From 27380d885d7e17c9bc1f87089d3fe658852c960c Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 22 Oct 2022 11:32:34 +0200 Subject: console: file should always be non-negative We use the parameter file in console functions to choose from an array after checking against MAX_FILES but we never check if the value of file is negative. Running ./u-boot -T -l and issuing the poweroff command has resulted in crashes because os_exit() results in std::ostream::flush() calling U-Boot's fflush with file being a pointer which when converted to int may be represented by a negative number. This shows that checking against MAX_FILES is not enough. We have to ensure that the file argument is always positive. Signed-off-by: Heinrich Schuchardt Reviewed-by: Simon Glass --- common/console.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/common/console.c b/common/console.c index 0c9bf66..10ab361 100644 --- a/common/console.c +++ b/common/console.c @@ -497,7 +497,7 @@ int serial_printf(const char *fmt, ...) int fgetc(int file) { - if (file < MAX_FILES) { + if ((unsigned int)file < MAX_FILES) { /* * Effectively poll for input wherever it may be available. */ @@ -530,7 +530,7 @@ int fgetc(int file) int ftstc(int file) { - if (file < MAX_FILES) + if ((unsigned int)file < MAX_FILES) return console_tstc(file); return -1; @@ -538,20 +538,20 @@ int ftstc(int file) void fputc(int file, const char c) { - if (file < MAX_FILES) + if ((unsigned int)file < MAX_FILES) console_putc(file, c); } void fputs(int file, const char *s) { - if (file < MAX_FILES) + if ((unsigned int)file < MAX_FILES) console_puts(file, s); } #ifdef CONFIG_CONSOLE_FLUSH_SUPPORT void fflush(int file) { - if (file < MAX_FILES) + if ((unsigned int)file < MAX_FILES) console_flush(file); } #endif -- cgit v1.1 From be2e42fa95b1ae4d74957f762be33edfadb7bb73 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 20 Nov 2022 11:23:24 +0100 Subject: disk: fix blk_get_device_part_str() blk_get_device_part_str() should always initialize all info fields including sys_ind. As a side effect the code is simplified. Replace '(0 ==' by '(!' to conform with Linux coding style. Fixes: 4d907025d6a5 ("sandbox: restore ability to access host fs through standard commands") Signed-off-by: Heinrich Schuchardt Reviewed-by: Heiko Schocher --- disk/part.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/disk/part.c b/disk/part.c index 2eb30eb..5ee60a7 100644 --- a/disk/part.c +++ b/disk/part.c @@ -433,25 +433,17 @@ int blk_get_device_part_str(const char *ifname, const char *dev_part_str, int part; struct disk_partition tmpinfo; + *dev_desc = NULL; + memset(info, 0, sizeof(*info)); + #if IS_ENABLED(CONFIG_SANDBOX) || IS_ENABLED(CONFIG_SEMIHOSTING) /* * Special-case a pseudo block device "hostfs", to allow access to the * host's own filesystem. */ - if (0 == strcmp(ifname, "hostfs")) { - *dev_desc = NULL; - info->start = 0; - info->size = 0; - info->blksz = 0; - info->bootable = 0; + if (!strcmp(ifname, "hostfs")) { strcpy((char *)info->type, BOOT_PART_TYPE); strcpy((char *)info->name, "Host filesystem"); -#if CONFIG_IS_ENABLED(PARTITION_UUIDS) - info->uuid[0] = 0; -#endif -#ifdef CONFIG_PARTITION_TYPE_GUID - info->type_guid[0] = 0; -#endif return 0; } @@ -462,19 +454,14 @@ int blk_get_device_part_str(const char *ifname, const char *dev_part_str, * Special-case ubi, ubi goes through a mtd, rather than through * a regular block device. */ - if (0 == strcmp(ifname, "ubi")) { + if (!strcmp(ifname, "ubi")) { if (!ubifs_is_mounted()) { printf("UBIFS not mounted, use ubifsmount to mount volume first!\n"); return -EINVAL; } - *dev_desc = NULL; - memset(info, 0, sizeof(*info)); strcpy((char *)info->type, BOOT_PART_TYPE); strcpy((char *)info->name, "UBI"); -#if CONFIG_IS_ENABLED(PARTITION_UUIDS) - info->uuid[0] = 0; -#endif return 0; } #endif -- cgit v1.1 From bdb060a3eb725a3797f146b1e435de16cae46de2 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 26 Nov 2022 16:32:25 +0100 Subject: net: CONFIG_NET_DEVICES in dhcp_handler() The symbol CONFIG_NET_DEVICES does not exist. The correct name is CONFIG_NETDEVICES. Fixes: 77b5c4a5b1dc ("efi_loader: Let networking support depend on NETDEVICES") Signed-off-by: Heinrich Schuchardt --- net/bootp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bootp.c b/net/bootp.c index 6c01e38..7ac0093 100644 --- a/net/bootp.c +++ b/net/bootp.c @@ -1078,7 +1078,7 @@ static void dhcp_handler(uchar *pkt, unsigned dest, struct in_addr sip, #endif /* CONFIG_SYS_BOOTFILE_PREFIX */ dhcp_packet_process_options(bp); if (CONFIG_IS_ENABLED(EFI_LOADER) && - CONFIG_IS_ENABLED(NET_DEVICES)) + CONFIG_IS_ENABLED(NETDEVICES)) efi_net_set_dhcp_ack(pkt, len); #if defined(CONFIG_SERVERIP_FROM_PROXYDHCP) -- cgit v1.1 From 2434a01d8a82368636383660439be5477c33ceb7 Mon Sep 17 00:00:00 2001 From: Andrew Davis Date: Wed, 9 Nov 2022 11:30:00 -0600 Subject: doc: board: j721e_evm: Add DM firmware steps J721e needs DM firmware when using updated SYSFW. Add steps to fetch, build, and deploy the same. Signed-off-by: Andrew Davis --- doc/board/ti/j721e_evm.rst | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/doc/board/ti/j721e_evm.rst b/doc/board/ti/j721e_evm.rst index 44dc316..8608373 100644 --- a/doc/board/ti/j721e_evm.rst +++ b/doc/board/ti/j721e_evm.rst @@ -142,7 +142,11 @@ Sources: Tree: https://github.com/OP-TEE/optee_os.git Branch: master -4. U-Boot: +4. DM Firmware: + Tree: git://git.ti.com/processor-firmware/ti-linux-firmware.git + Branch: ti-linux-firmware + +5. U-Boot: Tree: https://source.denx.de/u-boot/u-boot Branch: master @@ -152,7 +156,7 @@ Build procedure: .. code-block:: text - $ make CROSS_COMPILE=arm-linux-gnueabihf- + $ make CROSS_COMPILE=arm-linux-gnueabihf- SOC=j721e 2. ATF: @@ -172,15 +176,15 @@ Build procedure: .. code-block:: text - $ make CROSS_COMPILE=arm-linux-gnueabihf- j721e_evm_r5_defconfig O=/tmp/r5 - $ make CROSS_COMPILE=arm-linux-gnueabihf- O=/tmp/r5 + $ make CROSS_COMPILE=arm-linux-gnueabihf- j721e_evm_r5_defconfig O=build/r5 + $ make CROSS_COMPILE=arm-linux-gnueabihf- O=build/r5 * 4.2 A72: .. code-block:: text - $ make CROSS_COMPILE=aarch64-linux-gnu- j721e_evm_a72_defconfig O=/tmp/a72 - $ make CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin DM= O=/tmp/a72 + $ make CROSS_COMPILE=aarch64-linux-gnu- j721e_evm_a72_defconfig O=build/a72 + $ make CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin DM=/ti-dm/j721e/ipc_echo_testb_mcu1_0_release_strip.xer5f O=build/a72 Target Images -------------- -- cgit v1.1 From 4bc50978e6f8e369e272b953fd41f6bee660040d Mon Sep 17 00:00:00 2001 From: Andrew Davis Date: Wed, 9 Nov 2022 11:30:01 -0600 Subject: doc: board: j721e_evm: Fix code-block type and indents * BASH code should be labeled as such. * Code blocks should be indented by 4 spaces. Fix these here. Suggested-by: Heinrich Schuchardt Signed-off-by: Andrew Davis Reviewed-by: Heinrich Schuchardt --- doc/board/ti/j721e_evm.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/board/ti/j721e_evm.rst b/doc/board/ti/j721e_evm.rst index 8608373..ad70f15 100644 --- a/doc/board/ti/j721e_evm.rst +++ b/doc/board/ti/j721e_evm.rst @@ -154,37 +154,37 @@ Build procedure: ---------------- 1. SYSFW: -.. code-block:: text +.. code-block:: bash - $ make CROSS_COMPILE=arm-linux-gnueabihf- SOC=j721e + make CROSS_COMPILE=arm-linux-gnueabihf- SOC=j721e 2. ATF: -.. code-block:: text +.. code-block:: bash - $ make CROSS_COMPILE=aarch64-linux-gnu- ARCH=aarch64 PLAT=k3 TARGET_BOARD=generic SPD=opteed + make CROSS_COMPILE=aarch64-linux-gnu- ARCH=aarch64 PLAT=k3 TARGET_BOARD=generic SPD=opteed 3. OPTEE: -.. code-block:: text +.. code-block:: bash - $ make PLATFORM=k3-j721e CFG_ARM64_core=y + make PLATFORM=k3-j721e CFG_ARM64_core=y 4. U-Boot: * 4.1 R5: -.. code-block:: text +.. code-block:: bash - $ make CROSS_COMPILE=arm-linux-gnueabihf- j721e_evm_r5_defconfig O=build/r5 - $ make CROSS_COMPILE=arm-linux-gnueabihf- O=build/r5 + make CROSS_COMPILE=arm-linux-gnueabihf- j721e_evm_r5_defconfig O=build/r5 + make CROSS_COMPILE=arm-linux-gnueabihf- O=build/r5 * 4.2 A72: -.. code-block:: text +.. code-block:: bash - $ make CROSS_COMPILE=aarch64-linux-gnu- j721e_evm_a72_defconfig O=build/a72 - $ make CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin DM=/ti-dm/j721e/ipc_echo_testb_mcu1_0_release_strip.xer5f O=build/a72 + make CROSS_COMPILE=aarch64-linux-gnu- j721e_evm_a72_defconfig O=build/a72 + make CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin DM=/ti-dm/j721e/ipc_echo_testb_mcu1_0_release_strip.xer5f O=build/a72 Target Images -------------- -- cgit v1.1 From f2d60f6257cf1d4999f4e77a467087dff2c30874 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 1 Dec 2022 19:07:57 +0100 Subject: efi_loader: add an EFI binary to print boot hart ID Provide an EFI binary that prints the boot hart ID as found in the device-tree as /chosen/boot-hartid property and as provided by the RISCV_EFI_BOOT_PROTOCOL. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/Makefile | 6 + lib/efi_loader/boothart.c | 335 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 341 insertions(+) create mode 100644 lib/efi_loader/boothart.c diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8738757..13a35ea 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -12,6 +12,8 @@ ccflags-y += -DHOST_ARCH="$(HOST_ARCH)" CFLAGS_efi_boottime.o += \ -DFW_VERSION="0x$(VERSION)" \ -DFW_PATCHLEVEL="0x$(PATCHLEVEL)" +CFLAGS_boothart.o := $(CFLAGS_EFI) -Os -ffreestanding +CFLAGS_REMOVE_boothart.o := $(CFLAGS_NON_EFI) CFLAGS_helloworld.o := $(CFLAGS_EFI) -Os -ffreestanding CFLAGS_REMOVE_helloworld.o := $(CFLAGS_NON_EFI) CFLAGS_dtbdump.o := $(CFLAGS_EFI) -Os -ffreestanding @@ -19,6 +21,10 @@ CFLAGS_REMOVE_dtbdump.o := $(CFLAGS_NON_EFI) CFLAGS_initrddump.o := $(CFLAGS_EFI) -Os -ffreestanding CFLAGS_REMOVE_initrddump.o := $(CFLAGS_NON_EFI) +ifdef CONFIG_RISCV +always += boothart.efi +endif + ifneq ($(CONFIG_CMD_BOOTEFI_HELLO_COMPILE),) always += helloworld.efi targets += helloworld.o diff --git a/lib/efi_loader/boothart.c b/lib/efi_loader/boothart.c new file mode 100644 index 0000000..df176ee --- /dev/null +++ b/lib/efi_loader/boothart.c @@ -0,0 +1,335 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Check RISC-V boot hart ID + * + * Copyright 2022, Heinrich Schuchardt + * + * This test program reads the boot HART ID both from the device-tree from the + * RISCV_EFI_BOOT_PROTOCOL and writes both values to the console. + */ + +#include +#include +#include + +static const efi_guid_t riscv_efi_boot_protocol_guid = + RISCV_EFI_BOOT_PROTOCOL_GUID; +static const efi_guid_t fdt_guid = EFI_FDT_GUID; + +static struct efi_system_table *systable; +static struct efi_boot_services *boottime; +static struct efi_simple_text_output_protocol *con_out; +static const char *fdt; + +/** + * Print an unsigned 32bit value as decimal number to an u16 string + * + * @value: value to be printed + * @buf: pointer to buffer address + */ +static void uint2dec(u32 value, u16 *buf) +{ + u16 *pos = buf; + int i; + u16 c; + u64 f; + + /* + * Increment by .5 and multiply with + * (2 << 60) / 1,000,000,000 = 0x44B82FA0.9B5A52CC + * to move the first digit to bit 60-63. + */ + f = 0x225C17D0; + f += (0x9B5A52DULL * value) >> 28; + f += 0x44B82FA0ULL * value; + + for (i = 0; i < 10; ++i) { + /* Write current digit */ + c = f >> 60; + if (c || pos != buf) + *pos++ = c + '0'; + /* Eliminate current digit */ + f &= 0xfffffffffffffff; + /* Get next digit */ + f *= 0xaULL; + } + if (pos == buf) + *pos++ = '0'; + *pos = 0; +} + +/** + * f2h() - convert FDT value to host endianness. + * + * UEFI code is always low endian. The FDT is big endian. + * + * @val: FDT value + * Return: converted value + */ +static uint32_t f2h(fdt32_t val) +{ + char *buf = (char *)&val; + char i; + + /* Swap the bytes */ + i = buf[0]; buf[0] = buf[3]; buf[3] = i; + i = buf[1]; buf[1] = buf[2]; buf[2] = i; + + return val; +} + +/** + * memcomp() - compare two memory buffers + * + * s1: first buffer + * s2: second buffer + * n: size of buffers + * Return: 0 if both buffers have the same content + */ +static int memcomp(const void *s1, const void *s2, size_t n) +{ + const char *pos1 = s1, *pos2 = s2; + + for (size_t count = 0; count < n ; ++pos1, ++pos2, --count) { + if (*pos1 != *pos2) + return *pos1 - *pos2; + } + return 0; +} + +/** + * strcomp() - compare to strings + * + * @buf1: first string + * @buf2: second string + * Return: 0 if both strings are the same + */ +static int strcomp(const char *buf1, const char *buf2) +{ + for (; *buf1 || *buf2; ++buf1, ++buf2) { + if (*buf1 != *buf2) + return *buf1 - *buf2; + } + return 0; +} + +/** + * get_property() - return value of a property of an FDT node + * + * A property of the root node or one of its direct children can be + * retrieved. + * + * @property name of the property + * @node name of the node or NULL for root node + * Return: value of the property + */ +static char *get_property(const char *property, const char *node) +{ + struct fdt_header *header = (struct fdt_header *)fdt; + const fdt32_t *end; + const fdt32_t *pos; + const char *strings; + size_t level = 0; + const char *nodelabel = NULL; + + if (!header) { + con_out->output_string(con_out, u"Missing device tree\r\n"); + return NULL; + } + + if (f2h(header->magic) != FDT_MAGIC) { + con_out->output_string(con_out, u"Wrong device tree magic\r\n"); + return NULL; + } + + pos = (fdt32_t *)(fdt + f2h(header->off_dt_struct)); + end = &pos[f2h(header->totalsize) >> 2]; + strings = fdt + f2h(header->off_dt_strings); + + for (; pos < end;) { + switch (f2h(pos[0])) { + case FDT_BEGIN_NODE: { + const char *c = (char *)&pos[1]; + size_t i; + + if (level == 1) + nodelabel = c; + ++level; + for (i = 0; c[i]; ++i) + ; + pos = &pos[2 + (i >> 2)]; + break; + } + case FDT_PROP: { + struct fdt_property *prop = (struct fdt_property *)pos; + const char *label = &strings[f2h(prop->nameoff)]; + efi_status_t ret; + + /* Check if this is the property to be returned */ + if (!strcomp(property, label) && + ((level == 1 && !node) || + (level == 2 && node && + !strcomp(node, nodelabel)))) { + char *str; + efi_uintn_t len = f2h(prop->len); + + if (!len) + return NULL; + /* + * The string might not be 0 terminated. + * It is safer to make a copy. + */ + ret = boottime->allocate_pool( + EFI_LOADER_DATA, len + 1, + (void **)&str); + if (ret != EFI_SUCCESS) { + con_out->output_string( + con_out, + u"AllocatePool failed\r\n"); + return NULL; + } + boottime->copy_mem(str, &pos[3], len); + str[len] = 0; + + return str; + } + + pos = &pos[3 + ((f2h(prop->len) + 3) >> 2)]; + break; + } + case FDT_NOP: + ++pos; + break; + case FDT_END_NODE: + --level; + ++pos; + break; + case FDT_END: + return NULL; + default: + con_out->output_string( + con_out, u"Invalid device tree token\r\n"); + return NULL; + } + } + con_out->output_string( + con_out, u"Missing FDT_END token\r\n"); + return NULL; +} + +/** + * get_config_table() - get configuration table + * + * @guid: table GUID + * Return: pointer to table or NULL + */ +static void *get_config_table(const efi_guid_t *guid) +{ + size_t i; + + for (i = 0; i < systable->nr_tables; i++) { + if (!memcomp(guid, &systable->tables[i].guid, 16)) + return systable->tables[i].table; + } + return NULL; +} + +/** + * fdt_get_hart() - get hart ID via RISC-V device-tree + * + * @hartid: boot hart ID + * Return: status code + */ +static efi_status_t fdt_get_hart(efi_uintn_t *hartid) +{ + char *str; + + fdt = get_config_table(&fdt_guid); + if (!fdt) { + con_out->output_string(con_out, u"Missing device tree\r\n"); + return EFI_NOT_FOUND; + } + + str = get_property("boot-hartid", "chosen"); + if (!str) { + con_out->output_string(con_out, + u"/chosen/boot-hartid missing\r\n"); + return EFI_NOT_FOUND; + } + *hartid = f2h(*(fdt32_t *)str); + boottime->free_pool(str); + + return EFI_SUCCESS; +} + +/** + * prot_get_hart() - get hart ID via RISC-V Boot Protocol + * + * @hartid: boot hart ID + * Return: status code + */ +static efi_status_t prot_get_hart(efi_uintn_t *hartid) +{ + efi_status_t ret; + struct riscv_efi_boot_protocol *prot; + + /* Get RISC-V boot protocol */ + ret = boottime->locate_protocol(&riscv_efi_boot_protocol_guid, NULL, + (void **)&prot); + if (ret != EFI_SUCCESS) { + con_out->output_string( + con_out, u"RISC-V Boot Protocol not available\r\n"); + return ret; + } + + /* Get boot hart ID from EFI protocol */ + ret = prot->get_boot_hartid(prot, hartid); + if (ret != EFI_SUCCESS) + con_out->output_string(con_out, + u"Could not retrieve boot hart ID\r\n"); + return ret; +} + +/** + * efi_main() - entry point of the EFI application. + * + * @handle: handle of the loaded image + * @systab: system table + * Return: status code + */ +efi_status_t EFIAPI efi_main(efi_handle_t handle, + struct efi_system_table *systab) +{ + efi_status_t ret; + efi_uintn_t hartid; + u16 buf[16]; + + systable = systab; + boottime = systable->boottime; + con_out = systable->con_out; + + con_out->output_string(con_out, + u"\r\nBoot hart ID\r\n------------\r\n\r\n"); + + ret = fdt_get_hart(&hartid); + if (ret == EFI_SUCCESS) { + con_out->output_string(con_out, u"Device-tree: "); + uint2dec(hartid, buf); + con_out->output_string(con_out, buf); + con_out->output_string(con_out, u"\r\n"); + } + + ret = prot_get_hart(&hartid); + if (ret == EFI_SUCCESS) { + con_out->output_string(con_out, u"RISCV_EFI_BOOT_PROTOCOL: "); + uint2dec(hartid, buf); + con_out->output_string(con_out, buf); + con_out->output_string(con_out, u"\r\n"); + } + + con_out->output_string(con_out, u"\r\n"); + boottime->exit(handle, EFI_SUCCESS, 0, NULL); + + /* We should never arrive here */ + return EFI_SUCCESS; +} -- cgit v1.1 From f2833d451c0e5e0aecec4d431cbe4ffa21f2e433 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 22 Nov 2022 12:25:10 +0100 Subject: efi_selftest: test FatToStr() truncation Let the FatToStr test check that the FatSize parameter is considered. Signed-off-by: Heinrich Schuchardt --- lib/efi_selftest/efi_selftest_unicode_collation.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_selftest/efi_selftest_unicode_collation.c b/lib/efi_selftest/efi_selftest_unicode_collation.c index 11050a3..32c99ca 100644 --- a/lib/efi_selftest/efi_selftest_unicode_collation.c +++ b/lib/efi_selftest/efi_selftest_unicode_collation.c @@ -178,7 +178,7 @@ static int test_fat_to_str(void) boottime->set_mem(str, sizeof(str), 0); unicode_collation_protocol->fat_to_str(unicode_collation_protocol, 6, - "U-BOOT", str); + "U-BOOT!", str); if (efi_st_strcmp_16_8(str, "U-BOOT")) { efi_st_error("fat_to_str returned \"%ps\"\n", str); return EFI_ST_FAILURE; -- cgit v1.1 From 1702055eb3010a9bd473f49565613899177aeb36 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 26 Nov 2022 16:44:38 +0100 Subject: efi_loader: fix handling of DHCP acknowledge The dhcp command may be executed after the first UEFI command. We should still update the EFI_PXE_BASE_CODE_PROTOCOL. Don't leak content of prior acknowledge packages. Handle failing allocation when calling malloc(). Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- lib/efi_loader/efi_net.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c index 69276b2..96a5bcc 100644 --- a/lib/efi_loader/efi_net.c +++ b/lib/efi_loader/efi_net.c @@ -30,6 +30,7 @@ static uchar **receive_buffer; static size_t *receive_lengths; static int rx_packet_idx; static int rx_packet_num; +static struct efi_net_obj *netobj; /* * The notification function of this event is called in every timer cycle @@ -660,10 +661,16 @@ void efi_net_set_dhcp_ack(void *pkt, int len) { int maxsize = sizeof(*dhcp_ack); - if (!dhcp_ack) + if (!dhcp_ack) { dhcp_ack = malloc(maxsize); - + if (!dhcp_ack) + return; + } + memset(dhcp_ack, 0, maxsize); memcpy(dhcp_ack, pkt, min(len, maxsize)); + + if (netobj) + netobj->pxe_mode.dhcp_ack = *dhcp_ack; } /** @@ -853,7 +860,6 @@ static efi_status_t EFIAPI efi_pxe_base_code_set_packets( */ efi_status_t efi_net_register(void) { - struct efi_net_obj *netobj = NULL; efi_status_t r; int i; @@ -982,6 +988,7 @@ failure_to_add_protocol: return r; out_of_resources: free(netobj); + netobj = NULL; free(transmit_buffer); if (receive_buffer) for (i = 0; i < ETH_PACKETS_BATCH_RECV; i++) -- cgit v1.1 From 1a12796292c026d6e86cf533eaa7a121776236a4 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 29 Nov 2022 16:00:41 +0100 Subject: efi_loader: don't use EFI_LOADER_DATA internally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit EFI_LOADER_DATA/CODE is reserved for EFI applications. Memory allocated by U-Boot for internal usage should be EFI_BOOT_SERVICES_DATA or _CODE or EFI_RUNTIME_SERVICES_DATA or _CODE. Reported-by: François-Frédéric Ozog Signed-off-by: Heinrich Schuchardt Reviewed-by: François-Frédéric Ozog Reviewed-by: Ilias Apalodimas --- cmd/efidebug.c | 2 +- lib/efi_loader/efi_memory.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/efidebug.c b/cmd/efidebug.c index ef239bb..64104da 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -600,7 +600,7 @@ static int do_efi_show_memmap(struct cmd_tbl *cmdtp, int flag, ret = efi_get_memory_map(&map_size, memmap, NULL, NULL, NULL); if (ret == EFI_BUFFER_TOO_SMALL) { map_size += sizeof(struct efi_mem_desc); /* for my own */ - ret = efi_allocate_pool(EFI_LOADER_DATA, map_size, + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, map_size, (void *)&memmap); if (ret != EFI_SUCCESS) return CMD_RET_FAILURE; diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c index a17b426..8d347f1 100644 --- a/lib/efi_loader/efi_memory.c +++ b/lib/efi_loader/efi_memory.c @@ -823,7 +823,7 @@ static void add_u_boot_and_runtime(void) uboot_stack_size) & ~EFI_PAGE_MASK; uboot_pages = ((uintptr_t)map_sysmem(gd->ram_top - 1, 0) - uboot_start + EFI_PAGE_MASK) >> EFI_PAGE_SHIFT; - efi_add_memory_map_pg(uboot_start, uboot_pages, EFI_LOADER_DATA, + efi_add_memory_map_pg(uboot_start, uboot_pages, EFI_BOOT_SERVICES_CODE, false); #if defined(__aarch64__) @@ -857,7 +857,7 @@ int efi_memory_init(void) /* Request a 32bit 64MB bounce buffer region */ uint64_t efi_bounce_buffer_addr = 0xffffffff; - if (efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA, + if (efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, EFI_BOOT_SERVICES_DATA, (64 * 1024 * 1024) >> EFI_PAGE_SHIFT, &efi_bounce_buffer_addr) != EFI_SUCCESS) return -1; -- cgit v1.1 From 7fb73cd99984558a241fdcfec9001041c8c96033 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 30 Nov 2022 17:58:56 +0100 Subject: doc: board: typo GIUD Microchip MPFS Icicle Kit doc %s/GIUD/GUID/ Fixes: 9e550e18305f ("doc: board: Add Microchip MPFS Icicle Kit doc") Signed-off-by: Heinrich Schuchardt Reviewed-by: Bin Meng --- doc/board/microchip/mpfs_icicle.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/board/microchip/mpfs_icicle.rst b/doc/board/microchip/mpfs_icicle.rst index a4b10c6..09c2c6a 100644 --- a/doc/board/microchip/mpfs_icicle.rst +++ b/doc/board/microchip/mpfs_icicle.rst @@ -209,7 +209,7 @@ GUID type ~~~~~~~~~ The HSS always picks up HSS payload from a GPT partition with -GIUD type "21686148-6449-6E6F-744E-656564454649" or sector '0' of the eMMC if no +GUID type "21686148-6449-6E6F-744E-656564454649" or sector '0' of the eMMC if no GPT partition. Booting @@ -460,7 +460,7 @@ GUID type ~~~~~~~~~ The HSS always picks up the HSS payload from a GPT partition with -GIUD type "21686148-6449-6E6F-744E-656564454649" or sector '0' of the eMMC if no +GUID type "21686148-6449-6E6F-744E-656564454649" or sector '0' of the eMMC if no GPT partition. Sample boot log from MPFS Icicle Kit -- cgit v1.1 From c67d3c9e2330f54d9ba883beac33ddc06216ef8f Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 2 Dec 2022 13:59:33 +0900 Subject: eficonfig: fix going one directory up issue The directory name in eficonfig menu entry contains the '\' separator. strcmp() argument ".." is wrong and one directory up handling does not work correctly. strcmp() argument must include '\' separator. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- cmd/eficonfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index 97d3559..5529edc 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -488,7 +488,7 @@ static efi_status_t eficonfig_file_selected(void *data) if (!info) return EFI_INVALID_PARAMETER; - if (!strcmp(info->file_name, "..")) { + if (!strcmp(info->file_name, "..\\")) { struct eficonfig_filepath_info *iter; struct list_head *pos, *n; int is_last; -- cgit v1.1 From 78b1ccc430e427d0b98e3bfcd04179eb77c14148 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 2 Dec 2022 13:59:34 +0900 Subject: eficonfig: use u16_strsize() to get u16 string buffer size Use u16_strsize() to simplify the u16 string buffer size calculation. Signed-off-by: Masahisa Kojima Reviewed-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- cmd/eficonfig.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index 5529edc..88d507d 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -452,8 +452,7 @@ struct efi_device_path *eficonfig_create_device_path(struct efi_device_path *dp_ struct efi_device_path *dp; struct efi_device_path_file_path *fp; - fp_size = sizeof(struct efi_device_path) + - ((u16_strlen(current_path) + 1) * sizeof(u16)); + fp_size = sizeof(struct efi_device_path) + u16_strsize(current_path); buf = calloc(1, fp_size + sizeof(END)); if (!buf) return NULL; -- cgit v1.1 From 3ac026ae46f2c55b11b9544f7e8770eaadd2982c Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 2 Dec 2022 13:59:35 +0900 Subject: efi_loader: utility function to check the variable name is "Boot####" Some commands need to enumerate the existing UEFI load option variable("Boot####"). This commit transfers some code from cmd/efidebug.c to lib/efi_loder/, then exposes efi_varname_is_load_option() function to check whether the UEFI variable name is "Boot####". Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas --- cmd/efidebug.c | 23 +---------------------- include/efi_loader.h | 1 + lib/efi_loader/efi_helper.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 22 deletions(-) diff --git a/cmd/efidebug.c b/cmd/efidebug.c index 64104da..569003a 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -1010,17 +1010,6 @@ static void show_efi_boot_opt(u16 *varname16) } } -static int u16_tohex(u16 c) -{ - if (c >= '0' && c <= '9') - return c - '0'; - if (c >= 'A' && c <= 'F') - return c - 'A' + 10; - - /* not hexadecimal */ - return -1; -} - /** * show_efi_boot_dump() - dump all UEFI load options * @@ -1041,7 +1030,6 @@ static int do_efi_boot_dump(struct cmd_tbl *cmdtp, int flag, u16 *var_name16, *p; efi_uintn_t buf_size, size; efi_guid_t guid; - int id, i, digit; efi_status_t ret; if (argc > 1) @@ -1074,16 +1062,7 @@ static int do_efi_boot_dump(struct cmd_tbl *cmdtp, int flag, return CMD_RET_FAILURE; } - if (memcmp(var_name16, u"Boot", 8)) - continue; - - for (id = 0, i = 0; i < 4; i++) { - digit = u16_tohex(var_name16[4 + i]); - if (digit < 0) - break; - id = (id << 4) + digit; - } - if (i == 4 && !var_name16[8]) + if (efi_varname_is_load_option(var_name16, NULL)) show_efi_boot_opt(var_name16); } diff --git a/include/efi_loader.h b/include/efi_loader.h index 0c6c95b..0899e29 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -707,6 +707,7 @@ int algo_to_len(const char *algo); int efi_link_dev(efi_handle_t handle, struct udevice *dev); int efi_unlink_dev(efi_handle_t handle); +bool efi_varname_is_load_option(u16 *var_name16, int *index); /** * efi_size_in_pages() - convert size in bytes to size in pages diff --git a/lib/efi_loader/efi_helper.c b/lib/efi_loader/efi_helper.c index c71e87d..788cb9f 100644 --- a/lib/efi_loader/efi_helper.c +++ b/lib/efi_loader/efi_helper.c @@ -190,3 +190,36 @@ int efi_unlink_dev(efi_handle_t handle) return 0; } + +static int u16_tohex(u16 c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + + /* not hexadecimal */ + return -1; +} + +bool efi_varname_is_load_option(u16 *var_name16, int *index) +{ + int id, i, digit; + + if (memcmp(var_name16, u"Boot", 8)) + return false; + + for (id = 0, i = 0; i < 4; i++) { + digit = u16_tohex(var_name16[4 + i]); + if (digit < 0) + break; + id = (id << 4) + digit; + } + if (i == 4 && !var_name16[8]) { + if (index) + *index = id; + return true; + } + + return false; +} -- cgit v1.1 From 140a8959d48f8ac3734d53b4c8b6b9b5596bc698 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 2 Dec 2022 13:59:36 +0900 Subject: eficonfig: use efi_get_next_variable_name_int() eficonfig command reads all possible UEFI load options from 0x0000 to 0xFFFF to construct the menu. This takes too much time in some environment. This commit uses efi_get_next_variable_name_int() to read all existing UEFI load options to significantlly reduce the count of efi_get_var() call. Signed-off-by: Masahisa Kojima --- cmd/eficonfig.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 117 insertions(+), 24 deletions(-) diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index 88d507d..394ae67 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -1683,7 +1683,8 @@ static efi_status_t eficonfig_show_boot_selection(unsigned int *selected) u32 i; u16 *bootorder; efi_status_t ret; - efi_uintn_t num, size; + u16 *var_name16 = NULL, *p; + efi_uintn_t num, size, buf_size; struct efimenu *efi_menu; struct list_head *pos, *n; struct eficonfig_entry *entry; @@ -1707,14 +1708,43 @@ static efi_status_t eficonfig_show_boot_selection(unsigned int *selected) } /* list the remaining load option not included in the BootOrder */ - for (i = 0; i <= 0xFFFF; i++) { - /* If the index is included in the BootOrder, skip it */ - if (search_bootorder(bootorder, num, i, NULL)) - continue; + buf_size = 128; + var_name16 = malloc(buf_size); + if (!var_name16) + return EFI_OUT_OF_RESOURCES; - ret = eficonfig_add_boot_selection_entry(efi_menu, i, selected); - if (ret != EFI_SUCCESS) - goto out; + var_name16[0] = 0; + for (;;) { + int index; + efi_guid_t guid; + + size = buf_size; + ret = efi_get_next_variable_name_int(&size, var_name16, &guid); + if (ret == EFI_NOT_FOUND) + break; + if (ret == EFI_BUFFER_TOO_SMALL) { + buf_size = size; + p = realloc(var_name16, buf_size); + if (!p) { + free(var_name16); + return EFI_OUT_OF_RESOURCES; + } + var_name16 = p; + ret = efi_get_next_variable_name_int(&size, var_name16, &guid); + } + if (ret != EFI_SUCCESS) { + free(var_name16); + return ret; + } + if (efi_varname_is_load_option(var_name16, &index)) { + /* If the index is included in the BootOrder, skip it */ + if (search_bootorder(bootorder, num, index, NULL)) + continue; + + ret = eficonfig_add_boot_selection_entry(efi_menu, index, selected); + if (ret != EFI_SUCCESS) + goto out; + } if (efi_menu->count >= EFICONFIG_ENTRY_NUM_MAX - 1) break; @@ -1732,6 +1762,8 @@ out: } eficonfig_destroy(efi_menu); + free(var_name16); + return ret; } @@ -1994,6 +2026,8 @@ static efi_status_t eficonfig_create_change_boot_order_entry(struct efimenu *efi u32 i; char *title; efi_status_t ret; + u16 *var_name16 = NULL, *p; + efi_uintn_t size, buf_size; /* list the load option in the order of BootOrder variable */ for (i = 0; i < num; i++) { @@ -2006,17 +2040,45 @@ static efi_status_t eficonfig_create_change_boot_order_entry(struct efimenu *efi } /* list the remaining load option not included in the BootOrder */ - for (i = 0; i < 0xFFFF; i++) { + buf_size = 128; + var_name16 = malloc(buf_size); + if (!var_name16) + return EFI_OUT_OF_RESOURCES; + + var_name16[0] = 0; + for (;;) { + int index; + efi_guid_t guid; + if (efi_menu->count >= EFICONFIG_ENTRY_NUM_MAX - 2) break; - /* If the index is included in the BootOrder, skip it */ - if (search_bootorder(bootorder, num, i, NULL)) - continue; - - ret = eficonfig_add_change_boot_order_entry(efi_menu, i, false); + size = buf_size; + ret = efi_get_next_variable_name_int(&size, var_name16, &guid); + if (ret == EFI_NOT_FOUND) + break; + if (ret == EFI_BUFFER_TOO_SMALL) { + buf_size = size; + p = realloc(var_name16, buf_size); + if (!p) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + var_name16 = p; + ret = efi_get_next_variable_name_int(&size, var_name16, &guid); + } if (ret != EFI_SUCCESS) goto out; + + if (efi_varname_is_load_option(var_name16, &index)) { + /* If the index is included in the BootOrder, skip it */ + if (search_bootorder(bootorder, num, index, NULL)) + continue; + + ret = eficonfig_add_change_boot_order_entry(efi_menu, index, false); + if (ret != EFI_SUCCESS) + goto out; + } } /* add "Save" and "Quit" entries */ @@ -2035,9 +2097,9 @@ static efi_status_t eficonfig_create_change_boot_order_entry(struct efimenu *efi goto out; efi_menu->active = 0; - - return EFI_SUCCESS; out: + free(var_name16); + return ret; } @@ -2270,17 +2332,48 @@ out: efi_status_t eficonfig_delete_invalid_boot_option(struct eficonfig_media_boot_option *opt, efi_status_t count) { - u32 i, j; + u32 i; efi_uintn_t size; void *load_option; struct efi_load_option lo; + u16 *var_name16 = NULL, *p; u16 varname[] = u"Boot####"; efi_status_t ret = EFI_SUCCESS; + efi_uintn_t varname_size, buf_size; - for (i = 0; i <= 0xFFFF; i++) { + buf_size = 128; + var_name16 = malloc(buf_size); + if (!var_name16) + return EFI_OUT_OF_RESOURCES; + + var_name16[0] = 0; + for (;;) { + int index; + efi_guid_t guid; efi_uintn_t tmp; - efi_create_indexed_name(varname, sizeof(varname), "Boot", i); + varname_size = buf_size; + ret = efi_get_next_variable_name_int(&varname_size, var_name16, &guid); + if (ret == EFI_NOT_FOUND) + break; + if (ret == EFI_BUFFER_TOO_SMALL) { + buf_size = varname_size; + p = realloc(var_name16, buf_size); + if (!p) { + free(var_name16); + return EFI_OUT_OF_RESOURCES; + } + var_name16 = p; + ret = efi_get_next_variable_name_int(&varname_size, var_name16, &guid); + } + if (ret != EFI_SUCCESS) { + free(var_name16); + return ret; + } + if (!efi_varname_is_load_option(var_name16, &index)) + continue; + + efi_create_indexed_name(varname, sizeof(varname), "Boot", index); load_option = efi_get_var(varname, &efi_global_variable_guid, &size); if (!load_option) continue; @@ -2292,15 +2385,15 @@ efi_status_t eficonfig_delete_invalid_boot_option(struct eficonfig_media_boot_op if (size >= sizeof(efi_guid_bootmenu_auto_generated)) { if (guidcmp(lo.optional_data, &efi_guid_bootmenu_auto_generated) == 0) { - for (j = 0; j < count; j++) { - if (opt[j].size == tmp && - memcmp(opt[j].lo, load_option, tmp) == 0) { - opt[j].exist = true; + for (i = 0; i < count; i++) { + if (opt[i].size == tmp && + memcmp(opt[i].lo, load_option, tmp) == 0) { + opt[i].exist = true; break; } } - if (j == count) { + if (i == count) { ret = delete_boot_option(i); if (ret != EFI_SUCCESS) { free(load_option); -- cgit v1.1 From 30124c2bb96decd737963c043b26407791859faf Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 2 Dec 2022 13:59:37 +0900 Subject: doc: eficonfig: add description for UEFI Secure Boot Configuration This commits adds the description for the UEFI Secure Boot Configuration through the eficonfig menu. Signed-off-by: Masahisa Kojima Redacted the complete document. Signed-off-by: Heinrich Schuchardt --- doc/usage/cmd/eficonfig.rst | 90 ++++++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 29 deletions(-) diff --git a/doc/usage/cmd/eficonfig.rst b/doc/usage/cmd/eficonfig.rst index 340ebc8..30eb72b 100644 --- a/doc/usage/cmd/eficonfig.rst +++ b/doc/usage/cmd/eficonfig.rst @@ -13,49 +13,43 @@ Synopsis Description ----------- -The "eficonfig" command uses U-Boot menu interface and provides -a menu-driven UEFI variable maintenance feature. -The "eficonfig" has the following menu entries. +The "eficonfig" command uses the U-Boot menu interface to provide a +menu-driven UEFI variable maintenance feature. These are the top level menu +entries: Add Boot Option - Add new UEFI Boot Option. - User can edit description, file path, and optional_data. + Add a new UEFI Boot Option. + The user can edit description, file path, and optional_data. + The new boot opiton is appended to the boot order in the *BootOrder* + variable. The user may want to update the boot order using the + *Change Boot Order* menu entry. Edit Boot Option - Edit the existing UEFI Boot Option - User can edit description, file path, and optional_data. + Edit an existing UEFI Boot Option. + The User can edit description, file path, and optional_data. Change Boot Order - Change the order of UEFI BootOrder variable. + Change the boot order updating the UEFI BootOrder variable. Delete Boot Option - Delete the UEFI Boot Option + Delete a UEFI Boot Option -Configuration -------------- +Secure Boot Configuration + Edit the UEFI Secure Boot Configuration -The "eficonfig" command is enabled by:: +How to boot the system with a newly added UEFI Boot Option +'''''''''''''''''''''''''''''''''''''''''''''''''''''''''' - CONFIG_CMD_EFICONFIG=y - -If CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE is enabled, user can not enter -U-Boot console. In this case, bootmenu can be used to invoke "eficonfig":: - - CONFIG_USE_PREBOOT=y - CONFIG_PREBOOT="setenv bootmenu_0 UEFI Maintenance Menu=eficonfig" +The "eficonfig" command is used to set the UEFI boot options which are stored +in the UEFI variable Boot#### where #### is a hexadecimal number. -How to boot the system with newly added UEFI Boot Option -'''''''''''''''''''''''''''''''''''''''''''''''''''''''' +The command *bootefi bootmgr* can be used to boot by trying in sequence all +boot options selected by the variable *BootOrder*. -"eficonfig" command is responsible for configuring the UEFI variables, -not directly handle the system boot. -The new Boot Option added by "eficonfig" is appended at the last entry -of UEFI BootOrder variable, user may want to change the boot order -through "Change Boot Order". If the bootmenu is enabled, CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE is enabled, and "eficonfig" is configured as preboot command, the newly added Boot Options -are enumerated in the bootmenu when user exits from the eficonfig menu. -User may select the entry in the bootmenu to boot the system, or follow +are enumerated in the bootmenu when the user exits from the eficonfig menu. +The user may select the entry in the bootmenu to boot the system, or follow the U-Boot configuration the system already has. Auto boot with the UEFI Boot Option @@ -66,6 +60,44 @@ add "bootefi bootmgr" entry as a default or first bootmenu entry:: CONFIG_PREBOOT="setenv bootmenu_0 UEFI Boot Manager=bootefi bootmgr; setenv bootmenu_1 UEFI Maintenance Menu=eficonfig" +UEFI Secure Boot Configuration +'''''''''''''''''''''''''''''' + +The user can enroll the variables PK, KEK, db and dbx by selecting a file. +The "eficonfig" command only accepts signed EFI Signature List(s) with an +authenticated header, typically a ".auth" file. + +To clear the PK, KEK, db and dbx, the user needs to enroll a null value +signed by PK or KEK. + +Configuration +------------- + +The "eficonfig" command is enabled by:: + + CONFIG_CMD_EFICONFIG=y + +If CONFIG_BOOTMENU_DISABLE_UBOOT_CONSOLE is enabled, the user can not enter +U-Boot console. In this case, the bootmenu can be used to invoke "eficonfig":: + + CONFIG_USE_PREBOOT=y + CONFIG_PREBOOT="setenv bootmenu_0 UEFI Maintenance Menu=eficonfig" + +The only way U-Boot can currently store EFI variables on a tamper +resistant medium is via OP-TEE. The Kconfig option that enables that is:: + + CONFIG_EFI_MM_COMM_TEE=y. + +It enables storing EFI variables on the RPMB partition of an eMMC device. + +The UEFI Secure Boot Configuration menu entry is only available if the following +options are enabled:: + + CONFIG_EFI_SECURE_BOOT=y + CONFIG_EFI_MM_COMM_TEE=y + See also -------- -* :doc:`bootmenu` provides a simple mechanism for creating menus with different boot items + +* :doc:`bootmenu` provides a simple mechanism for creating menus with + different boot items -- cgit v1.1