- 16 4月, 2020 3 次提交
-
-
由 AKASHI Takahiro 提交于
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is supported for authenticated variables and the system secure state will transfer between setup mode and user mode as UEFI specification section 32.3 describes. Internally, authentication data is stored as part of authenticated variable's value. It is nothing but a pkcs7 message (but we need some wrapper, see efi_variable_parse_signature()) and will be validated by efi_variable_authenticate(), hence efi_signature_verify_with_db(). Associated time value will be encoded in "{...,time=...}" along with other UEFI variable's attributes. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
efi_signature_parse_sigdb() is a helper function will be used to parse signature database variable and instantiate a signature store structure in later patches. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
In this commit, implemented are a couple of helper functions which will be used to materialize variable authentication as well as image authentication in later patches. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
- 23 3月, 2020 1 次提交
-
-
由 Heinrich Schuchardt 提交于
'vendor' is both an input and an output parameter. So it cannot be constant. Fixes: 0bda81bf ("efi_loader: use const efi_guid_t * for variable services") Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 17 3月, 2020 1 次提交
-
-
由 AKASHI Takahiro 提交于
This is a preparatory patch. Those functions will be used in an implementation of UEFI firmware management protocol as part of my capsule update patch. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
- 29 2月, 2020 1 次提交
-
-
由 Ilias Apalodimas 提交于
Following kernel's proposal for an arch-agnostic initrd loading mechanism [1] let's implement the U-boot counterpart. This new approach has a number of advantages compared to what we did up to now. The file is loaded into memory only when requested limiting the area of TOCTOU attacks. Users will be allowed to place the initramfs file on any u-boot accessible partition instead of just the ESP one. Finally this is an attempt of a generic interface across architectures in the linux kernel so it makes sense to support that. The file location is intentionally only supported as a config option argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security. Although U-boot is not responsible for verifying the integrity of the initramfs, we can enhance the offered security by only accepting a built-in option, which will be naturally verified by UEFI Secure Boot. This can easily change in the future if needed and configure that via ENV or UEFI variable. [1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32fSigned-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 08 1月, 2020 5 次提交
-
-
由 Sughosh Ganu 提交于
Install the EFI_RNG_PROTOCOL implementation for it's subsequent use by the kernel for features like kaslr. Signed-off-by: NSughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Sughosh Ganu 提交于
Add guidcpy function to copy the source guid to the destination guid. Use this function instead of memcpy for copying to the destination guid. Signed-off-by: NSughosh Ganu <sughosh.ganu@linaro.org> Use void * instead of efi_guid_t * for arguments to allow copying unaligned GUIDs. The GUIDs of configuration tables are __packed. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Use a pointer to addressable memory instead of a "physical" address in the virtual address space of the sandbox to efi_install_fdt(). Export the efi_install_fdt() function. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Provide public function efi_run_imager() which can be used to run an UEFI image from memory. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
As part of moving the parsing of command line arguments to do_bootefi() call efi_install_fdt() with the address of the device tree instead of a string. If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree is used. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 19 11月, 2019 1 次提交
-
-
由 Heinrich Schuchardt 提交于
Function efi_dp_from_dev() is not used anywhere. Remove it. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 08 10月, 2019 1 次提交
-
-
由 Simon Glass 提交于
At present these two functions are defined in efi_loader.h but only if CONFIG_EFI_LOADER is enabled. But these are functions that are useful to other code, such as that which deals with Intel Handoff Blocks (HOBs). Move these to the top of the function. Possibly ascii2unicode() should not be an inline function, since this might impact code size. Signed-off-by: NSimon Glass <sjg@chromium.org> Reviewed-by: NBin Meng <bmeng.cn@gmail.com>
-
- 21 9月, 2019 1 次提交
-
-
由 AKASHI Takahiro 提交于
Sandbox's "host" devices are currently described as UCLASS_ROOT udevice with DEV_IF_HOST block device. As the current implementation of efi_device_path doesn't support such a type, any "host" device on sandbox cannot be seen as a distinct object. For example, => host bind 0 /foo/disk.img => efi devices Scanning disk host0... Found 1 disks Device Device Path ================ ==================== 0000000015c19970 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b) 0000000015c19d70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b) => efi dh Handle Protocols ================ ==================== 0000000015c19970 Device Path, Device Path To Text, Device Path Utilities, Unicode Collation 2, HII String, HII Database, HII Config Routing 0000000015c19ba0 Driver Binding 0000000015c19c10 Simple Text Output 0000000015c19c80 Simple Text Input, Simple Text Input Ex 0000000015c19d70 Block IO, Device Path, Simple File System As you can see here, efi_root (0x0000000015c19970) and host0 device (0x0000000015c19d70) have the same representation of device path. This is not only inconvenient, but also confusing since two different efi objects are associated with the same device path and efi_dp_find_obj() will possibly return a wrong result. Solution: Each "host" device should be given an additional device path node of "vendor device path" to make it distinguishable. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 09 9月, 2019 1 次提交
-
-
由 Heinrich Schuchardt 提交于
ascii2unicode() can only convert characters 0x00-0x7f from UTF-8 to UTF-16. Use utf8_utf16_strcpy() instead. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 06 9月, 2019 1 次提交
-
-
由 Park, Aiden 提交于
Adding a conventional memory region to the memory map may require ram_top limitation and it can be also commonly used. Extract adding a conventional memory to the memory map in a separate routine for generic use. Signed-off-by: NAiden Park <aiden.park@intel.com> Tested-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 17 7月, 2019 2 次提交
-
-
由 Heinrich Schuchardt 提交于
In packed structures GUIDs are not aligned. Avoid a build error with GCC 9.1 by using const void * as argument for guidcmp(). Reported-by: NRamon Fried <rfried.dev@gmail.com> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Bryan O'Donoghue 提交于
We currently have some inconsistent use of efi_add_memory_map() throughout the code. In particular the return value of efi_add_memory_map() is not interpreted the same way by various users in the codebase. This patch does the following: - Changes efi_add_memory_map() to return efi_status_t. - Adds a method description to efi_add_memory_map(). - Changes efi_add_memory_map() to return EFI_SUCCESS - Returns non-zero for error in efi_add_memory_map() - Updates efi_allocate_pages() to new efi_add_memory_map() - Updates efi_free_pages() to new efi_add_memory_map() - Updates efi_carve_out_dt_rsv() to new efi_add_memory_map() - Updates efi_add_runtime_mmio() to new efi_add_memory_map() Fixes: 5d00995c ("efi_loader: Implement memory allocation and map") Fixes: 74c16acc ("efi_loader: Don't allocate from memory holes") Suggested-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Cc: Alexander Graf <agraf@csgraf.de> Signed-off-by: NBryan O'Donoghue <pure.logic@nexus-software.ie> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 07 7月, 2019 4 次提交
-
-
由 Heinrich Schuchardt 提交于
Linux can be called with a command line parameter efi=novamap, cf. commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted"). In this case SetVirtualAddressMap() is not called after ExitBootServices(). OpenBSD 32bit does not call SetVirtualAddressMap() either. Runtime services must be set to an implementation supported at runtime in ExitBootServices(). Reported-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Suggested-by: NAlexander Graf <agraf@csgraf.de> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Our variable services are only provided at boottime. Therefore when leaving boottime the variable function are replaced by dummy functions returning EFI_UNSUPPORTED. Move this patching of the runtime table to the variable services implementation. Executed it in ExitBootServices(). Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Provide an initialization routine for variable services. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Let's keep similar things together. Move efi_query_variable_info() to lib/efi_loader/efi_variable.c Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 15 6月, 2019 1 次提交
-
-
由 AKASHI Takahiro 提交于
This variable is defined in UEFI specification 2.8, section 8.1. Its value should be updated whenever we add any usable runtime services function. Currently we only support SetVirtualAddress() for all systems and ResetSystem() for some. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 11 6月, 2019 2 次提交
-
-
由 Heinrich Schuchardt 提交于
Up to now we have only been using a flag queued for events. But this does not satisfy the requirements of the UEFI spec. Events must be notified in the sequence of decreasing TPL level and within a TPL level in the sequence of signaling. Implement a queue for signaled events. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
ExitBootServices() has to stop timer related activity before calling the events of the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. But our current implementation was stopping all other events. All events have to observe the task priority level. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 01 6月, 2019 2 次提交
-
-
由 Heinrich Schuchardt 提交于
To let a board implement the runtime version of SetTime() we have to provide the definition of the weak function in an include. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
When a protocol is installed the handle should be queued for the registration key of each registered event. LocateHandle() should return the first handle from the queue for the registration key and delete it from the queue. Implement the queueing. Correct the selftest. With the patch the UEFI SCT tests for LocateHandle() are passed without failure. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 25 5月, 2019 1 次提交
-
-
由 Heinrich Schuchardt 提交于
Change comments for struct efi_open_protocol_info_item and struct efi_handler to Sphinx format. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 19 5月, 2019 2 次提交
-
-
由 Heinrich Schuchardt 提交于
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2 language codes existed. This protocol is not part of the UEFI specification any longer. Unfortunately it is required to run the UEFI Self Certification Test (SCT) II, version 2.6, 2017. So we implement it here for the sole purpose of running the SCT. It can be removed once a compliant SCT is available. The configuration option defaults to no. Signed-off-by: NRob Clark <robdclark@gmail.com> Most of Rob's original patch is already merged. Only the deprecated protocol is missing. Rebase it and make it configurable. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Rename variables to make it clear they refer to the Unicode collation protocol identified by the EFI_UNICODE_PROTOCOL2_GUID. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 08 5月, 2019 4 次提交
-
-
由 Heinrich Schuchardt 提交于
If the parent image handle does not refer to a loaded image return EFI_INVALID_PARAMETER. (UEFI SCT II 2017: 3.4.1 LoadImage() - 5.1.4.1.1) Mark our root node as a loaded image to avoid an error when using it as parent image. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
The RegisterProtocolNotify() boot service registers an event to be notified upon the installation of a protocol interface with the specified GUID. Add the missing implementation. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Implement unloading of images in the Exit() boot services: * unload images that are not yet started, * unload started applications, * unload drivers returning an error. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
In UnloadImage() we need to know if an image is already started. Add a field to the handle structure identifying loaded and started images. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 03 5月, 2019 2 次提交
-
-
由 Heinrich Schuchardt 提交于
In case of a failure exit data may be passed to Exit() which in turn is returned by StartImage(). Let the `bootefi` command print the exit data string in case of an error. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
The field boot OptionalData in structure _EFI_LOAD_OPTIONS is for binary data. When we use `efidebug boot add` we should convert the 5th argument from UTF-8 to UTF-16 before putting it into the BootXXXX variable. When printing boot variables with `efidebug boot dump` we should support the OptionalData being arbitrary binary data. So let's dump the data as hexadecimal values. Here is an example session protocol: => efidebug boot add 00a1 label1 scsi 0:1 doit1 'my option' => efidebug boot add 00a2 label2 scsi 0:1 doit2 => efidebug boot dump Boot00A0: attributes: A-- (0x00000001) label: label1 file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit1 data: 00000000: 6d 00 79 00 20 00 6f 00 70 00 74 00 69 00 6f 00 m.y. .o.p.t.i.o. 00000010: 6e 00 00 00 n... Boot00A1: attributes: A-- (0x00000001) label: label2 file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit2 data: Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 23 4月, 2019 2 次提交
-
-
由 AKASHI Takahiro 提交于
In the current implementation, bootefi command and EFI boot manager don't use load_image API, instead, use more primitive and internal functions. This will introduce duplicated code and potentially unknown bugs as well as inconsistent behaviours. With this patch, do_efibootmgr() and do_boot_efi() are completely overhauled and re-implemented using load_image API. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Use efi_root as parent handle for the loaded image. LoadImage() should be called with BootPolicy = true by the boot manager. Avoid duplicate free_pool(). Eliminate variable memdp which is not needed after anymore due to "efi_loader: correctly split device path of loaded image". Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
This is a preparatory patch. The root node handle will be used as a dummy parent handle when invoking an EFI image from bootefi/bootmgr command. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Rebased. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 13 4月, 2019 1 次提交
-
-
由 Heinrich Schuchardt 提交于
Export function efi_install_multiple_protocol_interfaces() so that we can call it in others parts of the UEFI subsystem. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 07 4月, 2019 1 次提交
-
-
由 AKASHI Takahiro 提交于
Those two functions will be used later to re-implement do_bootefi_exec(). Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-