From b37a0b5c896f07958aa8c6759abe83c5a08a4de9 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Mon, 4 May 2020 14:38:29 +0200 Subject: kbuild: efi: Avoid rebuilding efi targets Add a couple of missing targets so that helloworld and other efi targets are not needlessly rebuilt. CC: Heinrich Schuchardt Signed-off-by: Jan Kiszka Tested-by: Heinrich Schuchardt --- lib/efi_loader/Makefile | 1 + scripts/Makefile.lib | 2 ++ 2 files changed, 3 insertions(+) diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index eff3c25..84d61df 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -17,6 +17,7 @@ CFLAGS_REMOVE_helloworld.o := $(CFLAGS_NON_EFI) ifneq ($(CONFIG_CMD_BOOTEFI_HELLO_COMPILE),) always += helloworld.efi +targets += helloworld.o endif obj-$(CONFIG_CMD_BOOTEFI_HELLO) += helloworld_efi.o diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 63fbadd..734001c 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -418,6 +418,8 @@ $(obj)/efi_reloc.o: $(srctree)/arch/$(ARCH)/lib/$(EFI_RELOC:.o=.c) $(recordmcoun $(obj)/%_efi.so: $(obj)/%.o $(obj)/efi_crt0.o $(obj)/efi_reloc.o $(obj)/efi_freestanding.o $(call cmd,efi_ld) +targets += $(obj)/efi_crt0.o $(obj)/efi_reloc.o $(obj)/efi_freestanding.o + # ACPI # --------------------------------------------------------------------------- # -- cgit v1.1 From 549b79e8e04930f515ace28556d1cea779a1086a Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 01:28:08 +0200 Subject: efi_loader: remove redundant assignment in dp_fill() The value of dp is overwritten without being used. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_device_path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 73f1fe7..f934948 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -530,7 +530,7 @@ __maybe_unused static void *dp_fill(void *buf, struct udevice *dev) #ifdef CONFIG_SANDBOX case UCLASS_ROOT: { /* stop traversing parents at this point: */ - struct efi_device_path_vendor *dp = buf; + struct efi_device_path_vendor *dp; struct blk_desc *desc = dev_get_uclass_platdata(dev); dp_fill(buf, dev->parent); -- cgit v1.1 From 3fdff6be40b01423aacf2c02eb3b4ef6d2186caf Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 01:37:25 +0200 Subject: efi_loader: error handling in efi_set_variable_common(). Fix unreachable code. Free memory on error. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 58f8fae..33df52e 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -981,7 +981,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, if (append) { old_data = malloc(old_size); if (!old_data) { - return EFI_OUT_OF_RESOURCES; + ret = EFI_OUT_OF_RESOURCES; goto err; } ret = EFI_CALL(efi_get_variable(variable_name, vendor, -- cgit v1.1 From 306bf6e7ff9b267e4c38f8f38900cb93fa96b62b Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 01:51:04 +0200 Subject: efi_loader: do not unnecessarily use EFI_CALL() There is no need to call efi_get_variable() instead of efi_get_variable_common(). So let's use the internal function. Move forward declarations to the top of the file. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_variable.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 33df52e..568bd3c 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -30,6 +30,18 @@ static u8 efi_vendor_keys; #define READ_ONLY BIT(31) +static efi_status_t efi_get_variable_common(u16 *variable_name, + const efi_guid_t *vendor, + u32 *attributes, + efi_uintn_t *data_size, void *data); + +static efi_status_t efi_set_variable_common(u16 *variable_name, + const efi_guid_t *vendor, + u32 attributes, + efi_uintn_t data_size, + const void *data, + bool ro_check); + /* * Mapping between EFI variables and u-boot variables: * @@ -169,13 +181,6 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep) return str; } -static efi_status_t efi_set_variable_common(u16 *variable_name, - const efi_guid_t *vendor, - u32 attributes, - efi_uintn_t data_size, - const void *data, - bool ro_check); - /** * efi_set_secure_state - modify secure boot state variables * @sec_boot: value of SecureBoot @@ -300,8 +305,8 @@ static efi_status_t efi_init_secure_state(void) */ size = 0; - ret = EFI_CALL(efi_get_variable(L"PK", &efi_global_variable_guid, - NULL, &size, NULL)); + ret = efi_get_variable_common(L"PK", &efi_global_variable_guid, + NULL, &size, NULL); if (ret == EFI_BUFFER_TOO_SMALL) { if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) mode = EFI_MODE_USER; @@ -587,8 +592,7 @@ static efi_status_t efi_variable_authenticate(u16 *variable, } #endif /* CONFIG_EFI_SECURE_BOOT */ -static -efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name, +static efi_status_t efi_get_variable_common(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data) @@ -893,8 +897,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, /* check if a variable exists */ old_size = 0; attr = 0; - ret = EFI_CALL(efi_get_variable(variable_name, vendor, &attr, - &old_size, NULL)); + ret = efi_get_variable_common(variable_name, vendor, &attr, + &old_size, NULL); append = !!(attributes & EFI_VARIABLE_APPEND_WRITE); attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE; delete = !append && (!data_size || !attributes); @@ -984,8 +988,8 @@ static efi_status_t efi_set_variable_common(u16 *variable_name, ret = EFI_OUT_OF_RESOURCES; goto err; } - ret = EFI_CALL(efi_get_variable(variable_name, vendor, - &attr, &old_size, old_data)); + ret = efi_get_variable_common(variable_name, vendor, + &attr, &old_size, old_data); if (ret != EFI_SUCCESS) goto err; } else { -- cgit v1.1 From 9900e4623a9a826447b0467cabc29e09fdf29fb6 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 02:01:34 +0200 Subject: efi_loader: use logical and in do_env_print_efi() If we want to check if two booleans are true, we should use a logical conjunction (&&) and not a bitwise and-operator (&). Signed-off-by: Heinrich Schuchardt --- cmd/nvedit_efi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c index 837e39e..6f69a84 100644 --- a/cmd/nvedit_efi.c +++ b/cmd/nvedit_efi.c @@ -298,7 +298,7 @@ int do_env_print_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return CMD_RET_USAGE; /* -a already specified */ - if (!default_guid & guid_any) + if (!default_guid && guid_any) return CMD_RET_USAGE; argc--; -- cgit v1.1 From 42a426e027df472714e8d6209cafac291935c331 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 6 May 2020 20:32:31 +0200 Subject: efi_loader: put device tree into EfiACPIReclaimMemory According to the UEFI spec ACPI tables should be placed in EfiACPIReclaimMemory. Let's do the same with the device tree. Suggested-by: Ard Biesheuvel Cc: Grant Likely Signed-off-by: Heinrich Schuchardt --- cmd/bootefi.c | 4 ++-- lib/efi_selftest/efi_selftest_memory.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index 54b4b8f..06573b1 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -127,13 +127,13 @@ static efi_status_t copy_fdt(void **fdtp) new_fdt_addr = (uintptr_t)map_sysmem(fdt_ram_start + 0x7f00000 + fdt_size, 0); ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, - EFI_BOOT_SERVICES_DATA, fdt_pages, + EFI_ACPI_RECLAIM_MEMORY, fdt_pages, &new_fdt_addr); if (ret != EFI_SUCCESS) { /* If we can't put it there, put it somewhere */ new_fdt_addr = (ulong)memalign(EFI_PAGE_SIZE, fdt_size); ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, - EFI_BOOT_SERVICES_DATA, fdt_pages, + EFI_ACPI_RECLAIM_MEMORY, fdt_pages, &new_fdt_addr); if (ret != EFI_SUCCESS) { printf("ERROR: Failed to reserve space for FDT\n"); diff --git a/lib/efi_selftest/efi_selftest_memory.c b/lib/efi_selftest/efi_selftest_memory.c index e71732d..4d32a28 100644 --- a/lib/efi_selftest/efi_selftest_memory.c +++ b/lib/efi_selftest/efi_selftest_memory.c @@ -176,9 +176,9 @@ static int execute(void) /* Check memory reservation for the device tree */ if (fdt_addr && find_in_memory_map(map_size, memory_map, desc_size, fdt_addr, - EFI_BOOT_SERVICES_DATA) != EFI_ST_SUCCESS) { + EFI_ACPI_RECLAIM_MEMORY) != EFI_ST_SUCCESS) { efi_st_error - ("Device tree not marked as boot services data\n"); + ("Device tree not marked as ACPI reclaim memory\n"); return EFI_ST_FAILURE; } return EFI_ST_SUCCESS; -- cgit v1.1 From 9ad15227bb92acc2bf73c60da1bcf2ae3774246d Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Thu, 7 May 2020 02:13:18 +0200 Subject: efi_loader: efi_variable_parse_signature() returns NULL on error efi_variable_parse_signature() returns NULL on error, so IS_ERR() is an incorrect check. The goto err leads to pkcs7_free_message(), which works fine on a NULL ptr. Signed-off-by: Patrick Wildt Reviewed-by: AKASHI Takahiro --- lib/efi_loader/efi_variable.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 568bd3c..60c1201 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -524,9 +524,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable, var_sig = efi_variable_parse_signature(auth->auth_info.cert_data, auth->auth_info.hdr.dwLength - sizeof(auth->auth_info)); - if (IS_ERR(var_sig)) { + if (!var_sig) { debug("Parsing variable's signature failed\n"); - var_sig = NULL; goto err; } -- cgit v1.1 From 6f146155f879ff42d465f0cca8ec2a7f8cb0961e Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Thu, 7 May 2020 02:17:14 +0200 Subject: efi_loader: pkcs7_parse_message() returns error pointer Since pkcs7_parse_message() returns an error pointer, we must not check for NULL. We have to explicitly set msg to NULL in the error case, otherwise the call to pkcs7_free_message() on the goto err path will assume it's a valid object. Signed-off-by: Patrick Wildt Add missing include linux/err.h Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_image_loader.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 5a9a642..ac4f65c 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -14,6 +14,7 @@ #include #include #include "crypto/pkcs7_parser.h" +#include const efi_guid_t efi_global_variable_guid = EFI_GLOBAL_VARIABLE_GUID; const efi_guid_t efi_guid_device_path = EFI_DEVICE_PATH_PROTOCOL_GUID; @@ -538,8 +539,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) } msg = pkcs7_parse_message((void *)wincert + sizeof(*wincert), wincert->dwLength - sizeof(*wincert)); - if (!msg) { + if (IS_ERR(msg)) { debug("Parsing image's signature failed\n"); + msg = NULL; goto err; } -- cgit v1.1 From d7ca3ce3d3b990503cb6e0bafad91aa2a7c96b9d Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 7 May 2020 17:57:43 +0200 Subject: efi_loader: crypto/pkcs7_parser.h is not a local include User <> and not "" for referencing a global include. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_image_loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index ac4f65c..4e075ae 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -13,7 +13,7 @@ #include #include #include -#include "crypto/pkcs7_parser.h" +#include #include const efi_guid_t efi_global_variable_guid = EFI_GLOBAL_VARIABLE_GUID; -- cgit v1.1