Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.
Provide a configuration option to make the boot manager available.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A boot manager like GRUB can use the protocol to
* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a efidebug subcommand to initiate a firmware update using the efi
firmware management protocol(fmp) set_image routine.
The firmware update can be initiated through
'efidebug capsule disk-update'
This would locate the efi capsule file on the efi system partition,
and call the platform's set_image fmp routine to initiate the firmware
update.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
"efidebug capsule" is more or less a debugging utility.
efidebug capsule update: invoke UpdateCapsule against data on memory
efidebug capsule show: show a capsule header
efidebug capsule result: dump a capsule result variable
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A previous commit is adding EFI_TCG2_PROTOCOL, which in it's eventlog
support registers an EFI configuration table.
Let's add the necessary GUID so 'efidebug table' command can display
table names properly.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add the Random Number Generator (RNG) protocol to the GUIDs that the
'efidebug dh' protocol can replace by a text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable load_options must be initialized to NULL to avoid a segmentation
fault when freeing the memory this variable points to.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For passing the optional data of the load option to the loaded imaged
protocol we need its size.
efi_deserialize_load_option() is changed to return the size of the optional
data.
As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.
Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.
Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI 2.8 specification has introduced the EFI_MEMORY_SP memory
attribute. Add it to the 'efidebug memmap' and 'efi mem' commands.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
With the previous patches that use OP-TEE and StandAloneMM for UEFI
variable storage we've added functionality for efi_query_variable_info.
So let's add the relevant command to efidebug and retrieve information
about the container used to store UEFI variables
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Compiling with -Wtype-limits yields:
cmd/efidebug.c:968:32: error: comparison is always false due to limited
range of data type [-Werror=type-limits]
968 | if (*endp != '\0' || bootnext > 0xffff) {
|
Remove the superfluous check.
Fixes: 59df7e7e77 ("cmd: add efidebug command")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The check here, "Null pointer dereferences," is a false positive.
So leave a comment.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Coverity (CID 300329)
Coverity detected a dead code, but actually there is a bug in a check
against a number of arguments. So simply fix it.
Reported-by: Coverity (CID 300330)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not to refer to a function via the run-time or boot services
tables if the function is exported.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* don't copy GUIDs for no reason
* shorten print format strings by using variable names
* don't use the run-time table to access exported functions
* check the result of malloc() (fixes Coverity CID 300331)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For EFI_PERSISTENT_MEMORY_TYPE the 'efidebug memmap' command produces an
illegal memory access.
* Add the missing descriptive string for EFI_PERSISTENT_MEMORY_TYPE.
* Replace the check for EFI_MAX_MEMORY_TYPE by the ARRAY_SIZE() macro.
Reported-by: Coverity (CID 300336)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Do not recreate a variable name that we already have as u16 string.
* Check the return value of malloc()
* EFI_NOT_FOUND cannot occur for a variable name returned by
GetNextVariableName(). Remove a print statement.
* Don't copy a GUID for no reason.
* Don't use the run-time service table to call exported functions.
* Don't pass NULL to show_efi_boot_opt_data() (fixes Coverity CID 300338).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
On 32 bit systems fix
warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
Fixes: a415d61eac ("cmd: map addresses to sysmem in efidebug memmap")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Addresses in the sandbox's device tree are in the sandbox's virtual address
space. If we want to compare memory reservations in the device-tree with
the output of 'efidebug memmap', we need to convert back to this address
space.
Adjust the output of the 'efidebug memmap' command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add the missing line feed at the error message if the variable referred to
by 'efidebug boot rm' does not exist.
Shorten the format string by using the variable name instead of the number
of the boot variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is a wrong usage of utf8_utf16_strncpy() in "boot rm" command, and
then it will end up with a failure of this command due to a wrong
value of an interim variable ("var_name16").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
When we hit a matching GUID we can directly return the text. There is no
need for a check after the loop.
efi_guid_t is defined as 8 byte aligned but GUIDs in packed structures do
not follow this alignment. Do not require the argument of get_guid_text()
to be correctly aligned.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
I detected the following error in sandbox with Clang on Travis CI:
+cmd/efidebug.c:703:15: error: result of comparison of constant
9223372036854775822 with expression of type 'int' is always false
[-Werror,-Wtautological-constant-out-of-range-compare]
+ else if (ret == EFI_NOT_FOUND)
+ ~~~ ^ ~~~~~~~~~~~~~
Simply changing a type of 'ret' to efi_status_t will fix this error.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
make htmldocs produces a warning:
./cmd/efidebug.c:733: WARNING: Unexpected indentation.
Correct the indentation.
Remove 'See above for details of sub-commands.' which is not helpful in the
Sphinx generated documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_status_t and int are of different size. Use separate variables for
return codes of different type.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Boot####, BootOrder and BootNext should be non-volatile.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The field boot OptionalData in structure _EFI_LOAD_OPTIONS is for binary
data.
When we use `efidebug boot add` we should convert the 5th argument from
UTF-8 to UTF-16 before putting it into the BootXXXX variable.
When printing boot variables with `efidebug boot dump` we should support
the OptionalData being arbitrary binary data. So let's dump the data as
hexadecimal values.
Here is an example session protocol:
=> efidebug boot add 00a1 label1 scsi 0:1 doit1 'my option'
=> efidebug boot add 00a2 label2 scsi 0:1 doit2
=> efidebug boot dump
Boot00A0:
attributes: A-- (0x00000001)
label: label1
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit1
data:
00000000: 6d 00 79 00 20 00 6f 00 70 00 74 00 69 00 6f 00 m.y. .o.p.t.i.o.
00000010: 6e 00 00 00 n...
Boot00A1:
attributes: A-- (0x00000001)
label: label2
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit2
data:
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently in do_efi_boot_dump(), we directly read EFI variables from
related environment variables. To accommodate alternative storage
backends, we should switch to using the UEFI API instead.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The `efidebug dh` command shows handles and the installed protocols. For
most of the protocols implemented by U-Boot a short text was shown. But for
some only the GUID was displayed.
Provide the missing short texts for the following protocols: HII String,
HII Database, HII Config Routing, Simple Network, PXE Base Code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should consistently use the same name for protocol GUIDs as defined in
the UEFI specification. Not adhering to this rule has led to duplicate
definitions for the EFI_LOADED_IMAGE_PROTOCOL_GUID.
Adjust misnamed protocol GUIDs.
Adjust the text for the graphics output protocol in the output of the
`efidebug dh` command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In `efidebug boot add iPXE scsi 0:1 snp-arm64.efi --foo` a parameter is
missing. Hence the command should not silently return as if everything were
ok but should display the usage info.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Alexander Graf <agraf@csgraf.de>
"drivers" command prints all the uefi drivers on the system.
=> efi drivers
Driver Name Image Path
================ ==================== ====================
000000007ef003d0 <NULL> <built-in>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
"devices" command prints all the uefi variables on the system.
=> efi devices
Scanning disk ahci_scsi.id0lun0...
Scanning disk ahci_scsi.id1lun0...
Found 4 disks
Device Device Path
================ ====================
000000007ef07ea0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000000007ef00c10 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(0,0)
000000007ef00dd0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)
000000007ef07be0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)/HD(1,MBR,0x086246ba,0x800,0x40000)
000000007ef07510 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(1,0)/HD(2,MBR,0x086246ba,0x40800,0x3f800)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently, there is no easy way to add or modify UEFI variables.
In particular, bootmgr supports BootOrder/BootXXXX variables, it is
quite hard to define them as u-boot variables because they are represented
in a complicated and encoded format.
The new command, efidebug, helps address these issues and give us
more friendly interfaces:
* efidebug boot add: add BootXXXX variable
* efidebug boot rm: remove BootXXXX variable
* efidebug boot dump: display all BootXXXX variables
* efidebug boot next: set BootNext variable
* efidebug boot order: set/display a boot order (BootOrder)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
