summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* tpm: Remove use of build-time TPM versionsSimon Glass2018-12-052-11/+18
| | | | | | | | | | | | There is only one place in the code which assumes at build-time that we are using either a v1 or a v2 TPM. Fix this up and add a new function to return the version of a TPM. Supported TPM versions (v1 and v2) can be enabled independently and it is possible to use both versions at once. This is useful for sandbox when running tests. Signed-off-by: Simon Glass <sjg@chromium.org>
* sandbox: physmem: Use mapping to support sandboxSimon Glass2018-12-051-1/+3
| | | | | | | Replace the raw cast with a map_sysmem() call so this code works with sandbox. Signed-off-by: Simon Glass <sjg@chromium.org>
* Merge tag 'signed-efi-next' of git://github.com/agraf/u-bootTom Rini2018-12-0337-339/+1158
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Patch queue for efi - 2018-12-03 This release is fully packed with lots of glorious improvements in UEFI land again! - Make PE images more standards compliant - Improve sandbox support - Improve correctness - Fix RISC-V execution on virt model - Honor board defined top of ram (fixes a few boards) - Imply DM USB access when distro boot is available - Code cleanups
| * efi_loader: bootmgr: add load option helper functionsAKASHI Takahiro2018-12-031-33/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | In this patch, helper functions for an load option variable (BootXXXX) are added: * efi_deserialize_load_option(): parse a string into load_option data (renamed from parse_load_option and exported) * efi_serialize_load_option(): convert load_option data into a string Those functions will be used to implement efishell command. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: allow device == NULL in efi_dp_from_name()AKASHI Takahiro2018-12-031-4/+7
| | | | | | | | | | | | | | | | | | This is a preparatory patch for use in efi_serialize_load_option() as a load option's file_path should have both a device path and a file path. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: Align runtime section to 64kbAlexander Graf2018-12-021-3/+17
| | | | | | | | | | | | | | | | | | | | The UEFI spec mandates that runtime sections are 64kb aligned to enable support for 64kb page size OSs. This patch ensures that we extend the runtime section to 64kb to be spec compliant. Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: rename setup_okHeinrich Schuchardt2018-12-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | The variable name setup_ok might suggest a boolean with true indicating OK. Let's avoid the misleading name. %s/setup_ok/setup_status/g Suggested-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: fix simple network protocolHeinrich Schuchardt2018-12-021-59/+332
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not call eth_rx() before the network interface is initialized. The services of the simple network protocol should check the state of the network adapter. Add and correct comments. Without this patch i.mx6 system Wandboard Quad rev B1 fails to execute bootefi selftest. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: correctly aligned transmit bufferHeinrich Schuchardt2018-12-021-11/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling net_send_packet() requires that the buffer is aligned to a multiple of PKTALIGN (= ARCH_DMA_MINALIGN). The UEFI spec does not require efi_net_transmit() to be called with a buffer with any special alignment. So we have to copy to an aligned buffer. The current coding copies to an aligned buffer only if CONFIG_EFI_LOADER_BOUNCE_BUFFER=y. Many boards like the Odroid C2 do not use a bounce buffer. With the patch we copy to a correctly aligned buffer in all cases. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: fix simple network protocol testHeinrich Schuchardt2018-12-021-8/+8
| | | | | | | | | | | | | | | | To use the simple network protocol we have to call the start service first and the initialize service second. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: check fdt is marked as runtime dataHeinrich Schuchardt2018-12-021-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | Check that the memory area containing the device tree is marked as runtime data. Update the Python test to pass ${fdtcontroladdr} to bootefi. Update the description of the Python test. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * fdt: sandbox: correct use of ${fdtcontroladdr}Heinrich Schuchardt2018-12-021-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The sandbox uses a virtual address space that is neither the physical nor the virtual address space of the operating system. All address used on the command line live in this address space. So also the environment variable ${fdtcontroladdr} has to be in this address space. Commands like bootefi and booti receive the fdt address as parameter. Without the patch ${fdtcontroladdr} cannot be used as parameter value on the sandbox. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: macro efi_size_in_pages()Heinrich Schuchardt2018-12-021-3/+3
| | | | | | | | | | | | | | | | | | | | | | When allocating EFI memory pages the size in bytes has to be converted to pages. Provide a macro efi_size_in_pages() for this conversion. Use it in the EFI subsystem and correct related comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: building sandbox with EFI_SELFTESTHeinrich Schuchardt2018-12-021-1/+1
| | | | | | | | | | | | | | Enable building the sandbox with CONFIG_EFI_SELFTEST. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: add test for memory allocationHeinrich Schuchardt2018-12-022-0/+164
| | | | | | | | | | | | | | | | This unit test checks the following runtime services: AllocatePages, FreePages, GetMemoryMap Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: eliminate sandbox addressesHeinrich Schuchardt2018-12-021-5/+4
| | | | | | | | | | | | | | | | | | | | | | Do not use the sandbox's virtual address space for the internal structures of the memory map. This way we can eliminate a whole lot of unnecessary conversions. The only conversion remaining is the one when adding known memory. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: Reserve unaccessible memoryAlexander Graf2018-12-021-3/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On some systems, not all RAM may be usable within U-Boot. Maybe the memory maps are incomplete, maybe it's used as workaround for broken DMA. But whatever the reason may be, a platform can say that it does not wish to have its RAM accessed above a certain address by defining board_get_usable_ram_top(). In the efi_loader world, we ignored that hint, mostly because very few boards actually have real restrictions around this. So let's honor the board's wish to not access high addresses during boot time. The best way to do so is by indicating the respective pages as "allocated by firmware". That way, Operating Systems will still use the pages after boot, but before boot no allocation will use them. Reported-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Baruch Siach <baruch@tkos.co.il>
| * efi_selftest: incorrect use of bitwise orHeinrich Schuchardt2018-12-021-1/+1
| | | | | | | | | | | | | | We should use a logical or when combining logical values. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * sandbox: smbios: Update to support sandboxSimon Glass2018-12-022-16/+56
| | | | | | | | | | | | | | | | At present this code casts addresses to pointers so cannot be used with sandbox. Update it to use mapmem instead. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * Revert "efi_loader: remove efi_exit_caches()"Alexander Graf2018-12-021-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 3170db63c41a2eda6ee6573353bb4de8c7c1b9d5. It reportedly breaks OpenBSD/armv7 booting and I've already received complaints from people that it breaks some Linux armv7 systems as well. We'll have to give this whole caching story a good bit more thought. Reported-by: Jonathan Gray <jsg@jsg.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: use u16* for UTF16 stringsHeinrich Schuchardt2018-12-021-1/+1
| | | | | | | | | | | | | | We should be consistent in the types that we use to store Unicode strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: SetVirtualAddressMap() should return EFI_UNSUPPORTEDAKASHI Takahiro2018-12-021-1/+1
| | | | | | | | | | | | | | See UEFI specification 2.7, section 8.4. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: correct a function prototype of QueryCapsuleCapabilities()AKASHI Takahiro2018-12-021-2/+2
| | | | | | | | | | | | | | See UEFI specification v2.7, section 8.5.3. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: correct efi_add_known_memory()Heinrich Schuchardt2018-12-021-6/+14
| | | | | | | | | | | | | | | | | | | | | | If a memory bank is not EFI_PAGE_SIZE aligned efi_add_known_memory() the number of memory pages may be incorrectly calculated. We have to round up the start address and to round down the end address to determine which complete pages are provided by the memory bank. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: do not use unsupported printf codeHeinrich Schuchardt2018-12-021-3/+3
| | | | | | | | | | | | | | | | | | | | Using %zu for efi_intn_t (ssize_t) creates a build warning. Anyway %zu is not supported by efi_st_error(). So let's convert to int. Our implementation of StriColl() only returns -1, 0, or 1. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: Ensure memory allocations are page alignedAlexander Graf2018-12-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the max_addr parameter of efi_find_free_memory() is within bounds of an existing map and fits the reservation, we just return that address as allocation value. That breaks however if max_addr is not page aligned. So ensure that it always comes to us page aligned, simplifying the allocation logic. Without this, I've seen breakage where we were allocating pages at -1U (32bit) which fits into a region that spans beyond 0x100000000. In that case, we would return 0xffffffff as a valid memory allocation, although we usually do guarantee they are all page aligned. Fix this by aligning the max address argument always. Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: Handle RELA absolute relocations properlyAlexander Graf2018-12-021-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With RELA absolute relocations, the relocation target contains our link offset which we need to remove from the equation again. We did this properly in the relative relocation path, but not in the absolute one. So let's do this for the absolute one as well. That way, u-boot can have a TEXT_OFFSET of != 0 and still relocate itself properly. This fixes a bug where efi_loader did not work on the RISC-V QEMU port. With this patch, I can successfully run UEFI applications on the RISC-V QEMU port. Reported-by: Auer, Lukas <lukas.auer@aisec.fraunhofer.de> Signed-off-by: Alexander Graf <agraf@suse.de> Tested-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
| * efi_loader: fix typosHeinrich Schuchardt2018-12-025-15/+18
| | | | | | | | | | | | | | Fix typos in EFI subsystem comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: do not write to linker generated arrayHeinrich Schuchardt2018-12-021-9/+22
| | | | | | | | | | | | | | | | | | | | | | Linker generated arrays may be stored in code sections of memory that are not writable. So let's allocate setup_ok as an array at runtime. This avoids an illegal memory access observed in the sandbox. Reported-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: fix typos in efi_device_path.cHeinrich Schuchardt2018-12-021-11/+12
| | | | | | | | | | | | | | Fix some typos in comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: add efi_dp_from_name()AKASHI Takahiro2018-12-021-0/+47
| | | | | | | | | | | | | | | | Factor out efi_set_bootdev() and extract efi_dp_from_name(). This function will be used to set a boot device in efishell command. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: UninstallMultipleProtocolInterfaces error codeHeinrich Schuchardt2018-12-022-4/+17
| | | | | | | | | | | | | | | | | | | | If UninstallMultipleProtocolInterfaces fails, we sometimes return the wrong status code. The UEFI spec mandates to always return EFI_INVALID_PARAMETER. Update unit test. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: use CR LF in helloworldHeinrich Schuchardt2018-12-021-13/+27
| | | | | | | | | | | | | | | | | | | | | | | | The UEFI spec defines that a line feed moves the cursor to the next line and (only) a carriage return moves the cursor to the beginning of the line. So we should issue CR LF when we want to get to the start of the next line. Add some comments. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: rename parent to headerHeinrich Schuchardt2018-12-024-35/+52
| | | | | | | | | | | | | | | | Rename the component parent of some EFI objects to header. This avoids misunderstandings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: eliminate handle memberHeinrich Schuchardt2018-12-026-52/+51
| | | | | | | | | | | | | | | | A pointer to a struct efi_object is a handle. We do not need any handle member in this structure. Let's eliminate it. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: typedef struct efi_object *efi_handle_tHeinrich Schuchardt2018-12-023-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | All our handles point to a struct efi_object. So let's define the efi_handle_t accordingly. This helps us to discover coding errors much more easily. This becomes evident by the corrections to the usage of handles in this patch. Rename variable image_handle to image_obj where applicable. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: fix typosHeinrich Schuchardt2018-12-0211-22/+20
| | | | | | | | | | | | | | | | fix typos correct the header comment of efi_selftest_variables.c Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: delete handlesHeinrich Schuchardt2018-12-021-20/+61
| | | | | | | | | | | | | | | | | | When the last protocol interface has been uninstalled remove the handle. Adjust ReinstallProtocol so that it does not remove the handle. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_loader: implement EFI_RESET_SHUTDOWN at boot timeHeinrich Schuchardt2018-12-021-1/+3
| | | | | | | | | | | | | | | | | | Allow an EFI application to shut down the system. If EFI_RESET_SHUTDOWN is issued call do_poweroff(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: test handling of exceptionsHeinrich Schuchardt2018-12-022-0/+51
| | | | | | | | | | | | | | | | | | Test the handling of execptions by trying to execute an undefined instruction. For 32bit ARM we expect \selftest to be listed as loaded image. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
| * efi_selftest: simplify lib/efi_selftest/MakefileHeinrich Schuchardt2018-12-022-9/+3
| | | | | | | | | | | | | | | | | | | | We should not make anything in lib/efi_selftest if CONFIG_CMD_BOOTEFI_SELFTEST is not defined. We can make that test in lib/Makefile Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Alexander Graf <agraf@suse.de>
* | rsa: add support of padding pssPhilippe Reynes2018-12-032-0/+200
| | | | | | | | | | | | | | | | We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* | rsa: add a structure for the paddingPhilippe Reynes2018-12-032-23/+49
| | | | | | | | | | | | | | | | | | | | The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* | rsa: use new openssl API to create signaturePhilippe Reynes2018-12-031-6/+11
|/ | | | | | | | | | Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* tpm: Convert to use a device parameterSimon Glass2018-11-294-109/+112
| | | | | | | | | At present many TPM calls assume there is only one TPM in the system and look up this TPM themselves. This is inconsistent with driver model, which expects all driver methods to have a device parameter. Update the code to correct this. Signed-off-by: Simon Glass <sjg@chromium.org>
* tpm: Export the open/close functionsSimon Glass2018-11-291-18/+0
| | | | | | | | | | | At present these functions are not accessible outside the TPM library, but in some cases we need to call them. Export them in the header file and add a define for the SHA1 digest size. Also adjust tpm_open() to call tpm_close() first so that the TPM is in a known state before opening (e.g. by a previous phase of U-Boot). Signed-off-by: Simon Glass <sjg@chromium.org>
* string: Include the config headerSimon Glass2018-11-201-0/+1
| | | | | | | At present the config header is not included in this file, but it does use a CONFIG option. Fix it. Signed-off-by: Simon Glass <sjg@chromium.org>
* spl: lz4: Allow use of lz4 compression in SPLSimon Glass2018-11-202-1/+9
| | | | | | | | In some cases U-Boot is compressed and it is useful to be able to decompress it in SPL. Add a Kconfig and Makefile change to allow this. Note that this does not actually implement decompression. Signed-off-by: Simon Glass <sjg@chromium.org>
* fdt: Fix uncompress_blob() for U-Boot properMarek Vasut2018-11-201-1/+2
| | | | | | | | | | | | | | | | When U-Boot proper is compiled with CONFIG_MULTI_DTB_FIT and tries to call uncompress_blob(), it fails with -ENOTSUPP. This is because the full implementation of this function which includes compression is available only in SPL. In U-Boot proper or if the compression is not enabled, the blob is not compressed and thus can be passed to locate_dtb_in_fit() in fdtdec_setup() without any changes. Pass the blob without any changes if compression is not enabled instead of failing. Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Michal Simek <michal.simek@xilinx.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* fdt_region: Ensure that depth never goes below -1Konrad Beckmann2018-11-161-0/+3
| | | | | | | | | | | | | | | A specially crafted FIT image makes it possible to overflow the stack with controlled values when using the verified boot feature. Depending on the memory layout, this could be used to overwrite configuration variables on the heap and setting them to 0, e.g. disable signature verification, thus bypassing it. This change fixes a bug in fdt_find_regions where the fdt structure is parsed. A lower value than -1 of depth can lead to a buffer underflow write on the stack. Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>