld\n", index, instance); #endif - g = fopen(bin, "r"); - if (!g) { - printf("cannot open %s\n", bin); - return -1; - } - if (stat(bin, &bin_stat) < 0) { - printf("cannot determine the size of %s\n", bin); - goto err_1; - } - data = malloc(bin_stat.st_size); - if (!data) { - printf("cannot allocate memory: %zx\n", (size_t)bin_stat.st_size); - goto err_1; - } + f = NULL; + data = NULL; + ret = -1; + + /* + * read a firmware binary + */ + if (read_bin_file(bin, &data, &bin_size)) + goto err; + + /* + * write a capsule file + */ f = fopen(path, "w"); if (!f) { - printf("cannot open %s\n", path); - goto err_2; + fprintf(stderr, "cannot open %s\n", path); + goto err; } + + /* + * capsule file header + */ header.capsule_guid = efi_guid_fm_capsule; header.header_size = sizeof(header); /* TODO: The current implementation ignores flags */ @@ -105,70 +214,57 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, header.capsule_image_size = sizeof(header) + sizeof(capsule) + sizeof(u64) + sizeof(image) - + bin_stat.st_size; - - size = fwrite(&header, 1, sizeof(header), f); - if (size < sizeof(header)) { - printf("write failed (%zx)\n", size); - goto err_3; - } + + bin_size; + if (write_capsule_file(f, &header, sizeof(header), + "Capsule header")) + goto err; + /* + * firmware capsule header + * This capsule has only one firmware capsule image. + */ capsule.version = 0x00000001; capsule.embedded_driver_count = 0; capsule.payload_item_count = 1; - size = fwrite(&capsule, 1, sizeof(capsule), f); - if (size < (sizeof(capsule))) { - printf("write failed (%zx)\n", size); - goto err_3; - } + if (write_capsule_file(f, &capsule, sizeof(capsule), + "Firmware capsule header")) + goto err; + offset = sizeof(capsule) + sizeof(u64); - size = fwrite(&offset, 1, sizeof(offset), f); - if (size < sizeof(offset)) { - printf("write failed (%zx)\n", size); - goto err_3; - } + if (write_capsule_file(f, &offset, sizeof(offset), + "Offset to capsule image")) + goto err; + /* + * firmware capsule image header + */ image.version = 0x00000003; memcpy(&image.update_image_type_id, guid, sizeof(*guid)); image.update_image_index = index; image.reserved[0] = 0; image.reserved[1] = 0; image.reserved[2] = 0; - image.update_image_size = bin_stat.st_size; + image.update_image_size = bin_size; image.update_vendor_code_size = 0; /* none */ image.update_hardware_instance = instance; image.image_capsule_support = 0; + if (write_capsule_file(f, &image, sizeof(image), + "Firmware capsule image header")) + goto err; - size = fwrite(&image, 1, sizeof(image), f); - if (size < sizeof(image)) { - printf("write failed (%zx)\n", size); - goto err_3; - } - size = fread(data, 1, bin_stat.st_size, g); - if (size < bin_stat.st_size) { - printf("read failed (%zx)\n", size); - goto err_3; - } - size = fwrite(data, 1, bin_stat.st_size, f); - if (size < bin_stat.st_size) { - printf("write failed (%zx)\n", size); - goto err_3; - } + /* + * firmware binary + */ + if (write_capsule_file(f, data, bin_size, "Firmware binary")) + goto err; - fclose(f); - fclose(g); + ret = 0; +err: + if (f) + fclose(f); free(data); - return 0; - -err_3: - fclose(f); -err_2: - free(data); -err_1: - fclose(g); - - return -1; + return ret; } /* @@ -194,7 +290,7 @@ int main(int argc, char **argv) switch (c) { case 'f': if (file) { - printf("Image already specified\n"); + fprintf(stderr, "Image already specified\n"); return -1; } file = optarg; @@ -202,7 +298,7 @@ int main(int argc, char **argv) break; case 'r': if (file) { - printf("Image already specified\n"); + fprintf(stderr, "Image already specified\n"); return -1; } file = optarg; @@ -234,7 +330,7 @@ int main(int argc, char **argv) if (create_fwbin(argv[optind], file, guid, index, instance) < 0) { - printf("Creating firmware capsule failed\n"); + fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); } |