Highlights this time:
- Many small fixes to improve spec compatibility (found by SCT)
- Almost enough to run with sandbox target
- GetTime() improvements
- Enable EFI_LOADER and HYP entry on ARMv7 with NONSEC=y
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJbWHUwAAoJECszeR4D/txgKlUP/3Lu6pxScwzL7TsSD6OFZQ6M
qQq2FH89XOA6/3r04RXrJZoHwOKIH5uj7ea6FlitpS1sQ4UOCQhp/lJJuJennHHj
+veeuzI1sKTCX8Kd9ptrZDEF3G8lbF/zSyCFa1MOd1ONDVsTgSO9fOGmiqcC9FBF
UrUH7dzXlE2CWs/mv/UikCBI7rYF+NOFJNuwHVXfsW4PyQ/7uaNsa7Rl3mXYb/Lr
gjdcJkeHZAmFv/r84tGS9AFv+m0So9AGEYD7MeQDt02hSOuH9/nu4HgPmiwln3Fn
3sFA3+daMrlFNi6kFw10S0sjKz94nN+Arm6cIXlvGaoc/wnPM2wEcKOSiXhzVM8d
CoP/26N/ETRoI9P01C2WyTrKjo0O0aFwp3ubfmmbdcaKr/pyjAJgb3BnqXBfAr7T
OjsE086jtHzdyKYKXDIz8+ZxSo4VsiDjBzDK7LVA0L5KtqAFFa+OYjlgEMJnQCk3
YJfj+rhxfpjzFI7x5BAgq0q3XQRvAJS8QcUq+V2todQ3JkUlCIaVUNQLWAfNJN0q
ze/WR8l4nwj5YFo8XiEbFHpQi/1bkR6cSzyjlBKUqrtHUUEu32vWlzZpNi6HzPMq
cP7gehboFlcCSr8T2UMjBTE1LWI35eWNQQoiNRrS2UVcTH9h1vXMFV9PT+I82BBl
ivJ+YwF9nU1JdS8CG3n7
=ePTT
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-07-25
Highlights this time:
- Many small fixes to improve spec compatibility (found by SCT)
- Almost enough to run with sandbox target
- GetTime() improvements
- Enable EFI_LOADER and HYP entry on ARMv7 with NONSEC=y
CMD_DM is used for debug purpose and it shouldn't be enabled by default
via Kconfig. Unfortunately this is in the tree for quite a long time
that's why solution is to use imply DM for all targets which are
enabling DM.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Fix Kconfig bool, default, select and imply options to be
alphabetically sorted.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Trivial Kconfig cleanup. Use tabs instead of spaces and every Kconfig
entry should be separated by newline.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
While there is probably no reason to do so in a real life situation, it
will allow to compile test both stacks with the same sandbox defconfig.
As we cannot define two 'tpm' commands at the same time, the command for
TPM v1 is still called 'tpm' and the one for TPM v2 'tpm2'. While this
is the exact command name that must be written into eg. test files, any
user already using the TPM v2 stack can continue to do so by just writing
'tpm' because as long as TPM v1 support is not compiled, U-Boot prompt
will search for the closest command named after 'tpm'.
The command set can also be changed at runtime (not supported yet, but
ready to be), but as one can compile only either one stack or the other,
there is still one spot in the code where conditionals are used: to
retrieve the v1 or v2 command set.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: In sandbox_tpm2_fill_buf() use NULL not \0 to ensure NULL
terminated string due to LLVM warning]
Signed-off-by: Tom Rini <trini@konsulko.com>
Instead of depending on a env callback for bootfile, read it explicitly.
We do this because the bootfile can be specified on the command line and
if it is, we will overwrite the internal variable. If a netboot_common()
is called again with no bootfile parameter, we want to use the one in
the environment.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
On 64bit platforms we would otherwise see:
../cmd/ubi.c: In function 'ubi_volume_read':
../cmd/ubi.c:359:16: warning: format '%u' expects argument of type 'unsigned int', but argument 2 has type 'size_t {aka long unsigned int}' [-Wformat=]
Fixes: 68c7025d99 ("cmd: ubi: print load size after establishing volume size")
Signed-off-by: Tom Rini <trini@konsulko.com>
Remove unused function efi_get_time_init().
Initialization of the RTC has to be done in board bring up not in the EFI
subsystem.
There is no RTC device in the UEFI spec. The RTC is only accessed through
the runtime services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the boot and runtime services tables and for the system table the
crc32 has to be set in the header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function currently returns an error code, but never uses it. There is
no function comment so it is not obvious why. Presuambly the error is not
important.
Update the function to explain its purpose and why it ignores the error.
Drop the useful error return value.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This is a bit confusing at present since it adds 4KB to the pointer, then
rounds it up. It looks like a bug, but is not.
Move the 4KB addition into a separate statement and expand the comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The bootefi command gets a few addresses as values passed in. In sandbox,
these values are in U-Boot address space, so we need to make sure we
explicitly call map_sysmem() on them to be able to access them.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Multiple EFI binaries may be executed in sequence. So if we already
are in non-secure mode after running the first one we should skip
the switching code since it no longer works once we're non-secure.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
If desired (and possible) switch into HYP mode or non-secure SVC mode
before calling the entry point of an EFI application. This allows
U-Boot to provide a usable PSCI implementation and makes it possible
to boot kernels into hypervisor mode using an EFI bootloader.
Based on diffs from Heinrich Schuchardt and Alexander Graf.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
[agraf: Fix indentation]
Signed-off-by: Alexander Graf <agraf@suse.de>
1. Since libavb library alone is highly portable, introduce dedicated
Kconfig symbol for AVB bootloader-dependent operations, so it's possible
to build libavb separately. AVB bootloader-dependent operations include:
* Helpers to process strings in order to build OS bootargs.
* Helpers to access MMC, similar to drivers/fastboot/fb_mmc.c.
* Helpers to alloc/init/free avb ops.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
Reported-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Tested-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
In the case that there was no name defined for a partition the
code assumes that name_len is 22 and therefore allocates exactly
that space for a dummy name. But the function sprintf() first
resolves "0x%08llx@0x%08llx" to a string that is longer than 22
bytes. This leads to a buffer overflow. The replacement function
snprintf() limits the copied bytes to name_len and therefore
avoids the buffer overflow.
Signed-off-by: Kay Potthoff <Kay.Potthoff@microsys.de>
While the `env export` can take as parameters variables to be exported,
`env import` does not have such a mechanism of variable selection.
Let's add the ability to add parameters at the end of the command for
variables to be imported.
Every env variable from the env to be imported passed by parameter to
this command will override the value of the variable in the current env.
If a variable exists in the current env but not in the imported env, if
this variable is passed as a parameter to env import, the variable will
be unset ONLY if the -d option is passed to env import, otherwise the
current value of the variable is kept.
If a variable exists in the imported env, the variable in the current
env will be set to the value of the one from the imported env.
All the remaining variables are left untouched.
As the size parameter of env import is positional but optional, let's
add the possibility to use the sentinel '-' for when we don't want to
give the size parameter (when the env is '\0' terminated) but we pass a
list of variables at the end of the command.
env import addr
env import addr -
env import addr size
env import addr - foo1 foo2
env import addr size foo1 foo2
are all valid.
env import -c addr
env import -c addr -
env import -c addr - foo1 foo2
are all invalid because they don't pass the size parameter required for
checking, while the following are valid.
env import addr size
env import addr size foo1 foo2
Nothing's changed for the other parameters or the overall behaviour.
One of its use case could be to load a secure environment from the
signed U-Boot binary and load only a handful of variables from an
other, unsecure, environment without completely losing control of
U-Boot.
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Tested-by: Alex Kiernan <alex.kiernan@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The error message should start with `## Error: ` so that it's easily
detectable by tests without needing to have a complex regexp for
matching all possible error message patterns.
Let's add the `## Error: ` prefix to the error messages since it's the
one already in use.
Suggested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The function set_default_env() sets the hashtable flags for import_r().
Formally set_default_env() doesn't accept flags from its callers. In
practice the caller can (un)set the H_INTERACTIVE flag, but it has to be
done using the first character of the function's string argument. Other
flags like H_FORCE can't be set by the caller.
Change the function to accept flags argument. The benefits are:
1. The caller will have to explicitly set the H_INTERACTIVE flag,
instead of un-setting it using a special char in a string.
2. Add the ability to propagate flags from the caller to himport(),
especially the H_FORCE flag from do_env_default() in nvedit.c that
currently gets ignored for "env default -a -f" commands.
3. Flags and messages will not be coupled together. A caller will be
able to set flags without passing a string and vice versa.
Please note:
The propagation of H_FORCE from do_env_default() does not introduce any
functional changes, because currently himport_r() is set to destroy the
old environment regardless if H_FORCE flag is set or not. More changes
are needed to utilize the propagation of H_FORCE.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The function set_default_vars() in common.c adds H_INTERACTIVE to the
h_import() flag, but the function has no way of telling if the command
actually was user directed like this flag suggest. The flag should be
set by the calling function do_env_default() in nvedit.c instead, where
the command is certainty user directed.
Move the H_INTERACTIVE flag from set_default_vars() to do_env_default().
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The env_flag in do_env_default() doesn't get propagated and therefore
gets ignored by himport_r(). This breaks to ability to "forcibly" reset
variables to their default values using the environment command.
Scenario example of the problem:
# setenv kernel uImage
# setenv .flags kernel:so
# env default -f kernel
## Error: Can't overwrite "kernel"
himport_r: can't insert "kernel=zImage" into hash table
Change the call path so it will pass the flag correctly.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The naming convention for flags in nvedit.c is:
* The hashtable flag (defined in search.h) is named "env_flag"
* The command flag argument (defined in command.h) is named "flag"
This convention is kept in functions like do_env_print(), do_env_set()
and do_env_delete(), but not in do_env_default().
Rename the hashtable flag in do_env_default() from "flag" to "env_flag".
Rename the command flag in do_env_default() from "__flag" to "flag".
No functional change.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Reviewed-by: Igor Grinberg <grinberg@compulab.co.il>
When sourcing a FIT format script, if we've not been told the unit name
to use, look for a default property at the root of /images to work out
which unit we should use.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When trying to attach an UBI MTD partition via "ubi part", it may happen
that the MTD partition defined in U-Boot (via mtdparts) is not big
enough than the one, where the UBI device has been created on. This
may lead to errors, which are not really descriptive to debug and
solve this issue, like:
ubi0 error: vtbl_check: too large reserved_pebs 1982, good PEBs 1020
ubi0 error: vtbl_check: volume table check failed: record 0, error 9
or:
ubi0 error: init_volumes: not enough PEBs, required 1738, available 1020
ubi0 error: ubi_wl_init: no enough physical eraseblocks (-718, need 1)
ubi0 error: ubi_attach_mtd_dev: failed to attach mtd1, error -12
Lets add an additional message upon attach failure, to aid the U-Boot
user to solve this problem.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Heiko Schocher <hs@denx.de>
When using static volumes, the file size stored in the volume is
determined at runtime. Currently the ubi command prints the file
size specified on the console, which leads to a rather confusing
series of messages:
# ubi read ${fdt_addr_r} testvol
Read 0 bytes from volume testvol to 82000000
No size specified -> Using max size (179924992)
Make sure to print the actual size read in any case:
# ubi read ${fdt_addr_r} testvol
No size specified -> Using max size (179924992)
Read 179924992 bytes from volume testvol to 82000000
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Currently we can choose between 2 different types of behavior for the
serverip variable:
1) Always overwrite it with the DHCP server IP address (default)
2) Ignore what the DHCP server says (CONFIG_BOOTP_SERVERIP)
This patch adds a 3rd option:
3) Use serverip from DHCP if no serverip is given
(CONFIG_BOOTP_PREFER_SERVERIP)
With this new option, we can have the default case that a boot file gets
loaded from the DHCP provided TFTP server work while allowing users to
specify their own serverip variable to explicitly use a different tftp
server.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
We can call commands like dhcp and bootp without arguments or with
explicit command line arguments that really should tell the code where
to look for files instead.
Unfortunately, the current code simply overwrites command line arguments
in the dhcp case with dhcp values.
This patch allows the code to preserve the command line values if they
were set on the command line. That way the semantics are slightly more
intuitive.
The reason this patch does that by introducing a new variable is that we
can not rely on net_boot_file_name[0] being unset, as today it's
completely legal to call "dhcp" and afterwards run "tftp" and expect the
latter to repeat the same query as before. I would prefer not to break
that behavior in case anyone relies on it.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Add a new command 'wol': Wait for an incoming Wake-on-LAN packet or
time out if no WoL packed is received.
If the WoL packet contains a password, it is saved in the environment
variable 'wolpassword' using the etherwake format (dot or colon
separated decimals).
Intended use case: a networked device should boot an alternate image.
It's attached to a network on a client site, modifying the DHCP server
configuration or setup of a tftp server is not allowed.
After power on the device waits a few seconds for a WoL packet. If a
packet is received, the device boots the alternate image. Otherwise
it boots the default image.
This method is a simple way to interact with a system via network even
if only the MAC address is known. Tools to send WoL packets are
available on all common platforms.
Some Ethernet drivers seem to pad the incoming packet. The additional
padding bytes might be recognized as Wake-on-LAN password bytes.
By default enabled in pengwyn_defconfig.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
ACPI tables can be passed via EFI configuration table to an EFI
application. This is only supported on x86 so far.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Each entry of the EFI memory descriptors occupies map->desc_size,
not sizeof(struct efi_mem_desc).
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add option to the booti_setup() which indicates to it that the caller
requires the image to be relocated to the beginning of the RAM and
that the information whether the image can be located anywhere in RAM
at 2 MiB aligned boundary or not is to be ignored. This is useful ie.
in case the Image is wrapped in another envelope, ie. fitImage and not
relocating it but moving it would corrupt the envelope.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-By: Bin Chen <bin.chen@linaro.org>
Don't continue updating the offset when buffer is full.
When the buffer size exhausts and there's no space left to write
warn the user and update only the needed size and not both the
offset and needed size.
Add needed buffer size information in the iotrace command.
Signed-off-by: Ramon Fried <ramon.fried@gmail.com>
Add dump trace command which dump all trace
buffer content in a much more readable fashion
than md.
Signed-off-by: Ramon Fried <ramon.fried@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
avb init - initialize avb2 subsystem
avb read_rb - read rollback index
avb write_rb - write rollback index
avb is_unlocked - check device lock state
avb get_uuid - read and print uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chain
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
A few minor fixes for the release:
- Compile fixes
- HI20 relocations for RISC-V
- Fix bootefi without load path
- Fix Runtime Services with certain compilers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJbIp83AAoJECszeR4D/txg98QQAKjmnamRAJDWg5L2ZW9O8F6X
wtpVu5O9A6C8mVnt1RICPX2zgeeZ/Hx+2NIkvzj9rOon6CNt9ofNgefKJs9i7lI2
JOCZM9In66lGJUtNvMhbmFfWboa4DZN3bhbzU0h+clErMlcXaaatEOewUHfYTSzj
MxwQGktESvGOvZVcKPUXnFqd4dNFnBUF7yC9R903L3LXfAtSZZwmyhoEpNeUY6PK
1KMsycOmb5alZ90QzxAsWNTMDysnwmMXZmFTyFms3uy/NlMion+p2Wx6PQJK8woT
ImMhAF7B4c/C+Qa2n2oGrFIjSJi/8oDupKT2tLMcFEZWkyXoHbDLm2vAADBLVWIB
9IoxOt+N+ZVI+RSUbG0MI3aNzOcbIhXb3XwSbBnvsSabT9Uv1GMCRZfAKyROJCVR
jZx2xvOEsJZrgbPe3fM7UUlwYvOOvc+dKGYj+PjnoS8egq676GguMgGgI9PLsJOx
S0350+lhyVkKaSJOsTaeIFoExMrvSOmFSRl2KI1eDASwYIBI/afMIK3pgIcI4W4B
rRYGpF7jIcQzw11mEpu4DnC/yqJFmF60EywTY+pbvPKsW0GUSJ2Lt7h7f4eL1cgo
/za3FK1mzONKQqT6imvy3E/qWam7E58jG+W0TuQsOBH7L/1YerFmtHNnwysPUOCm
qGHYKbPExzeLtPsVsWol
=/PaA
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-06-14
A few minor fixes for the release:
- Compile fixes
- HI20 relocations for RISC-V
- Fix bootefi without load path
- Fix Runtime Services with certain compilers
When we boot using memdp (bootefi on an address without previous
load that populates the device path) then the memory device path
we pass in is not backed by any handle.
That can result in weird effects. For example grub gets very grumpy
about this inside the efi_net module and just loops endlessly.
So let's expose a simple handle that the memory device path is backed
on. That way any code that looks for the device the dp is on, finds
one.
Signed-off-by: Alexander Graf <agraf@suse.de>
After the commit 9b643e312d ("treewide: replace with error() with
pr_err()"), there are some pr_err() with no line break. Add missing
line breaks.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
For distro-boot, the TIMEOUT directive in the boot script specifies
how long to pause in units of 1/10 sec. [1]
Commit 8594753ba0 ("menu: only timeout when menu is displayed")
corrected this by simply dividing the timeout value by 10 in
menu_interactive_choice().
I see two problems:
- For example, "TIMEOUT 5" should wait for 0.5 sec, but the current
implementation cannot handle the granularity of 1/10 sec.
In fact, it never breaks because "m->timeout / 10" is zero,
which means no timeout.
- The menu API is used not only by cmd/pxe.c but also by
common/autoboot.c . For the latter case, the unit of the
timeout value is _second_ because its default is associated
with CONFIG_BOOTDELAY.
To fix the first issue, use DIV_ROUND_UP() so that the timeout value
is rounded up to the closest integer.
For the second issue, move the division to the boundary between
cmd/pxe.c and common/menu.c . This is a more desirable place because
the comment of struct pxe_menu says:
* timeout - time in tenths of a second to wait for a user key-press before
* booting the default label.
Then, the comment of menu_create() says:
* timeout - A delay in seconds to wait for user input. If 0, timeout is
* disabled, and the default choice will be returned unless prompt is 1.
[1] https://www.syslinux.org/wiki/index.php?title=SYSLINUX#TIMEOUT_timeout
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Do not use anonymous constants when calling efi_allocage_pages.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The UEFI spec mandates that unaligned memory access should be enabled if
supported by the CPU architecture.
This patch adds an empty weak function unaligned_access() that can be
overridden by an architecture specific routine.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Remove a superfluous call to efi_init_obj_list() invoked by
'bootefi selftest'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
