summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* lib: add BLAKE2 hash supportQu Wenruo2022-01-184-0/+483
| | | | | | | | | | | | | | The code is cross-ported from BLAKE2 reference implementation (https://github.com/BLAKE2/BLAKE2). With minimal change to remove unused macros/features. Currently there is only one user inside U-boot (btrfs), and since it only utilize BLAKE2B, all other favors are all removed. Signed-off-by: Qu Wenruo <wqu@suse.com> [trini: Rename ROUND to R to avoid clash with <linux/bitops.h> Signed-off-by: Tom Rini <trini@konsulko.com>
* Merge tag 'efi-2022-04-rc1' of ↵Tom Rini2022-01-155-57/+163
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://source.denx.de/u-boot/custodians/u-boot-efi Pull request for efi-2022-04-rc1 Documentation: * Fix building HTML documentation of readthedocs.io * Add ARM Juno board documentation * Build requirements for Alpine Linux * Include DM headers in API documentation UEFI: * Fix section alignment of EFI binaries * Fix header length of RISC-V EFI binaries allowing to run them on EDK II * Remove kaslr-seed from device tree if the EFI_RNG_PROTOCOL is provided Other: * Let 'part list' show all 128 GPT partitions
| * efi: Support the efi command in the appSimon Glass2022-01-151-0/+33
| | | | | | | | | | | | | | | | At present the 'efi' command only works in the EFI payload. Update it to work in the app too, so the memory map can be examined. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * efi: Move exit_boot_services into a functionSimon Glass2022-01-153-55/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present this code is inline in the app and stub. But they do the same thing. The difference is that the stub does it immediately and the app doesn't want to do it until the end (when it boots a kernel) or not at all, if returning to UEFI. Move it into a function so it can be called as needed. Add a comment showing how to store the memory map so that it can be accessed within the app if needed, for debugging purposes only. The map can change without notice. Signed-off-by: Simon Glass <sjg@chromium.org>
| * efidebug: avoid 'dfu_alt_info not defined' messageHeinrich Schuchardt2022-01-151-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If variable dfu_alt_info is not defined duplicate messages are displayed. => efidebug boot dump Scanning disk mmc2.blk... Scanning disk mmc1.blk... Scanning disk mmc0.blk... Found 3 disks No EFI system partition "dfu_alt_info" env variable not defined! Probably dfu_alt_info not defined "dfu_alt_info" env variable not defined! Probably dfu_alt_info not defined Remove the 'Probably dfu_alt_info not defined' message. Instead write a warning if the variable contains no entities. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installedIlias Apalodimas2022-01-151-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen node. That would be problematic in case we want to measure the DTB we install in the configuration table, since it would change across reboots. The Linux kernel EFI-stub completely ignores it and only relies on EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization of the physical placement of the kernel). In fact it (blindly) overwrites the existing seed if the protocol is installed. However it still uses it for randomizing it's virtual placement. So let's get rid of it in the presence of the RNG protocol. It's worth noting that TPMs also provide an RNG. So if we tweak our EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device is present the 'kaslr-seed' property will always be removed, allowing us to reliably measure our DTB. Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
* | lib: Kconfig: fix PHANDLE_CHECK_SEQ position outside of menuEugen Hristev2022-01-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | CONFIG_PHANDLE_CHECK_SEQ is outside of the menu 'Library routines' thus it's invisible in menuconfig and cannot be selected. Fix this by moving the 'endmenu' after the PHANDLE_CHECK_SEQ definition Fixes: c589132a1d ("fdt: Use phandle to distinguish DT nodes with same name") Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com> Reviewed-by: Aswath Govindraju <a-govindraju@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* | lib: sparse: Make CHUNK_TYPE_RAW buffer alignedqianfan Zhao2022-01-141-8/+61
|/ | | | | | | | | | | | | | | CHUNK_TYPE_RAW buffer is not aligned, and flash sparse images by fastboot will report "Misaligned operation" if DCACHE is enabled. Flashing Sparse Image CACHE: Misaligned operation at range [84000028, 84001028] CACHE: Misaligned operation at range [84001034, 84002034] CACHE: Misaligned operation at range [8401104c, 8401304c] Fix it Signed-off-by: qianfan Zhao <qianfanguijin@163.com> Reviewed-by: Sean Anderson <sean.anderson@seco.com>
* Merge branch 'next'Tom Rini2022-01-108-87/+374
|\ | | | | | | Signed-off-by: Tom Rini <trini@konsulko.com>
| * Merge tag 'u-boot-amlogic-20220107' of ↵Tom Rini2022-01-093-0/+7
| |\ | | | | | | | | | | | | | | | | | | | | | https://source.denx.de/u-boot/custodians/u-boot-amlogic into next - disable CONFIG_NET_RANDOM_ETHADDR when unnecessary on amlogic based configs - meson64_android: add board specific env settings, in order to support VIM3/L for android - add changes to support VIM3/L android boot by using meson64_android.h config
| * | efi: Show when allocated pages are usedSimon Glass2021-12-311-1/+2
| | | | | | | | | | | | | | | | | | | | | Add a message here so that both paths of memory allocation are reported. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi: Check for failure when initing the appSimon Glass2021-12-311-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | The stub checks for failure with efi_init(). Add this for the app as well. It is unlikely that anything can be done, but we may as well stop. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi: Share struct efi_priv between the app and stub codeSimon Glass2021-12-313-22/+35
| | | | | | | | | | | | | | | | | | | | | | | | At present each of these has its own static variable and helper functions. Move them into a shared file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi: Add a few comments to the stubSimon Glass2021-12-311-0/+29
| | | | | | | | | | | | | | | | | | | | | Comment some functions that need more information. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi: Locate all block devices in the appSimon Glass2021-12-311-0/+198
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting the app, locate all block devices and make them available to U-Boot. This allows listing partitions and accessing files in filesystems. EFI also has the concept of 'disks', meaning boot media. For now, this is not obviously useful in U-Boot, but add code to at least locate these. This can be expanded later as needed. We cannot use printf() in the early stub or app since it is not compiled in Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi: Make unicode printf available to the appSimon Glass2021-12-312-6/+5
| | | | | | | | | | | | | | | | | | | | | This is needed to show unicode strings. Enable this code in the app. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | efi_loader: Don't limit the StMM buffer size explicitlyIlias Apalodimas2021-12-311-11/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we allow and explicitly check a single shared page with StandAloneMM. This is dictated by OP-TEE which runs the application. However there's no way for us dynamically discover the number of pages we are allowed to use. Since writing big EFI signature list variable requires more than a page, OP-TEE has bumped the number of shared pages to four. Let's remove our explicit check and allow the request to reach OP-TEE even if it's bigger than what it supports. There's no need to sanitize the number of pages internally. OP-TEE will fail if we try to write more than it's allowed. The error will just trigger later on, during the StMM access. While at it add an error message to help users figure out what failed. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
| * | Finish conversion of CONFIG_SYS_CLK_FREQ to KconfigTom Rini2021-12-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to finish moving this symbol to Kconfig for all platforms, we need to do a few more things. First, for all platforms that define this to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h. This entails also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk() and updating a few preprocessor tests. With that done, all platforms that define a value here can be converted to Kconfig, and a fall-back of zero is sufficiently safe to use (and what is used today in cases where code may or may not have this available). Make sure that code which calls this function includes <clock_legacy.h> to get the prototype. Signed-off-by: Tom Rini <trini@konsulko.com>
| * | fdt: Add a Kconfig for boards with a prior stageSimon Glass2021-12-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When U-Boot is started from another firmware program, not just a prior phase of U-Boot, special behaviour is typically used. In particular, the device tree may come from that prior stage. At present this is sort-of indicated by OF_BOARD, although the correlation is not 1:1, since that option simply means that the board has a custom mechanism for obtaining the device tree. For example, sandbox defines OF_BOARD. Also the board_fdt_blob_setup() function can in fact make use of the devicetree in U-Boot if it wishes, as used by dragonboard410c until very recently. Add an explicit Kconfig for this situation. Update the OF_BOARD option to more-accurately reflect what it is doing, e.g. for sandbox. Drop the docs in the README as it is out of date. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Report the devicetree sourceSimon Glass2021-12-231-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It can be confusing to figure out where the devicetree came from. It seems important enough to warrant a message during boot. Add information about the number of devices and uclasses too since it is helpful to have some idea what is going on with driver model. Report the devicetree source in bdinfo too. This looks something like this, with > marking the new line. U-Boot 2021.10-00190 (Oct 30 2021 - 09:01:29 -0600) DRAM: 128 MiB > Core: 42 devices, 11 uclasses, devicetree: passage Flash: 64 MiB Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Record where the devicetree came fromSimon Glass2021-12-231-5/+15
| | | | | | | | | | | | | | | | | | Keep track of where the devicetree came from, so we can report this later. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Don't call board_fdt_blob_setup() without OF_BOARDSimon Glass2021-12-231-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At present this override function is called even when OF_BOARD is not enabled. This makes it impossible to disable this feature and in fact makes the OF_BOARD option useless. Reinstate its intended purpose, so that it is possible to switch between the appended devicetree and one provided by the board's custom function. A follower patch adds warnings for this scenario, but for now we don't have a Kconfig that definitively tells us that OF_BOARD should be used. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Drop remaining preprocessor macros in fdtdec_setup()Simon Glass2021-12-231-9/+11
| | | | | | | | | | | | | | | | | | | | | We only have two choices for obtaining the devicetree. Simplify the code to make that clear. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Drop OF_CONTROL check in fdtdec_setup()Simon Glass2021-12-231-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function should only be called when OF_CONTROL is enabled. It fails in fdtdec_prepare_fdt() anyway, since gd->fdt_blob stays as NULL if OF_CONTROL is not enabled. Drop this useless check. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Use if() for fdtcontroladdr checkSimon Glass2021-12-231-5/+4
| | | | | | | | | | | | | | | | | | Change this to use if() instead of #if Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Drop #ifdef around board_fdt_blob_setup()Simon Glass2021-12-231-2/+0
| | | | | | | | | | | | | | | | | | This serves no purpose. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Drop CONFIG_SPL_BUILD check in fdtdec_setup()Simon Glass2021-12-231-5/+1
| | | | | | | | | | | | | | | | | | Move this to the header file to clean up the C code. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Drop #ifdefs with MULTI_DTB_FITSimon Glass2021-12-231-20/+11
| | | | | | | | | | | | | | | | | | Refactor the code to drop the #ifdefs for this feature. Signed-off-by: Simon Glass <sjg@chromium.org>
| * | fdt: Move MULTI_DTB_FIT handling out of fdtdec_setup()Simon Glass2021-12-231-24/+38
| | | | | | | | | | | | | | | | | | | | | | | | This logic is a bit convoluted for one function. Move the mulit-FIT part into its own function. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| * | Merge tag 'v2022.01-rc4' into nextTom Rini2021-12-208-104/+578
| |\ \ | | | | | | | | | | | | Prepare v2022.01-rc4
| * | | Convert CONFIG_PHYSMEM to KconfigSimon Glass2021-12-171-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This converts the following to Kconfig: CONFIG_PHYSMEM Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Sean Anderson <seanga2@gmail.com>
| * | | Merge tag 'v2022.01-rc3' into nextTom Rini2021-11-2911-109/+205
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Prepare v2022.01-rc3 Signed-off-by: Tom Rini <trini@konsulko.com>
| * | | | crypto: aspeed: Add AST2600 ACRY supportChia-Wei Wang2021-11-171-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
* | | | | lib/rsa: avoid -Wdiscarded-qualifiersHeinrich Schuchardt2022-01-101-1/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *. Our code drops the const qualifier leading to In file included from tools/lib/rsa/rsa-sign.c:1: ./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’: ./tools/../lib/rsa/rsa-sign.c:631:13: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] 631 | rsa = EVP_PKEY_get0_RSA(pkey); | ^ Add a type conversion. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | | | tools: avoid OpenSSL deprecation warningsHeinrich Schuchardt2021-12-263-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our Gitlab CI buildsystem is set up to treat warnings as errors. With OpenSSL 3.0 a lot of deprecation warnings occur. With the patch compatibility with OpenSSL 1.1.1 is declared. In the long run we should upgrade our code to use the current API. A -Wdiscarded-qualifiers warning is muted by casting. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | | | efi_loader: Don't limit the StMM buffer size explicitlyIlias Apalodimas2021-12-261-11/+5
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we allow and explicitly check a single shared page with StandAloneMM. This is dictated by OP-TEE which runs the application. However there's no way for us dynamically discover the number of pages we are allowed to use. Since writing big EFI signature list variable requires more than a page, OP-TEE has bumped the number of shared pages to four. Let's remove our explicit check and allow the request to reach OP-TEE even if it's bigger than what it supports. There's no need to sanitize the number of pages internally. OP-TEE will fail if we try to write more than it's allowed. The error will just trigger later on, during the StMM access. While at it add an error message to help users figure out what failed. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
* | | efi: Rename UCLASS_EFI and IF_TYPE_EFISimon Glass2021-12-092-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | These names are better used for access to devices provided by an EFI layer. Use EFI_LOADER instead here, since these are only available in U-Boot's EFI_LOADER layer. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | | efi_loader: correctly handle no tpm device errorMasahisa Kojima2021-12-093-8/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the TCG2 protocol is installed in efi_tcg2_register(), TPM2 device must be present. tcg2_measure_pe_image() expects that TCP2 protocol is installed and TPM device is available. If TCG2 Protocol is installed but TPM device is not found, tcg2_measure_pe_image() returns EFI_SECURITY_VIOLATION and efi_load_image() ends with failure. The same error handling is applied to efi_tcg2_measure_efi_app_invocation(). Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | | efi_loader: check tcg2 protocol installation outside the TCG protocolMasahisa Kojima2021-12-091-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are functions that calls tcg2_agile_log_append() outside of the TCG protocol invocation (e.g tcg2_measure_pe_image). These functions must to check that TCG2 protocol is installed. If not, measurement shall be skipped. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | | efi_loader: efi_tcg2_register returns appropriate errorMasahisa Kojima2021-12-093-18/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit modify efi_tcg2_register() to return the appropriate error. With this fix, sandbox will not boot because efi_tcg2_register() fails due to some missing feature in GetCapabilities. So disable sandbox if EFI_TCG2_PROTOCOL is enabled. UEFI secure boot variable measurement is not directly related to TCG2 protocol installation, tcg2_measure_secure_boot_variable() is moved to the separate function. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | | efi_loader: Extend PCR's for firmware measurementsRuchika Gupta2021-11-301-0/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firmwares before U-Boot may be capable of doing tpm measurements and passing them to U-Boot in the form of eventlog. However there may be scenarios where the firmwares don't have TPM driver and are not capable of extending the measurements in the PCRs. Based on TCG spec, if previous firnware has extended PCR's, PCR0 would not be 0. So, read the PCR0 to determine if the PCR's need to be extended as eventlog is parsed or not. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | | tpm: use more algorithms than sha256 on pcr_readRuchika Gupta2021-11-301-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | The current tpm2_pcr_read is hardcoded using SHA256. Make the actual command to TPM configurable to use wider range of algorithms. The current command line is kept as is i.e limited to SHA-256 only. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | | efi_loader: Add check for event log passed from firmwareRuchika Gupta2021-11-301-69/+400
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Platforms may have support to measure their initial firmware components and pass the event log to u-boot. The event log address can be passed in property tpm_event_log_addr and tpm_event_log_size of the tpm node. Platforms may choose their own specific mechanism to do so. A weak function is added to check if even log has been passed to u-boot from earlier firmware components. If available, the eventlog is parsed to check for its correctness and further event logs are appended to the passed log. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | efi_selftest: simplify endian conversion for FDT testHeinrich Schuchardt2021-11-261-7/+8
| | | | | | | | | | | | | | | | UEFI code is always little-endian. Remove a superfluous test. Remove a superfluous type conversion. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | efi_loader: segfault in efi_clear_os_indications()Heinrich Schuchardt2021-11-262-50/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we call efi_clear_os_indications() before initializing the memory store for UEFI variables a NULL pointer dereference occurs. The error was observed on the sandbox with: usb start host bind 0 sandbox.img load host 0:1 $kernel_addr_r helloworld.efi bootefi $kernel_addr_r Here efi_resister_disk() failed due to an error in the BTRFS implementation. Move the logic to clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED to the rest of the capsule code. If CONFIG_EFI_IGNORE_OSINDICATIONS=y, we should still clear the flag. If OsIndications does not exist, we should not create it as it is owned by the operating system. Fixes: 149108a3eb59 ("efi_loader: clear OsIndications") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | efi_loader: efi_disk_register() should not failHeinrich Schuchardt2021-11-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | Our algorithm for creating USB device paths may lead to duplicate device paths which result in efi_disk_register() failing. Instead we should just skip devices that cannot be registered as EFI block devices. Fix a memory leak in efi_disk_add_dev() caused by the duplicate device path. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | efi: Call bootm_disable_interrupts earlier in efi_exit_boot_servicesTom Rini2021-11-261-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we look at the path that bootm/booti take when preparing to boot the OS, we see that as part of (or prior to calling do_bootm_states, explicitly) the process, bootm_disable_interrupts() is called prior to announce_and_cleanup() which is where udc_disconnect() / board_quiesce_devices() / dm_remove_devices_flags() are called from. In the EFI path, these are called afterwards. In efi_exit_boot_services() however we have been calling bootm_disable_interrupts() after the above functions, as part of ensuring that we disable interrupts as required by the spec. However, bootm_disable_interrupts() is also where we go and call usb_stop(). While this has been fine before, on the TI J721E platform this leads us to an exception. This exception seems likely to be the case that we're trying to stop devices that we have already disabled clocks for. The most direct way to handle this particular problem is to make EFI behave like the do_bootm_states() process and ensure we call bootm_disable_interrupts() prior to ending up in usb_stop(). Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Simon Glass <sjg@chromium.org> Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | efi_loader: startup the tpm device when installing the protocolIlias Apalodimas2021-11-201-0/+9
| | | | | | | | | | | | | | | | | | | | Due to U-Boot's lazy binding mentality the TPM is probed but not properly initialized. The user can startup the device from the command line e.g 'tpm2 startup TPM2_SU_CLEAR'. However we can initialize the TPM during the TCG protocol installation, which is easier to use overall. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | efi_loader: fix FinalEvents table if an EFI app invoked GetEventLogIlias Apalodimas2021-11-201-29/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As described in the TCG spec [1] in sections 7.1.1 and 7.1.2 the FinalEvent table should include events after GetEventLog has been called. This currently works for us as long as the kernel is the only EFI application calling that. Specifically we only implement what's described in 7.1.1. So refactor the code a bit and support EFI application(s) calling GetEventLog. Events will now be logged in both the EventLog and FinalEvent table as long as ExitBootServices haven't been invoked. [1] https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* | efi_selftest: unit test for EFI_GROUP_BEFORE_EXIT_BOOT_SERVICEHeinrich Schuchardt2021-11-201-11/+56
| | | | | | | | | | | | Add a test for the EFI_GROUP_BEFORE_EXIT_BOOT_SERVICE event group. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>