When the efi subsystem starts we restore variables that are both in a
file or stored into the .efi_runtime section of U-Boot. However once
a variable gets created or changed the preseeded entries will end up in
the file. As a consequence on the next boot we will end up adding
identical variable entries twice.
Fix this by checking if the to be inserted variable already exists.
Also swap the restoration order and start with the file instead of the
builtin variables, so a user can replace the preseeded ones if needed.
Tested-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It is volatile variables that we do not allow to be restored from file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When the HII protocol function get_package_list_handle() is called with an
invalid package list handle, it returns EFI_NOT_FOUND but this is not in
its list of possible status codes as per the EFI specification.
Return EFI_INVALID_PARAMETER instead to fix conformance.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Test that GetNextVariableName() checks the parameters.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The VariableNameSize parameter is in bytes but u16_strnlen() counts u16.
Fix the parameter check for null termination.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To retrieve the EFI variable name by efi_get_next_variable_name_int(),
the sequence of alloc -> efi_get_next_variable_name_int ->
realloc -> efi_get_next_variable_name_int is required.
In current code, this sequence repeatedly appears in
the several functions. It should be curved out a common function.
This commit also fixes the missing free() of var_name16
in eficonfig_delete_invalid_boot_option().
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The EFI Conformance Profile Table entry for EBBR appears in v2.1.0 of the
EBBR specification[1]. Update naming accordingly.
While at it, update the EBBR version referenced in the documentation.
[1]: https://github.com/ARM-software/ebbr/releases/tag/v2.1.0
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We add RISC-V semihosting based serial console for JTAG based early
debugging.
The RISC-V semihosting specification is available at:
https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Signed-off-by: Kautuk Consul <kconsul@ventanamicro.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
We factor out the arch-independent parts of the ARM semihosting
implementation as a common library so that it can be shared
with RISC-V.
Signed-off-by: Kautuk Consul <kconsul@ventanamicro.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Add the possibility to recognize IPv6 address in print function.
To output IPv6 address use %pI6 specifier.
Series-changes: 3
- Substituted #if (...) for if (...) to get better readability
Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This functions is used as a converter from IPv6 address string notation
to struct ip6_addr that is used everywhere in IPv6 implementation. For
example it is used to parse and convert IPv6 address from tftpboot
command. Conversion algorithm uses two passes, first to verify syntax and
locate colons and second pass to read the address. In case of valid IPv6
address it returns 0.
Examples of valid strings:
2001:db8::0:1234:1
2001:0db8:0000:0000:0000:0000:1234:0001
::1
::ffff:192.168.1.1
Examples of invalid strings
2001:db8::0::0 (:: can only appear once)
2001:db8:192.168.1.1::1 (v4 part can only appear at the end)
192.168.1.1 (we don't implicity map v4)
Series-changes: 3
- Added function description
- Added length parameter to string_to_ip6()
Series-changes: 4
- Fixed function description style
Signed-off-by: Viacheslav Mitrofanov <v.v.mitrofanov@yadro.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some commands need to enumerate the existing UEFI load
option variable("Boot####"). This commit transfers some code
from cmd/efidebug.c to lib/efi_loder/, then exposes
efi_varname_is_load_option() function to check whether
the UEFI variable name is "Boot####".
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI_LOADER_DATA/CODE is reserved for EFI applications.
Memory allocated by U-Boot for internal usage should be
EFI_BOOT_SERVICES_DATA or _CODE or EFI_RUNTIME_SERVICES_DATA or _CODE.
Reported-by: François-Frédéric Ozog <ff@ozog.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: François-Frédéric Ozog <ff@ozog.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The dhcp command may be executed after the first UEFI command.
We should still update the EFI_PXE_BASE_CODE_PROTOCOL.
Don't leak content of prior acknowledge packages.
Handle failing allocation when calling malloc().
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Provide an EFI binary that prints the boot hart ID as found in the
device-tree as /chosen/boot-hartid property and as provided by the
RISCV_EFI_BOOT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Use unsigned char for the parameter of efi_st_strcmp_16_8. This allows
comparing characters 0x80 - 0xff.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Negative index in efi_unicode_collation.c:262.
The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.
Fixes: 0bc4b0da7b ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Heinrich reports that on RISC-V unaligned access is emulated by OpenSBI
which is very slow. Performance wise it's better if we skip the calls
to u16_strdup() -- which in turn calls u16_strsize() and just allocate/copy the
memory directly. The access to dp.length may still be unaligned, but that's
way less than what u16_strsize() would do
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use malloc() instead of calloc().
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Closing the files uses the EFI protocol and specifically it's .close
callback. This needs to be wrapped on an EFI_CALL()
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
UEFI specification requires pointers that are passed to protocol member
functions to be aligned. There's a u16_strdup in that function which
doesn't make sense otherwise Add a comment so no one removes it
accidentally
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a description of the function's logic.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If the va_list we got handed over contains no protocols we must return
EFI_SUCCESS. However in that case the current code just returns
an unintialized value.
Fix that by setting the return value in the variable definition
Addresses-Coverity: CID 376195: ("Uninitialized variables (UNINIT)")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Update the sandbox implementation to use UCLASS_HOST and adjust all
the pieces to continue to work:
- Update the 'host' command to use the new API
- Replace various uses of UCLASS_ROOT with UCLASS_HOST
- Disable test_eficonfig since it doesn't work (this should have a unit
test to allow this to be debugged)
- Update the blk test to use the new API
- Drop the old header file
Unfortunately it does not seem to be possible to split this change up
further.
Signed-off-by: Simon Glass <sjg@chromium.org>
AllocatePages() can be called with Type=AllocateAddress. Such a call can
only succeed if *Memory points to the address of an unallocated page range.
A call with *Memory being an address that is not page aligned must not
succeed. The UEFI specification requires returning EFI_OUT_OF_RESOURCES
if the requested pages cannot be allocated.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Variable efi_system_partition holds the efi_system_partition. Currently it
is initialized as:
{
.uclass_id = 0 = UCLASS_ROOT,
.denum = 0,
.part = 0,
}
This indicates that host 0:0 is the efi_system_partition and we see output
like:
=> bootefi hello
** Bad device specification host 0 **
Couldn't find partition host 0:0
To identify that no EFI system partition has been set use UCLASS_INVALID.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Since the commit a9bf024b29 ("efi_loader: disk: a helper function to
create efi_disk objects from udevice"), CONFIG_EFI_SETUP_EARLY option is
by default on and will never be turned off.
So just remove this option.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CONFIG_NET does not imply that there are actually network devices
available, only CONFIG_NETDEVICES does. Changing to this dependency
obsoletes the check in Kconfig because NETDEVICES means DM_ETH.
Fixes: 0efe1bcf5c ("efi_loader: Add network access support")
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.
The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.
At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The FWU Multi Bank Update specification requires the Update Agent to
carry out certain checks at the time of platform boot. The Update
Agent is the component which is responsible for updating the firmware
components and maintaining and keeping the metadata in sync.
The spec requires that the Update Agent perform the following checks
at the time of boot
* Sanity check of both the metadata copies maintained by the platform.
* Get the boot index passed to U-Boot by the prior stage bootloader
and use this value for metadata bookkeeping.
* Check if the system is booting in Trial State. If the system boots
in the Trial State for more than a specified number of boot counts,
change the Active Bank to be booting the platform from.
Call these checks through the main loop event at the time of platform
boot.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add weak functions for getting the update index value and dfu
alternate number needed for FWU Multi Bank update
functionality.
The current implementation for getting the update index value is for
platforms with 2 banks. If a platform supports more than 2 banks, it
can implement it's own function. The function to get the dfu alternate
number has been added for platforms with GPT partitioned storage
devices. Platforms with other storage partition scheme need to
implement their own function.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In the FWU Multi Bank Update feature, the information about the
updatable images is stored as part of the metadata, which is stored on
a dedicated partition. Add the metadata structure, and a driver model
uclass which provides functions to access the metadata. These are
generic API's, and implementations can be added based on parameters
like how the metadata partition is accessed and what type of storage
device houses the metadata.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Use the uclass type as the first part of the function name, to be
consistent with the methods in other block drivers.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
This relies on the old LCD implementation which is to be removed. Drop the
existing #ifdef and convert it to C code.
Signed-off-by: Simon Glass <sjg@chromium.org>
There are two problems with both strcmp and strncmp:
(1) The C standard is clear that the contents should be compared as
"unsigned char":
The sign of a nonzero value returned by the comparison functions
memcmp, strcmp, and strncmp is determined by the sign of the
difference between the values of the first pair of characters (both
interpreted as unsigned char) that differ in the objects being
compared.
(2) The difference between two char (or unsigned char) values can
range from -255 to +255; so that's (due to integer promotion) the
range of values we could get in the *cs-*ct expressions, but when that
is then shoe-horned into an 8-bit quantity the sign may of course
change.
The impact is somewhat limited by the way these functions
are used in practice:
- Most of the time, one is only interested in equality (or for
strncmp, "starts with"), and the existing functions do correctly
return 0 if and only if the strings are equal [for strncmp, up to
the given bound].
- Also most of the time, the strings being compared only consist of
ASCII characters, i.e. have values in the range [0, 127], and in
that case it doesn't matter if they are interpreted as signed or
unsigned char, and the possible difference range is bounded to
[-127, 127] which does fit the signed char.
For size, one could implement strcmp() in terms of strncmp() - just
make it "return strncmp(a, b, (size_t)-1);". However, performance of
strcmp() does matter somewhat, since it is used all over when parsing
and matching DT nodes and properties, so let's find some other place
to save those ~30 bytes.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
There is a number of users that use uclass_first_device to access the
first and (assumed) only device in uclass.
Some check the return value of uclass_first_device and also that a
device was returned which is exactly what uclass_first_device_err does.
Some are not checking that a device was returned and can potentially
crash if no device exists in the uclass. Finally there is one that
returns NULL on error either way.
Convert all of these to use uclass_first_device_err instead, the return
value will be removed from uclass_first_device in a later patch.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Loadfile2 code is installing two protocols on it's own handle
and uses efi_delete_handle() to clean it up on failure(s). However
commit 05c4c9e21a ("efi_loader: define internal implementations of
install/uninstallmultiple") prepares the ground for us to clean up
efi_delete_handle() used in favor of Install/UninstallMultipleProtocol.
While at it clean up the non needed void casts to (void *) on the
protolcol installation.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The option SHA256_ALGO does not exist. Remove selecting it.
Fixes: 26dd993657 ("lib: add crypt subsystem")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Make it clearer why InstallMultipleProtocolInterfaces is invoked with two
NULLs:
* rename guid to esp_guid
* put protocol GUIDs and the related interfaces on same lines
* add comment
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* Replace the OpenProtocol() call by efi_search_protocol().
* Remove the CloseProtocol() call.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Avoid EFI_CALL() by using efi_close_protocol().
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Allow avoiding using EFI_CALL() when closing a protocol by providing an
internal function.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The CloseProtocol() boot service requires a handle as first argument.
Passing the protocol interface is incorrect.
CloseProtocol() only has an effect if called with a non-zero value for
agent_handle. HandleProtocol() uses an opaque agent_handle when invoking
OpenProtocol() (currently NULL). Therefore HandleProtocol() should be
avoided.
* Replace the LocateHandle() call by efi_search_protocol().
* Remove the CloseProtocol() call.
Fixes: 8d99026f06 ("efi_loader: capsule: support firmware update")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>