summaryrefslogtreecommitdiff
path: root/lib/efi_loader/efi_boottime.c
AgeCommit message (Collapse)Author
2021-12-09efi_loader: correctly handle no tpm device errorMasahisa Kojima
When the TCG2 protocol is installed in efi_tcg2_register(), TPM2 device must be present. tcg2_measure_pe_image() expects that TCP2 protocol is installed and TPM device is available. If TCG2 Protocol is installed but TPM device is not found, tcg2_measure_pe_image() returns EFI_SECURITY_VIOLATION and efi_load_image() ends with failure. The same error handling is applied to efi_tcg2_measure_efi_app_invocation(). Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-26efi: Call bootm_disable_interrupts earlier in efi_exit_boot_servicesTom Rini
If we look at the path that bootm/booti take when preparing to boot the OS, we see that as part of (or prior to calling do_bootm_states, explicitly) the process, bootm_disable_interrupts() is called prior to announce_and_cleanup() which is where udc_disconnect() / board_quiesce_devices() / dm_remove_devices_flags() are called from. In the EFI path, these are called afterwards. In efi_exit_boot_services() however we have been calling bootm_disable_interrupts() after the above functions, as part of ensuring that we disable interrupts as required by the spec. However, bootm_disable_interrupts() is also where we go and call usb_stop(). While this has been fine before, on the TI J721E platform this leads us to an exception. This exception seems likely to be the case that we're trying to stop devices that we have already disabled clocks for. The most direct way to handle this particular problem is to make EFI behave like the do_bootm_states() process and ensure we call bootm_disable_interrupts() prior to ending up in usb_stop(). Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Simon Glass <sjg@chromium.org> Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20efi_loader: EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICESHeinrich Schuchardt
Implement the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group handling. Add the definition of EFI_EVENT_GROUP_AFTER_READY_TO_BOOT. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-26efi_loader: add UEFI GPT measurementMasahisa Kojima
This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client Platform Firmware Profile Specification Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26efi_loader: add SMBIOS table measurementMasahisa Kojima
TCG PC Client Platform Firmware Profile Specification requires to measure the SMBIOS table that contains static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device- and environment-dependent information such as serial number is cleared to zero or space character for the measurement. Existing smbios_string() function returns pointer to the string with const qualifier, but exisintg use case is updating version string and const qualifier must be removed. This commit removes const qualifier from smbios_string() return value and reuses to clear the strings for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-25efi_loader: add missing const qualifierMasahisa Kojima
This commit fixes the following compilation warning of boottime->install_configuration_table() function. lib/efi_selftest/efi_selftest_tcg2.c:475:46: warning: passing argument 1 of ‘boottime->install_configuration_table’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] ret = boottime->install_configuration_table(&smbios_guid, dmi); Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-14efi_loader: add ExitBootServices() measurementMasahisa Kojima
TCG PC Client PFP spec requires to measure "Exit Boot Services Invocation" if ExitBootServices() is invoked. Depending upon the return code from the ExitBootServices() call, "Exit Boot Services Returned with Success" or "Exit Boot Services Returned with Failure" is also measured. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Swap two ifs in efi_exit_boot_services(). efi_tcg2_notify_exit_boot_services must have EFIAPI signature. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14efi_loader: add boot variable measurementMasahisa Kojima
TCG PC Client PFP spec requires to measure "Boot####" and "BootOrder" variables, EV_SEPARATOR event prior to the Ready to Boot invocation. Since u-boot does not implement Ready to Boot event, these measurements are performed when efi_start_image() is called. TCG spec also requires to measure "Calling EFI Application from Boot Option" for each boot attempt, and "Returning from EFI Application from Boot Option" if a boot device returns control back to the Boot Manager. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-07-24efi_loader: remove asm/setjmp.h from efi_api.hAKASHI Takahiro
In the commit c982874e930d ("efi_loader: refactor efi_setup_loaded_image()"), setjmp-related definitions were moved to efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer refererenced in efi_api.h. This also fixes some error when efi_api.h will be included in mkeficapsule.c. Fixes: c982874e930d ("efi_loader: refactor efi_setup_loaded_image()") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-28efi_loader: TPL_HIGH_LEVEL not allowed for CreateEventHeinrich Schuchardt
According to chapter 7.1 "Event, Timer, and Task Priority Services" TPL_HIGH_LEVEL should not be exposed to applications and drivers. According to the discussion with EDK II contributors this implies that CreateEvent() shall not allow to create events with TPL_HIGH_LEVEL. Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
2021-03-25efi_loader: Clean up file size calculationsIlias Apalodimas
We recently added a common function for calculating file size, instead of copy pasting the code around. Switch one of the occurences over to the common function Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25efi: Add ESRT to the EFI system tableJose Marinho
The ESRT is initialised during efi_init_objlist after efi_initialize_system_table(). The ESRT is recreated from scratch at the following events: - successful UpdateCapsule; - FMP instance install. The code ensures that every ESRT entry has a unique fw_class value. Limitations: - The ESRT is not updated if an FMP instance is uninstalled; - the fields image_type and flags are in the current implementation left undefined. Setting these values will require a per-platform function that returns the image_type/flags as a function of the image fw_class. CC: Heinrich Schuchardt <xypron.glpk@gmx.de> CC: Sughosh Ganu <sughosh.ganu@linaro.org> CC: AKASHI Takahiro <takahiro.akashi@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Andre Przywara <andre.przywara@arm.com> CC: Alexander Graf <agraf@csgraf.de> CC: nd@arm.com Signed-off-by: Jose Marinho <jose.marinho@arm.com> Remove two EFI_CALL() indirections. Move ESRT GUID in efidebug's list of GUIDs. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-02-02common: Drop asm/global_data.h from common headerSimon Glass
Move this out of the common header and include it only where needed. In a number of cases this requires adding "struct udevice;" to avoid adding another large header or in other cases replacing / adding missing header files that had been pulled in, very indirectly. Finally, we have a few cases where we did not need to include <asm/global_data.h> at all, so remove that include. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2021-01-23efi_loader: notification with TPL_APPLICATION not allowedHeinrich Schuchardt
The UEFI specification requires event notification levels to be > TPL_APPLICATION and <= TPL_HIGH_LEVEL. With the patch the CreateEvent() and CreatedEventEx() services are changed to check that the notification level is not TPL_APPLICATION. Reference: UEFI Specification 2.8 Errata B, table 27 "TPL Restrictions", "Event Notification Levels" Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-23efi_loader: fix efi_load_image_from_path()Heinrich Schuchardt
Use the correct GUID when closing the file load protocol. Remove an unnecessary check (Coverity CID 316363). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31efi_loader: event queueingHeinrich Schuchardt
When a new event is queued we have to process the event queue by calling efi_process_event_queue(). But there is not reason to call the function when the event is not queueable. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31efi_loader: use after free in efi_exit()Heinrich Schuchardt
Do not use data from the loaded image object after deleting it. Fixes: 126a43f15b36 ("efi_loader: unload applications upon Exit()") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31efi_loader: efi_signal_event() fix comment typosHeinrich Schuchardt
Add missing commas. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-31efi_loader: missing parentheses after ifHeinrich Schuchardt
IS_ENABLED() contains parentheses. But we should still put extra parentheses around it in an if statement for readability. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: make efi_protocol_open() non-staticHeinrich Schuchardt
Provide efi_protocol_open() as library function. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: support EFI_LOAD_FILE_PROTOCOLHeinrich Schuchardt
Support loading images via the EFI_LOAD_FILE_PROTOCOL and EFI_LOAD_FILE2_PROTOCOL. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: carve out efi_load_image_from_file()Heinrich Schuchardt
efi_load_image_from_file() should read via either of: * EFI_SIMPLE_FILE_SYSTEM_PROTOCOL * EFI_LOAD_FILE_PROTOCOL * EFI_LOAD_FILE2_PROTOCOL To make the code readable carve out a function to load the image via the file system protocol. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: pass boot_policy to efi_load_image_from_pathHeinrich Schuchardt
Implementing support for loading images via the EFI_LOAD_FILE_PROTOCOL requires the boot policy as input for efi_load_image_from_path(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: move EFI_LOAD_FILE2_PROTOCOL_GUIDHeinrich Schuchardt
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed to complement the implementation of the LoadFile() boot service. Remove a duplicate declaration of a variable for the EFI_LOAD_FILE2_PROTOCOL_GUID. Move the remaining declaration to efi_boottime.c. Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-12-10efi_loader: resequence functions in efi_boottime.cHeinrich Schuchardt
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage() service we will have to call the LocateDevicePath() service. To avoid a forward declaration resequence the functions. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-11-14efi_selftest: keep devices in ExitBootServices()Heinrich Schuchardt
When calling ExitBootServices during out unit tests we should not detach devices as we need console output for runtime tests. Fixes: 529441ca89b1 ("efi_loader: Disable devices before handing over control") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-30efi_loader: fix DisconnectController() for sole childHeinrich Schuchardt
If ChildHandle indicates the sole child of the driver, disconnect the driver. This fixes the test results for UEFI SCT 2.6 A sub-tests 5.1.3.12.43, 5.1.3.12.44, 5.1.3.12.45. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27efi_loader: Disable devices before handing over controlIlias Apalodimas
U-Boot Driver Model is supposed to remove devices with either DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting. Our bootm command does that by explicitly calling calling "dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any USB devices. The EFI equivalent is doing none of those at the moment. As a result probing an fTPM driver now renders it unusable in Linux. During our (*probe) callback we open a session with OP-TEE, which is supposed to close with our (*remove) callback. Since the (*remove) is never called, once we boot into Linux and try to probe the device again we are getting a busy error response. Moreover all uclass (*preremove) functions won't run. So let's fix this by mimicking what bootm does and disconnect devices when efi_exit_boot_services() is called. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27efi_loader: Sort header file orderingIlias Apalodimas
Order header files according to https://www.denx.de/wiki/U-Boot/CodingStyle Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14efi_loader: save global data pointer on RISC-VHeinrich Schuchardt
On RISC-V the global data pointer is stored in register gp. When a UEFI binary calls the EFI API we have to restore it. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06efi_loader: remove duplicate image size checkHeinrich Schuchardt
The image size is checked in efi_load_pe(). Avoid checking it twice. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: document efi_save_gd(), efi_restore_gd()Heinrich Schuchardt
Provide function descriptions for efi_save_gd() and efi_restore_gd(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11efi_loader: fix efi_get_child_controllers()Heinrich Schuchardt
Don't call calloc(0, ..). Consider return value of efi_get_child_controllers(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03efi_loader: allow compiling with clangHeinrich Schuchardt
On ARM systems gd is stored in register r9 or x18. When compiling with clang gd is defined as a macro calling function gd_ptr(). So we can not make assignments to gd. In the UEFI sub-system we need to save gd when leaving to UEFI binaries and have to restore gd when reentering U-Boot. Define a new function set_gd() for setting gd and use it in the UEFI sub-system. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Tom Rini <trini@konsulko.com>
2020-05-18common: Drop log.h from common headerSimon Glass
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-16efi_loader: image_loader: support image authenticationAKASHI Takahiro
With this commit, image validation can be enforced, as UEFI specification section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled. Currently we support * authentication based on db and dbx, so dbx-validated image will always be rejected. * following signature types: EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images) EFI_CERT_X509_GUID (x509 certificate for signed images) Timestamp-based certificate revocation is not supported here. Internally, authentication data is stored in one of certificates tables of PE image (See efi_image_parse()) and will be verified by efi_image_authenticate() before loading a given image. It seems that UEFI specification defines the verification process in a bit ambiguous way. I tried to implement it as closely to as EDK2 does. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-03-17efi_loader: export a couple of protocol related functionsAKASHI Takahiro
This is a preparatory patch. Those functions will be used in an implementation of UEFI firmware management protocol as part of my capsule update patch. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-03-11efi_loader: unnecessary assignment in efi_queue_eventHeinrich Schuchardt
The assigned value NULL is never used. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-15efi_loader: describe returning of controlHeinrich Schuchardt
Provide a sober description of how control can be returned by a UEFI binary. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07efi_loader: Add guidcpy functionSughosh Ganu
Add guidcpy function to copy the source guid to the destination guid. Use this function instead of memcpy for copying to the destination guid. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Use void * instead of efi_guid_t * for arguments to allow copying unaligned GUIDs. The GUIDs of configuration tables are __packed. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-12-02common: Move enable/disable_interrupts out of common.hSimon Glass
Move these two functions into the irq_funcs.h header file. Also move interrupt_handler_t as this is used by the irq_install_handler() function. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02common: Move get_ticks() function out of common.hSimon Glass
This function belongs in time.h so move it over and add a comment. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02crc32: Use the crc.h header for crc functionsSimon Glass
Drop inclusion of crc.h in common.h and use the correct header directly instead. With this we can drop the conflicting definition in fw_env.h and rely on the crc.h header, which is already included. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-09-20efi_loader: incorrect return value form DisconnectControllerHeinrich Schuchardt
DisconnectController() should never return EFI_NOT_FOUND. If EFI_DRIVER_BINDING_PROTOCOL.Stop() fails, return EFI_DEVICE_ERROR. If the driver handle does not expose the EFI_DRIVER_BINDING_PROTOCOL return EFI_INVALID_PARAMETER. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-08-11env: Drop environment.h header file where not neededSimon Glass
This header file is now only used by files that access internal environment features. Drop it from various places where it is not needed. Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Simon Glass <sjg@chromium.org>
2019-07-30efi_loader: re-enable GRUB workaround on 32bit ARMHeinrich Schuchardt
GRUB on ARM 32bit prior to version 2.04 lacks proper handling of caches. In U-Boot v2019.04 a workaround for this was inadvertently removed. The workaround is currently also needed for booting on systems with caches that cannot be managed via CP15 (e.g. with an i.MX6 CPU). Re-enable the workaround and make it customizable. Fixes: f69d63fae281 ("efi_loader: use efi_start_image() for bootefi") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16efi_loader: fix comments for efi_update_exit_data()Heinrich Schuchardt
Add missing colons after parameter descriptions. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16efi_loader: fix function comments in efi_boottime.cHeinrich Schuchardt
scripts/kernel-doc pointed out some errors in the function comments in efi_boottime.c. Add missing and remove superfluous parameter descriptions. Escape * in a function description. Add empty lines for readability. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-16efi_loader: EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGEHeinrich Schuchardt
Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. This requires allocating the event and the event list from runtime data. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-07-06efi_loader: detach runtime in ExitBootServices()Heinrich Schuchardt
Linux can be called with a command line parameter efi=novamap, cf. commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted"). In this case SetVirtualAddressMap() is not called after ExitBootServices(). OpenBSD 32bit does not call SetVirtualAddressMap() either. Runtime services must be set to an implementation supported at runtime in ExitBootServices(). Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Suggested-by: Alexander Graf <agraf@csgraf.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>