Merge tag 'efi-2022-01-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efiWIP/26Oct2021

Pull request for efi-2022-01-rc1-2

doc:
	Remove obsolete PPC4XX references

UEFI:
	Implement missing TCG2 measurements
	Code clean up

# gpg: Signature made Tue 26 Oct 2021 05:56:47 PM EDT
# gpg:                using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4
# gpg: Good signature from "Heinrich Schuchardt <xypron.glpk@gmx.de>" [unknown]
# gpg:                 aka "[jpeg image of size 1389]" [unknown]
# Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7  6D33 C481 DBBC 2C05 1AC4

3 files changed, 124 insertions, 44 deletions

diff --git a/doc/README.bedbug b/doc/README.bedbug
index 35e9d27..1a2acd0 100644
--- a/doc/README.bedbug
+++ b/doc/README.bedbug
@@ -2,8 +2,6 @@ BEDBUG Support for U-Boot
 --------------------------
 
 These changes implement the bedbug (emBEDded deBUGger) debugger in U-Boot.
-A specific implementation is made for the AMCC 405 processor but other flavors
-can be easily implemented.
 
 #####################
 ### Modifications ###
@@ -12,25 +10,9 @@ can be easily implemented.
 ./common/Makefile
 	Included cmd_bedbug.c and bedbug.c in the Makefile.
 
-./common/command.c
-	Added bedbug commands to command table.
-
 ./common/board.c
 	Added call to initialize debugger on startup.
 
-./arch/powerpc/cpu/ppc4xx/Makefile
-	Added bedbug_405.c to the Makefile.
-
-./arch/powerpc/cpu/ppc4xx/start.S
-	Added code to handle the debug exception (0x2000) on the 405.
-	Also added code to handle critical exceptions since the debug
-	is treated as critical on the 405.
-
-./arch/powerpc/cpu/ppc4xx/traps.c
-	Added more detailed output for the program exception to tell
-	if it is an illegal instruction, privileged instruction or
-	a trap. Also added debug trap handler.
-
 ./include/ppc_asm.tmpl
 	Added code to handle critical exceptions
 
@@ -51,10 +33,6 @@ can be easily implemented.
 	hardware breakpoints and stepping through code.  These
 	routines are common to all PowerPC processors.
 
-./arch/powerpc/cpu/ppc4xx/bedbug_405.c
-	AMCC  PPC405 specific debugger routines.
-
-
 Bedbug support for the MPC860
 -----------------------------
 
diff --git a/doc/README.mpc74xx b/doc/README.mpc74xx
deleted file mode 100644
index f81f1c2..0000000
--- a/doc/README.mpc74xx
+++ /dev/null
@@ -1,22 +0,0 @@
-This file contains status information for the port of U-Boot to the
-Motorola mpc74xx series of CPUs.
-
-Author: Josh Huber <huber@mclx.com>
-	Mission Critical Linux, Inc.
-
-Currently the support for these CPUs is pretty minimal, but enough to
-get things going.  (much like the support for the Galileo Eval Board)
-
-There is a framework in place to enable the L2 cache, and to program
-the BATs.  Currently, there are still problems with the code which
-sets up the L2 cache, so it's not enabled. (IMHO, it shouldn't be
-anyway).  Additionally, there is support for enabling the MMU, which
-we also don't do.  The BATs are programmed just for the benefit of
-jumping into Linux in a sane configuration.
-
-Most of the code was based on other cpus supported by U-Boot.
-
-If you find any errors in the CPU setup code, please send us a note.
-
-Thanks,
-Josh
diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index 4f2b8b0..f17138f 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -277,6 +277,130 @@ Enable ``CONFIG_OPTEE``, ``CONFIG_CMD_OPTEE_RPMB`` and ``CONFIG_EFI_MM_COMM_TEE`
 
 [1] https://optee.readthedocs.io/en/latest/building/efi_vars/stmm.html
 
+Enabling UEFI Capsule Update feature
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Support has been added for the UEFI capsule update feature which
+enables updating the U-Boot image using the UEFI firmware management
+protocol (FMP). The capsules are not passed to the firmware through
+the UpdateCapsule runtime service. Instead, capsule-on-disk
+functionality is used for fetching the capsule from the EFI System
+Partition (ESP) by placing the capsule file under the
+\EFI\UpdateCapsule directory.
+
+The directory \EFI\UpdateCapsule is checked for capsules only within the
+EFI system partition on the device specified in the active boot option
+determined by reference to BootNext variable or BootOrder variable processing.
+The active Boot Variable is the variable with highest priority BootNext or
+within BootOrder that refers to a device found to be present. Boot variables
+in BootOrder but referring to devices not present are ignored when determining
+active boot variable.
+Before starting a capsule update make sure your capsules are installed in the
+correct ESP partition or set BootNext.
+
+Performing the update
+*********************
+
+Since U-boot doesn't currently support SetVariable at runtime there's a Kconfig
+option (CONFIG_EFI_IGNORE_OSINDICATIONS) to disable the OsIndications variable
+check. If that option is enabled just copy your capsule to \EFI\UpdateCapsule.
+
+If that option is disabled, you'll need to set the OsIndications variable with::
+
+    => setenv -e -nv -bs -rt -v OsIndications =0x04
+
+Finally, the capsule update can be initiated either by rebooting the board,
+which is the preferred method, or by issuing the following command::
+
+    => efidebug capsule disk-update
+
+**The efidebug command is should only be used during debugging/development.**
+
+Enabling Capsule Authentication
+*******************************
+
+The UEFI specification defines a way of authenticating the capsule to
+be updated by verifying the capsule signature. The capsule signature
+is computed and prepended to the capsule payload at the time of
+capsule generation. This signature is then verified by using the
+public key stored as part of the X509 certificate. This certificate is
+in the form of an efi signature list (esl) file, which is embedded as
+part of U-Boot.
+
+The capsule authentication feature can be enabled through the
+following config, in addition to the configs listed above for capsule
+update::
+
+    CONFIG_EFI_CAPSULE_AUTHENTICATE=y
+    CONFIG_EFI_CAPSULE_KEY_PATH=<path to .esl cert>
+
+The public and private keys used for the signing process are generated
+and used by the steps highlighted below::
+
+    1. Install utility commands on your host
+       * OPENSSL
+       * efitools
+
+    2. Create signing keys and certificate files on your host
+
+        $ openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=CRT/ \
+            -keyout CRT.key -out CRT.crt -nodes -days 365
+        $ cert-to-efi-sig-list CRT.crt CRT.esl
+
+        $ openssl x509 -in CRT.crt -out CRT.cer -outform DER
+        $ openssl x509 -inform DER -in CRT.cer -outform PEM -out CRT.pub.pem
+
+        $ openssl pkcs12 -export -out CRT.pfx -inkey CRT.key -in CRT.crt
+        $ openssl pkcs12 -in CRT.pfx -nodes -out CRT.pem
+
+The capsule file can be generated by using the GenerateCapsule.py
+script in EDKII::
+
+    $ ./BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+      <capsule_file_name> --monotonic-count <val> --fw-version \
+      <val> --lsv <val> --guid \
+      e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose \
+      --update-image-index <val> --signer-private-cert \
+      /path/to/CRT.pem --trusted-public-cert \
+      /path/to/CRT.pub.pem --other-public-cert /path/to/CRT.pub.pem \
+      <u-boot.bin>
+
+Place the capsule generated in the above step on the EFI System
+Partition under the EFI/UpdateCapsule directory
+
+Testing on QEMU
+***************
+
+Currently, support has been added on the QEMU ARM64 virt platform for
+updating the U-Boot binary as a raw image when the platform is booted
+in non-secure mode, i.e. with CONFIG_TFABOOT disabled. For this
+configuration, the QEMU platform needs to be booted with
+'secure=off'. The U-Boot binary placed on the first bank of the NOR
+flash at offset 0x0. The U-Boot environment is placed on the second
+NOR flash bank at offset 0x4000000.
+
+The capsule update feature is enabled with the following configuration
+settings::
+
+    CONFIG_MTD=y
+    CONFIG_FLASH_CFI_MTD=y
+    CONFIG_CMD_MTDPARTS=y
+    CONFIG_CMD_DFU=y
+    CONFIG_DFU_MTD=y
+    CONFIG_PCI_INIT_R=y
+    CONFIG_EFI_CAPSULE_ON_DISK=y
+    CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT=y
+    CONFIG_EFI_CAPSULE_FIRMWARE=y
+    CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
+
+In addition, the following config needs to be disabled(QEMU ARM specific)::
+
+    CONFIG_TFABOOT
+
+The capsule file can be generated by using the tools/mkeficapsule::
+
+    $ mkeficapsule --raw <u-boot.bin> --index 1 <capsule_file_name>
+
 Executing the boot manager
 ~~~~~~~~~~~~~~~~~~~~~~~~~~