18 files changed, 171 insertions, 214 deletions

diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
index 1fe19237f9a..8c04ecbdc83 100644
--- a/lib/efi_loader/efi_bootmgr.c
+++ b/lib/efi_loader/efi_bootmgr.c
@@ -46,8 +46,8 @@ static efi_status_t try_load_entry(u16 n, efi_handle_t *handle,
 				   void **load_options)
 {
 	struct efi_load_option lo;
-	u16 varname[] = L"Boot0000";
-	u16 hexmap[] = L"0123456789ABCDEF";
+	u16 varname[] = u"Boot0000";
+	u16 hexmap[] = u"0123456789ABCDEF";
 	void *load_option;
 	efi_uintn_t size;
 	efi_status_t ret;
@@ -83,7 +83,7 @@ static efi_status_t try_load_entry(u16 n, efi_handle_t *handle,
 
 		attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
 			     EFI_VARIABLE_RUNTIME_ACCESS;
-		ret = efi_set_variable_int(L"BootCurrent",
+		ret = efi_set_variable_int(u"BootCurrent",
 					   &efi_global_variable_guid,
 					   attributes, sizeof(n), &n, false);
 		if (ret != EFI_SUCCESS)
@@ -149,7 +149,7 @@ efi_status_t efi_bootmgr_load(efi_handle_t *handle, void **load_options)
 
 	/* BootNext */
 	size = sizeof(bootnext);
-	ret = efi_get_variable_int(L"BootNext",
+	ret = efi_get_variable_int(u"BootNext",
 				   &efi_global_variable_guid,
 				   NULL, &size, &bootnext, NULL);
 	if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
@@ -158,7 +158,7 @@ efi_status_t efi_bootmgr_load(efi_handle_t *handle, void **load_options)
 			log_err("BootNext must be 16-bit integer\n");
 
 		/* delete BootNext */
-		ret = efi_set_variable_int(L"BootNext",
+		ret = efi_set_variable_int(u"BootNext",
 					   &efi_global_variable_guid,
 					   0, 0, NULL, false);
 
@@ -178,7 +178,7 @@ efi_status_t efi_bootmgr_load(efi_handle_t *handle, void **load_options)
 	}
 
 	/* BootOrder */
-	bootorder = efi_get_var(L"BootOrder", &efi_global_variable_guid, &size);
+	bootorder = efi_get_var(u"BootOrder", &efi_global_variable_guid, &size);
 	if (!bootorder) {
 		log_info("BootOrder not defined\n");
 		ret = EFI_NOT_FOUND;
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 37b9c68b6e9..82128ac1d5c 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -467,7 +467,7 @@ static efi_status_t EFIAPI efi_allocate_pool_ext(int pool_type,
 {
 	efi_status_t r;
 
-	EFI_ENTRY("%d, %zd, %p", pool_type, size, buffer);
+	EFI_ENTRY("%d, %zu, %p", pool_type, size, buffer);
 	r = efi_allocate_pool(pool_type, size, buffer);
 	return EFI_EXIT(r);
 }
@@ -914,7 +914,7 @@ static efi_status_t EFIAPI efi_wait_for_event(efi_uintn_t num_events,
 {
 	int i;
 
-	EFI_ENTRY("%zd, %p, %p", num_events, event, index);
+	EFI_ENTRY("%zu, %p, %p", num_events, event, index);
 
 	/* Check parameters */
 	if (!num_events || !event)
@@ -2028,7 +2028,7 @@ efi_status_t EFIAPI efi_load_image(bool boot_policy,
 	efi_status_t ret;
 	void *dest_buffer;
 
-	EFI_ENTRY("%d, %p, %pD, %p, %zd, %p", boot_policy, parent_image,
+	EFI_ENTRY("%d, %p, %pD, %p, %zu, %p", boot_policy, parent_image,
 		  file_path, source_buffer, source_size, image_handle);
 
 	if (!image_handle || (!source_buffer && !file_path) ||
@@ -3778,7 +3778,7 @@ static struct efi_boot_services efi_boot_services = {
 	.create_event_ex = efi_create_event_ex,
 };
 
-static u16 __efi_runtime_data firmware_vendor[] = L"Das U-Boot";
+static u16 __efi_runtime_data firmware_vendor[] = u"Das U-Boot";
 
 struct efi_system_table __efi_runtime_data systab = {
 	.hdr = {
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 4463ae00fd0..613b531b825 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -14,6 +14,7 @@
 #include <env.h>
 #include <fdtdec.h>
 #include <fs.h>
+#include <hang.h>
 #include <malloc.h>
 #include <mapmem.h>
 #include <sort.h>
@@ -56,10 +57,10 @@ static __maybe_unused unsigned int get_last_capsule(void)
 	int i;
 
 	size = sizeof(value16);
-	ret = efi_get_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
+	ret = efi_get_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
 				   NULL, &size, value16, NULL);
 	if (ret != EFI_SUCCESS || size != 22 ||
-	    u16_strncmp(value16, L"Capsule", 7))
+	    u16_strncmp(value16, u"Capsule", 7))
 		goto err;
 	for (i = 0; i < 4; ++i) {
 		u16 c = value16[i + 7];
@@ -113,14 +114,14 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule,
 	}
 
 	/* Variable CapsuleLast must not include terminating 0x0000 */
-	ret = efi_set_variable_int(L"CapsuleLast", &efi_guid_capsule_report,
+	ret = efi_set_variable_int(u"CapsuleLast", &efi_guid_capsule_report,
 				   EFI_VARIABLE_READ_ONLY |
 				   EFI_VARIABLE_NON_VOLATILE |
 				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
 				   EFI_VARIABLE_RUNTIME_ACCESS,
 				   22, variable_name16, false);
 	if (ret != EFI_SUCCESS)
-		log_err("Setting %ls failed\n", L"CapsuleLast");
+		log_err("Setting %ls failed\n", u"CapsuleLast");
 }
 
 #ifdef CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT
@@ -707,7 +708,7 @@ static efi_status_t find_boot_device(void)
 	/* find active boot device in BootNext */
 	bootnext = 0;
 	size = sizeof(bootnext);
-	ret = efi_get_variable_int(L"BootNext",
+	ret = efi_get_variable_int(u"BootNext",
 				   (efi_guid_t *)&efi_global_variable_guid,
 				   NULL, &size, &bootnext, NULL);
 	if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
@@ -734,7 +735,7 @@ static efi_status_t find_boot_device(void)
 skip:
 	/* find active boot device in BootOrder */
 	size = 0;
-	ret = efi_get_variable_int(L"BootOrder", &efi_global_variable_guid,
+	ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid,
 				   NULL, &size, NULL, NULL);
 	if (ret == EFI_BUFFER_TOO_SMALL) {
 		boot_order = malloc(size);
@@ -743,7 +744,7 @@ skip:
 			goto out;
 		}
 
-		ret = efi_get_variable_int(L"BootOrder",
+		ret = efi_get_variable_int(u"BootOrder",
 					   &efi_global_variable_guid,
 					   NULL, &size, boot_order, NULL);
 	}
@@ -875,8 +876,8 @@ static efi_status_t efi_capsule_scan_dir(u16 ***files, unsigned int *num)
 			break;
 
 		if (!(dirent->attribute & EFI_FILE_DIRECTORY) &&
-		    u16_strcmp(dirent->file_name, L".") &&
-		    u16_strcmp(dirent->file_name, L".."))
+		    u16_strcmp(dirent->file_name, u".") &&
+		    u16_strcmp(dirent->file_name, u".."))
 			tmp_files[count++] = u16_strdup(dirent->file_name);
 	}
 	/* ignore an error */
@@ -1052,7 +1053,7 @@ static efi_status_t check_run_capsules(void)
 	efi_status_t r;
 
 	size = sizeof(os_indications);
-	r = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid,
+	r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid,
 				 NULL, &size, &os_indications, NULL);
 	if (r != EFI_SUCCESS || size != sizeof(os_indications))
 		return EFI_NOT_FOUND;
@@ -1061,7 +1062,7 @@ static efi_status_t check_run_capsules(void)
 	    EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) {
 		os_indications &=
 			~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED;
-		r = efi_set_variable_int(L"OsIndications",
+		r = efi_set_variable_int(u"OsIndications",
 					 &efi_global_variable_guid,
 					 EFI_VARIABLE_NON_VOLATILE |
 					 EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -1118,10 +1119,13 @@ efi_status_t efi_launch_capsules(void)
 			index = 0;
 		ret = efi_capsule_read_file(files[i], &capsule);
 		if (ret == EFI_SUCCESS) {
-			ret = EFI_CALL(efi_update_capsule(&capsule, 1, 0));
+			ret = efi_capsule_update_firmware(capsule);
 			if (ret != EFI_SUCCESS)
-				log_err("Applying capsule %ls failed\n",
+				log_err("Applying capsule %ls failed.\n",
 					files[i]);
+			else
+				log_info("Applying capsule %ls succeeded.\n",
+					 files[i]);
 
 			/* create CapsuleXXXX */
 			set_capsule_result(index, capsule, ret);
@@ -1142,6 +1146,16 @@ efi_status_t efi_launch_capsules(void)
 		free(files[i]);
 	free(files);
 
-	return ret;
+	/*
+	 * UEFI spec requires to reset system after complete processing capsule
+	 * update on the storage.
+	 */
+	log_info("Reboot after firmware update");
+	/* Cold reset is required for loading the new firmware. */
+	do_reset(NULL, 0, 0, NULL);
+	hang();
+	/* not reach here */
+
+	return 0;
 }
 #endif /* CONFIG_EFI_CAPSULE_ON_DISK */
diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c
index 3b012e1a669..ba68a150172 100644
--- a/lib/efi_loader/efi_console.c
+++ b/lib/efi_loader/efi_console.c
@@ -25,6 +25,8 @@ struct cout_mode {
 	int present;
 };
 
+__maybe_unused static struct efi_object uart_obj;
+
 static struct cout_mode efi_cout_modes[] = {
 	/* EFI Mode 0 is 80x25 and always present */
 	{
@@ -1258,37 +1260,33 @@ static void EFIAPI efi_key_notify(struct efi_event *event, void *context)
 efi_status_t efi_console_register(void)
 {
 	efi_status_t r;
-	efi_handle_t console_output_handle;
-	efi_handle_t console_input_handle;
+	struct efi_device_path *dp;
 
 	/* Set up mode information */
 	query_console_size();
 
-	/* Create handles */
-	r = efi_create_handle(&console_output_handle);
-	if (r != EFI_SUCCESS)
-		goto out_of_memory;
-
-	r = efi_add_protocol(console_output_handle,
-			     &efi_guid_text_output_protocol, &efi_con_out);
-	if (r != EFI_SUCCESS)
-		goto out_of_memory;
-	systab.con_out_handle = console_output_handle;
-	systab.stderr_handle = console_output_handle;
-
-	r = efi_create_handle(&console_input_handle);
-	if (r != EFI_SUCCESS)
-		goto out_of_memory;
-
-	r = efi_add_protocol(console_input_handle,
-			     &efi_guid_text_input_protocol, &efi_con_in);
-	if (r != EFI_SUCCESS)
-		goto out_of_memory;
-	systab.con_in_handle = console_input_handle;
-	r = efi_add_protocol(console_input_handle,
-			     &efi_guid_text_input_ex_protocol, &efi_con_in_ex);
-	if (r != EFI_SUCCESS)
-		goto out_of_memory;
+	/* Install protocols on root node */
+	r = EFI_CALL(efi_install_multiple_protocol_interfaces
+		     (&efi_root,
+		      &efi_guid_text_output_protocol, &efi_con_out,
+		      &efi_guid_text_input_protocol, &efi_con_in,
+		      &efi_guid_text_input_ex_protocol, &efi_con_in_ex,
+		      NULL));
+
+	/* Create console node and install device path protocols */
+	if (CONFIG_IS_ENABLED(DM_SERIAL)) {
+		dp = efi_dp_from_uart();
+		if (!dp)
+			goto out_of_memory;
+
+		/* Hook UART up to the device list */
+		efi_add_handle(&uart_obj);
+
+		/* Install device path */
+		r = efi_add_protocol(&uart_obj, &efi_guid_device_path, dp);
+		if (r != EFI_SUCCESS)
+			goto out_of_memory;
+	}
 
 	/* Create console events */
 	r = efi_create_event(EVT_NOTIFY_WAIT, TPL_CALLBACK, efi_key_notify,
diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c
index c61f4859330..dc787b4d3dd 100644
--- a/lib/efi_loader/efi_device_path.c
+++ b/lib/efi_loader/efi_device_path.c
@@ -494,7 +494,7 @@ __maybe_unused static unsigned int dp_size(struct udevice *dev)
 	if (!dev || !dev->driver)
 		return sizeof(ROOT);
 
-	switch (dev->driver->id) {
+	switch (device_get_uclass_id(dev)) {
 	case UCLASS_ROOT:
 	case UCLASS_SIMPLE_BUS:
 		/* stop traversing parents at this point: */
@@ -579,7 +579,7 @@ __maybe_unused static void *dp_fill(void *buf, struct udevice *dev)
 	if (!dev || !dev->driver)
 		return buf;
 
-	switch (dev->driver->id) {
+	switch (device_get_uclass_id(dev)) {
 	case UCLASS_ROOT:
 	case UCLASS_SIMPLE_BUS: {
 		/* stop traversing parents at this point: */
@@ -759,9 +759,9 @@ __maybe_unused static void *dp_fill(void *buf, struct udevice *dev)
 		return &udp[1];
 	}
 	default:
-		debug("%s(%u) %s: unhandled device class: %s (%u)\n",
-		      __FILE__, __LINE__, __func__,
-		      dev->name, dev->driver->id);
+		/* If the uclass driver is missing, this will show NULL */
+		log_debug("unhandled device class: %s (%s)\n", dev->name,
+			  dev_get_uclass_name(dev));
 		return dp_fill(buf, dev->parent);
 	}
 }
@@ -769,13 +769,8 @@ __maybe_unused static void *dp_fill(void *buf, struct udevice *dev)
 static unsigned dp_part_size(struct blk_desc *desc, int part)
 {
 	unsigned dpsize;
-	struct udevice *dev;
-	int ret;
+	struct udevice *dev = desc->bdev;
 
-	ret = blk_find_device(desc->if_type, desc->devnum, &dev);
-
-	if (ret)
-		dev = desc->bdev->parent;
 	dpsize = dp_size(dev);
 
 	if (part == 0) /* the actual disk, not a partition */
@@ -866,13 +861,8 @@ static void *dp_part_node(void *buf, struct blk_desc *desc, int part)
  */
 static void *dp_part_fill(void *buf, struct blk_desc *desc, int part)
 {
-	struct udevice *dev;
-	int ret;
-
-	ret = blk_find_device(desc->if_type, desc->devnum, &dev);
+	struct udevice *dev = desc->bdev;
 
-	if (ret)
-		dev = desc->bdev->parent;
 	buf = dp_fill(buf, dev);
 
 	if (part == 0) /* the actual disk, not a partition */
diff --git a/lib/efi_loader/efi_device_path_to_text.c b/lib/efi_loader/efi_device_path_to_text.c
index d8a83c88493..4d73954ef89 100644
--- a/lib/efi_loader/efi_device_path_to_text.c
+++ b/lib/efi_loader/efi_device_path_to_text.c
@@ -8,6 +8,7 @@
 #include <common.h>
 #include <blk.h>
 #include <efi_loader.h>
+#include <malloc.h>
 
 #define MAC_OUTPUT_LEN 22
 #define UNKNOWN_OUTPUT_LEN 23
@@ -121,16 +122,26 @@ static char *dp_msging(char *s, struct efi_device_path *dp)
 	case DEVICE_PATH_SUB_TYPE_MSG_UART: {
 		struct efi_device_path_uart *uart =
 			(struct efi_device_path_uart *)dp;
-		s += sprintf(s, "Uart(%lld,%d,%d,", uart->baud_rate,
-			     uart->data_bits, uart->parity);
-		switch (uart->stop_bits) {
-		case 2:
-			s += sprintf(s, "1.5)");
-			break;
-		default:
+		const char parity_str[6] = {'D', 'N', 'E', 'O', 'M', 'S'};
+		const char *stop_bits_str[4] = { "D", "1", "1.5", "2" };
+
+		s += sprintf(s, "Uart(%lld,%d,", uart->baud_rate,
+			     uart->data_bits);
+
+		/*
+		 * Parity and stop bits can either both use keywords or both use
+		 * numbers but numbers and keywords should not be mixed. Let's
+		 * go for keywords as this is what EDK II does. For illegal
+		 * values fall back to numbers.
+		 */
+		if (uart->parity < 6)
+			s += sprintf(s, "%c,", parity_str[uart->parity]);
+		else
+			s += sprintf(s, "%d,", uart->parity);
+		if (uart->stop_bits < 4)
+			s += sprintf(s, "%s)", stop_bits_str[uart->stop_bits]);
+		else
 			s += sprintf(s, "%d)", uart->stop_bits);
-			break;
-		}
 		break;
 	}
 	case DEVICE_PATH_SUB_TYPE_MSG_USB: {
@@ -292,10 +303,18 @@ static char *dp_media(char *s, struct efi_device_path *dp)
 	case DEVICE_PATH_SUB_TYPE_FILE_PATH: {
 		struct efi_device_path_file_path *fp =
 			(struct efi_device_path_file_path *)dp;
-		int slen = (dp->length - sizeof(*dp)) / 2;
-		if (slen > MAX_NODE_LEN - 2)
-			slen = MAX_NODE_LEN - 2;
-		s += sprintf(s, "%-.*ls", slen, fp->str);
+		u16 *buffer;
+		int slen = dp->length - sizeof(*dp);
+
+		/* two bytes for \0, extra byte if dp->length is odd */
+		buffer = calloc(1, slen + 3);
+		if (!buffer) {
+			log_err("Out of memory\n");
+			return s;
+		}
+		memcpy(buffer, fp->str, dp->length - sizeof(*dp));
+		s += snprintf(s, MAX_NODE_LEN - 1, "%ls", buffer);
+		free(buffer);
 		break;
 	}
 	default:
diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
index 519a47267ca..a5ff32f121f 100644
--- a/lib/efi_loader/efi_firmware.c
+++ b/lib/efi_loader/efi_firmware.c
@@ -302,7 +302,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image(
 	efi_status_t (*progress)(efi_uintn_t completion),
 	u16 **abort_reason)
 {
-	EFI_ENTRY("%p %d %p %zd %p %p %p\n", this, image_index, image,
+	EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image,
 		  image_size, vendor_code, progress, abort_reason);
 
 	if (!image || image_index != 1)
@@ -417,7 +417,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image(
 	efi_status_t status;
 	efi_uintn_t capsule_payload_size;
 
-	EFI_ENTRY("%p %d %p %zd %p %p %p\n", this, image_index, image,
+	EFI_ENTRY("%p %d %p %zu %p %p %p\n", this, image_index, image,
 		  image_size, vendor_code, progress, abort_reason);
 
 	if (!image)
diff --git a/lib/efi_loader/efi_helper.c b/lib/efi_loader/efi_helper.c
index b80a6e07dff..802d39ed97b 100644
--- a/lib/efi_loader/efi_helper.c
+++ b/lib/efi_loader/efi_helper.c
@@ -36,7 +36,7 @@ static efi_status_t efi_create_current_boot_var(u16 var_name[],
 	u16 *pos;
 
 	boot_current_size = sizeof(boot_current);
-	ret = efi_get_variable_int(L"BootCurrent",
+	ret = efi_get_variable_int(u"BootCurrent",
 				   &efi_global_variable_guid, NULL,
 				   &boot_current_size, &boot_current, NULL);
 	if (ret != EFI_SUCCESS)
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index f43dfb3d57e..5df35939f70 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -517,53 +517,6 @@ err:
 
 #ifdef CONFIG_EFI_SECURE_BOOT
 /**
- * efi_image_unsigned_authenticate() - authenticate unsigned image with
- * SHA256 hash
- * @regs:	List of regions to be verified
- *
- * If an image is not signed, it doesn't have a signature. In this case,
- * its message digest is calculated and it will be compared with one of
- * hash values stored in signature databases.
- *
- * Return:	true if authenticated, false if not
- */
-static bool efi_image_unsigned_authenticate(struct efi_image_regions *regs)
-{
-	struct efi_signature_store *db = NULL, *dbx = NULL;
-	bool ret = false;
-
-	dbx = efi_sigstore_parse_sigdb(L"dbx");
-	if (!dbx) {
-		EFI_PRINT("Getting signature database(dbx) failed\n");
-		goto out;
-	}
-
-	db = efi_sigstore_parse_sigdb(L"db");
-	if (!db) {
-		EFI_PRINT("Getting signature database(db) failed\n");
-		goto out;
-	}
-
-	/* try black-list first */
-	if (efi_signature_lookup_digest(regs, dbx, true)) {
-		EFI_PRINT("Image is not signed and its digest found in \"dbx\"\n");
-		goto out;
-	}
-
-	/* try white-list */
-	if (efi_signature_lookup_digest(regs, db, false))
-		ret = true;
-	else
-		EFI_PRINT("Image is not signed and its digest not found in \"db\" or \"dbx\"\n");
-
-out:
-	efi_sigstore_free(db);
-	efi_sigstore_free(dbx);
-
-	return ret;
-}
-
-/**
  * efi_image_authenticate() - verify a signature of signed image
  * @efi:	Pointer to image
  * @efi_size:	Size of @efi
@@ -608,34 +561,27 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 	if (!efi_image_parse(new_efi, efi_size, &regs, &wincerts,
 			     &wincerts_len)) {
 		EFI_PRINT("Parsing PE executable image failed\n");
-		goto err;
-	}
-
-	if (!wincerts) {
-		/* The image is not signed */
-		ret = efi_image_unsigned_authenticate(regs);
-
-		goto err;
+		goto out;
 	}
 
 	/*
 	 * verify signature using db and dbx
 	 */
-	db = efi_sigstore_parse_sigdb(L"db");
+	db = efi_sigstore_parse_sigdb(u"db");
 	if (!db) {
 		EFI_PRINT("Getting signature database(db) failed\n");
-		goto err;
+		goto out;
 	}
 
-	dbx = efi_sigstore_parse_sigdb(L"dbx");
+	dbx = efi_sigstore_parse_sigdb(u"dbx");
 	if (!dbx) {
 		EFI_PRINT("Getting signature database(dbx) failed\n");
-		goto err;
+		goto out;
 	}
 
 	if (efi_signature_lookup_digest(regs, dbx, true)) {
 		EFI_PRINT("Image's digest was found in \"dbx\"\n");
-		goto err;
+		goto out;
 	}
 
 	/*
@@ -678,7 +624,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 			if (guidcmp(auth, &efi_guid_cert_type_pkcs7)) {
 				EFI_PRINT("Certificate type not supported: %pUs\n",
 					  auth);
-				continue;
+				ret = false;
+				goto out;
 			}
 
 			auth += sizeof(efi_guid_t);
@@ -686,7 +633,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 		} else if (wincert->wCertificateType
 				!= WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
 			EFI_PRINT("Certificate type not supported\n");
-			continue;
+			ret = false;
+			goto out;
 		}
 
 		msg = pkcs7_parse_message(auth, auth_size);
@@ -717,32 +665,32 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 		 */
 		/* try black-list first */
 		if (efi_signature_verify_one(regs, msg, dbx)) {
+			ret = false;
 			EFI_PRINT("Signature was rejected by \"dbx\"\n");
-			continue;
+			goto out;
 		}
 
 		if (!efi_signature_check_signers(msg, dbx)) {
+			ret = false;
 			EFI_PRINT("Signer(s) in \"dbx\"\n");
-			continue;
+			goto out;
 		}
 
 		/* try white-list */
 		if (efi_signature_verify(regs, msg, db, dbx)) {
 			ret = true;
-			break;
+			continue;
 		}
 
 		EFI_PRINT("Signature was not verified by \"db\"\n");
+	}
 
-		if (efi_signature_lookup_digest(regs, db, false)) {
-			ret = true;
-			break;
-		}
 
-		EFI_PRINT("Image's digest was not found in \"db\" or \"dbx\"\n");
-	}
+	/* last resort try the image sha256 hash in db */
+	if (!ret && efi_signature_lookup_digest(regs, db, false))
+		ret = true;
 
-err:
+out:
 	efi_sigstore_free(db);
 	efi_sigstore_free(dbx);
 	pkcs7_free_message(msg);
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 380adc15c88..eee54e48784 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -43,7 +43,7 @@ static efi_status_t efi_init_platform_lang(void)
 	 * Variable PlatformLangCodes defines the language codes that the
 	 * machine can support.
 	 */
-	ret = efi_set_variable_int(L"PlatformLangCodes",
+	ret = efi_set_variable_int(u"PlatformLangCodes",
 				   &efi_global_variable_guid,
 				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
 				   EFI_VARIABLE_RUNTIME_ACCESS |
@@ -57,7 +57,7 @@ static efi_status_t efi_init_platform_lang(void)
 	 * Variable PlatformLang defines the language that the machine has been
 	 * configured for.
 	 */
-	ret = efi_get_variable_int(L"PlatformLang",
+	ret = efi_get_variable_int(u"PlatformLang",
 				   &efi_global_variable_guid,
 				   NULL, &data_size, &pos, NULL);
 	if (ret == EFI_BUFFER_TOO_SMALL) {
@@ -74,7 +74,7 @@ static efi_status_t efi_init_platform_lang(void)
 	if (pos)
 		*pos = 0;
 
-	ret = efi_set_variable_int(L"PlatformLang",
+	ret = efi_set_variable_int(u"PlatformLang",
 				   &efi_global_variable_guid,
 				   EFI_VARIABLE_NON_VOLATILE |
 				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -100,7 +100,7 @@ static efi_status_t efi_init_secure_boot(void)
 	};
 	efi_status_t ret;
 
-	ret = efi_set_variable_int(L"SignatureSupport",
+	ret = efi_set_variable_int(u"SignatureSupport",
 				   &efi_global_variable_guid,
 				   EFI_VARIABLE_READ_ONLY |
 				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -129,12 +129,12 @@ static efi_status_t efi_init_capsule(void)
 	efi_status_t ret = EFI_SUCCESS;
 
 	if (IS_ENABLED(CONFIG_EFI_HAVE_CAPSULE_UPDATE)) {
-		ret = efi_set_variable_int(L"CapsuleMax",
+		ret = efi_set_variable_int(u"CapsuleMax",
 					   &efi_guid_capsule_report,
 					   EFI_VARIABLE_READ_ONLY |
 					   EFI_VARIABLE_BOOTSERVICE_ACCESS |
 					   EFI_VARIABLE_RUNTIME_ACCESS,
-					   22, L"CapsuleFFFF", false);
+					   22, u"CapsuleFFFF", false);
 		if (ret != EFI_SUCCESS)
 			printf("EFI: cannot initialize CapsuleMax variable\n");
 	}
@@ -165,7 +165,7 @@ static efi_status_t efi_init_os_indications(void)
 		os_indications_supported |=
 			EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED;
 
-	return efi_set_variable_int(L"OsIndicationsSupported",
+	return efi_set_variable_int(u"OsIndicationsSupported",
 				    &efi_global_variable_guid,
 				    EFI_VARIABLE_BOOTSERVICE_ACCESS |
 				    EFI_VARIABLE_RUNTIME_ACCESS |
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 1bd1fdc95fc..79ed077ae7d 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -518,12 +518,11 @@ bool efi_signature_verify(struct efi_image_regions *regs,
 			goto out;
 
 		EFI_PRINT("Verifying last certificate in chain\n");
-		if (signer->self_signed) {
-			if (efi_lookup_certificate(signer, db))
-				if (efi_signature_check_revocation(sinfo,
-								   signer, dbx))
-					break;
-		} else if (efi_verify_certificate(signer, db, &root)) {
+		if (efi_lookup_certificate(signer, db))
+			if (efi_signature_check_revocation(sinfo, signer, dbx))
+				break;
+		if (!signer->self_signed &&
+		    efi_verify_certificate(signer, db, &root)) {
 			bool check;
 
 			check = efi_signature_check_revocation(sinfo, root,
diff --git a/lib/efi_loader/efi_string.c b/lib/efi_loader/efi_string.c
index a3b8edf5a80..8bf1e493b89 100644
--- a/lib/efi_loader/efi_string.c
+++ b/lib/efi_loader/efi_string.c
@@ -16,7 +16,7 @@
  * @index:	Index
  *
  * Create a utf-16 string with @name, appending @index.
- * For example, L"Capsule0001"
+ * For example, u"Capsule0001"
  *
  * The caller must ensure that the buffer has enough space for the resulting
  * string including the trailing L'\0'.
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 0ae07ef0839..99ec3a54867 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -1916,8 +1916,8 @@ static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
 {
 	u16 *boot_order;
 	u16 *boot_index;
-	u16 var_name[] = L"BootOrder";
-	u16 boot_name[] = L"Boot####";
+	u16 var_name[] = u"BootOrder";
+	u16 boot_name[] = u"Boot####";
 	u8 *bootvar;
 	efi_uintn_t var_data_size;
 	u32 count, i;
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 9f1dd74f36c..eb837027818 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -229,26 +229,26 @@ static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode,
 
 	efi_secure_boot = secure_boot;
 
-	ret = efi_set_variable_int(L"SecureBoot", &efi_global_variable_guid,
+	ret = efi_set_variable_int(u"SecureBoot", &efi_global_variable_guid,
 				   attributes_ro, sizeof(secure_boot),
 				   &secure_boot, false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_int(L"SetupMode", &efi_global_variable_guid,
+	ret = efi_set_variable_int(u"SetupMode", &efi_global_variable_guid,
 				   attributes_ro, sizeof(setup_mode),
 				   &setup_mode, false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_int(L"AuditMode", &efi_global_variable_guid,
+	ret = efi_set_variable_int(u"AuditMode", &efi_global_variable_guid,
 				   audit_mode || setup_mode ?
 				   attributes_ro : attributes_rw,
 				   sizeof(audit_mode), &audit_mode, false);
 	if (ret != EFI_SUCCESS)
 		goto err;
 
-	ret = efi_set_variable_int(L"DeployedMode",
+	ret = efi_set_variable_int(u"DeployedMode",
 				   &efi_global_variable_guid,
 				   audit_mode || deployed_mode || setup_mode ?
 				   attributes_ro : attributes_rw,
@@ -280,7 +280,7 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
 		if (ret != EFI_SUCCESS)
 			goto err;
 	} else if (mode == EFI_MODE_AUDIT) {
-		ret = efi_set_variable_int(L"PK", &efi_global_variable_guid,
+		ret = efi_set_variable_int(u"PK", &efi_global_variable_guid,
 					   EFI_VARIABLE_BOOTSERVICE_ACCESS |
 					   EFI_VARIABLE_RUNTIME_ACCESS,
 					   0, NULL, false);
@@ -354,7 +354,7 @@ efi_status_t efi_init_secure_state(void)
 		return ret;
 
 	/* As we do not provide vendor keys this variable is always 0. */
-	ret = efi_set_variable_int(L"VendorKeys",
+	ret = efi_set_variable_int(u"VendorKeys",
 				   &efi_global_variable_guid,
 				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
 				   EFI_VARIABLE_RUNTIME_ACCESS |
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 5adc7f821a8..8ca2d85694c 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -145,15 +145,15 @@ static efi_status_t efi_variable_authenticate(const u16 *variable,
 	case EFI_AUTH_VAR_PK:
 	case EFI_AUTH_VAR_KEK:
 		/* with PK */
-		truststore = efi_sigstore_parse_sigdb(L"PK");
+		truststore = efi_sigstore_parse_sigdb(u"PK");
 		if (!truststore)
 			goto err;
 		break;
 	case EFI_AUTH_VAR_DB:
 	case EFI_AUTH_VAR_DBX:
 		/* with PK and KEK */
-		truststore = efi_sigstore_parse_sigdb(L"KEK");
-		truststore2 = efi_sigstore_parse_sigdb(L"PK");
+		truststore = efi_sigstore_parse_sigdb(u"KEK");
+		truststore2 = efi_sigstore_parse_sigdb(u"PK");
 		if (!truststore) {
 			if (!truststore2)
 				goto err;
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
index a2c65e36947..58931c4efd7 100644
--- a/lib/efi_loader/efi_variable_tee.c
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -588,7 +588,7 @@ efi_status_t efi_set_variable_int(const u16 *variable_name,
 	if (alt_ret != EFI_SUCCESS)
 		goto out;
 
-	if (!u16_strcmp(variable_name, L"PK"))
+	if (!u16_strcmp(variable_name, u"PK"))
 		alt_ret = efi_init_secure_state();
 out:
 	free(comm_buf);
diff --git a/lib/efi_loader/efi_watchdog.c b/lib/efi_loader/efi_watchdog.c
index 87ca6c5b0b7..d741076dcdd 100644
--- a/lib/efi_loader/efi_watchdog.c
+++ b/lib/efi_loader/efi_watchdog.c
@@ -75,17 +75,6 @@ efi_status_t efi_watchdog_register(void)
 		printf("ERROR: Failed to register watchdog event\n");
 		return r;
 	}
-	/*
-	 * The UEFI standard requires that the watchdog timer is set to five
-	 * minutes when invoking an EFI boot option.
-	 *
-	 * Unified Extensible Firmware Interface (UEFI), version 2.7 Errata A
-	 * 7.5. Miscellaneous Boot Services - EFI_BOOT_SERVICES.SetWatchdogTimer
-	 */
-	r = efi_set_watchdog(300);
-	if (r != EFI_SUCCESS) {
-		printf("ERROR: Failed to set watchdog timer\n");
-		return r;
-	}
+
 	return EFI_SUCCESS;
 }
diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c
index 33e4fbc7c80..10666dc0f22 100644
--- a/lib/efi_loader/helloworld.c
+++ b/lib/efi_loader/helloworld.c
@@ -34,7 +34,7 @@ static struct efi_simple_text_output_protocol *con_out;
  */
 static void print_uefi_revision(void)
 {
-	u16 rev[] = L"0.0.0";
+	u16 rev[] = u"0.0.0";
 
 	rev[0] = (systable->hdr.revision >> 16) + '0';
 	rev[4] = systable->hdr.revision & 0xffff;
@@ -48,9 +48,9 @@ static void print_uefi_revision(void)
 	else
 		rev[3] = 0;
 
-	con_out->output_string(con_out, L"Running on UEFI ");
+	con_out->output_string(con_out, u"Running on UEFI ");
 	con_out->output_string(con_out, rev);
-	con_out->output_string(con_out, L"\r\n");
+	con_out->output_string(con_out, u"\r\n");
 }
 
 /**
@@ -65,15 +65,15 @@ static void print_config_tables(void)
 		if (!memcmp(&systable->tables[i].guid, &fdt_guid,
 			    sizeof(efi_guid_t)))
 			con_out->output_string
-					(con_out, L"Have device tree\r\n");
+					(con_out, u"Have device tree\r\n");
 		if (!memcmp(&systable->tables[i].guid, &acpi_guid,
 			    sizeof(efi_guid_t)))
 			con_out->output_string
-					(con_out, L"Have ACPI 2.0 table\r\n");
+					(con_out, u"Have ACPI 2.0 table\r\n");
 		if (!memcmp(&systable->tables[i].guid, &smbios_guid,
 			    sizeof(efi_guid_t)))
 			con_out->output_string
-					(con_out, L"Have SMBIOS table\r\n");
+					(con_out, u"Have SMBIOS table\r\n");
 	}
 }
 
@@ -86,13 +86,13 @@ static void print_config_tables(void)
 void print_load_options(struct efi_loaded_image *loaded_image)
 {
 	/* Output the load options */
-	con_out->output_string(con_out, L"Load options: ");
+	con_out->output_string(con_out, u"Load options: ");
 	if (loaded_image->load_options_size && loaded_image->load_options)
 		con_out->output_string(con_out,
 				       (u16 *)loaded_image->load_options);
 	else
-		con_out->output_string(con_out, L"<none>");
-	con_out->output_string(con_out, L"\r\n");
+		con_out->output_string(con_out, u"<none>");
+	con_out->output_string(con_out, u"\r\n");
 }
 
 /**
@@ -108,21 +108,21 @@ efi_status_t print_device_path(struct efi_device_path *device_path,
 	efi_status_t ret;
 
 	if (!device_path) {
-		con_out->output_string(con_out, L"<none>\r\n");
+		con_out->output_string(con_out, u"<none>\r\n");
 		return EFI_SUCCESS;
 	}
 
 	string = dp2txt->convert_device_path_to_text(device_path, true, false);
 	if (!string) {
 		con_out->output_string
-			(con_out, L"Cannot convert device path to text\r\n");
+			(con_out, u"Cannot convert device path to text\r\n");
 		return EFI_OUT_OF_RESOURCES;
 	}
 	con_out->output_string(con_out, string);
-	con_out->output_string(con_out, L"\r\n");
+	con_out->output_string(con_out, u"\r\n");
 	ret = boottime->free_pool(string);
 	if (ret != EFI_SUCCESS) {
-		con_out->output_string(con_out, L"Cannot free pool memory\r\n");
+		con_out->output_string(con_out, u"Cannot free pool memory\r\n");
 		return ret;
 	}
 	return EFI_SUCCESS;
@@ -148,7 +148,7 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle,
 	con_out = systable->con_out;
 
 	/* UEFI requires CR LF */
-	con_out->output_string(con_out, L"Hello, world!\r\n");
+	con_out->output_string(con_out, u"Hello, world!\r\n");
 
 	print_uefi_revision();
 	print_config_tables();
@@ -158,7 +158,7 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle,
 					(void **)&loaded_image);
 	if (ret != EFI_SUCCESS) {
 		con_out->output_string
-			(con_out, L"Cannot open loaded image protocol\r\n");
+			(con_out, u"Cannot open loaded image protocol\r\n");
 		goto out;
 	}
 	print_load_options(loaded_image);
@@ -168,12 +168,12 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle,
 					NULL, (void **)&device_path_to_text);
 	if (ret != EFI_SUCCESS) {
 		con_out->output_string
-			(con_out, L"Cannot open device path to text protocol\r\n");
+			(con_out, u"Cannot open device path to text protocol\r\n");
 		goto out;
 	}
 	if (!loaded_image->device_handle) {
 		con_out->output_string
-			(con_out, L"Missing device handle\r\n");
+			(con_out, u"Missing device handle\r\n");
 		goto out;
 	}
 	ret = boottime->handle_protocol(loaded_image->device_handle,
@@ -181,14 +181,14 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle,
 					(void **)&device_path);
 	if (ret != EFI_SUCCESS) {
 		con_out->output_string
-			(con_out, L"Missing device path for device handle\r\n");
+			(con_out, u"Missing device path for device handle\r\n");
 		goto out;
 	}
-	con_out->output_string(con_out, L"Boot device: ");
+	con_out->output_string(con_out, u"Boot device: ");
 	ret = print_device_path(device_path, device_path_to_text);
 	if (ret != EFI_SUCCESS)
 		goto out;
-	con_out->output_string(con_out, L"File path: ");
+	con_out->output_string(con_out, u"File path: ");
 	ret = print_device_path(loaded_image->file_path, device_path_to_text);
 	if (ret != EFI_SUCCESS)
 		goto out;