GitLab

Do not use data from the loaded image object after deleting it.

Fixes: 126a43f1

 ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Add missing commas.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

When calling ExitBootServices during out unit tests we should not detach
devices as we need console output for runtime tests.

Fixes: 529441ca

 ("efi_loader: Disable devices before handing over control")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

If ChildHandle indicates the sole child of the driver, disconnect the
driver.

This fixes the test results for UEFI SCT 2.6 A
sub-tests 5.1.3.12.43, 5.1.3.12.44, 5.1.3.12.45.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

U-Boot Driver Model is supposed to remove devices with either
DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting.
Our bootm command does that by explicitly calling calling
"dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any
USB devices.

The EFI equivalent is doing none of those at the moment. As a result
probing an fTPM driver now renders it unusable in Linux. During our
(*probe) callback we open a session with OP-TEE, which is supposed to
close with our (*remove) callback. Since the (*remove) is never called,
once we boot into Linux and try to probe the device again we are getting
a busy error response. Moreover all uclass (*preremove) functions won't
run.

So let's fix this by mimicking what bootm does and disconnect devices
when efi_exit_boot_services() is called.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Order header files according to https://www.denx.de/wiki/U-Boot/CodingStyle

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

The image size is checked in efi_load_pe(). Avoid checking it twice.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Provide function descriptions for efi_save_gd() and efi_restore_gd().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Don't call calloc(0, ..).
Consider return value of efi_get_child_controllers().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.

In the UEFI sub-system we need to save gd when leaving to UEFI binaries and
have to restore gd when reentering U-Boot.

Define a new function set_gd() for setting gd and use it in the UEFI
sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>

Move this header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>

With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

The assigned value NULL is never used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Provide a sober description of how control can be returned by a UEFI
binary.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Add guidcpy function to copy the source guid to the destination
guid. Use this function instead of memcpy for copying to the
destination guid.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

Use void * instead of efi_guid_t * for arguments to allow copying unaligned
GUIDs. The GUIDs of configuration tables are __packed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Move these two functions into the irq_funcs.h header file. Also move
interrupt_handler_t as this is used by the irq_install_handler() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

This function belongs in time.h so move it over and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

DisconnectController() should never return EFI_NOT_FOUND.
If EFI_DRIVER_BINDING_PROTOCOL.Stop() fails, return EFI_DEVICE_ERROR.

If the driver handle does not expose the EFI_DRIVER_BINDING_PROTOCOL
return EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

GRUB on ARM 32bit prior to version 2.04 lacks proper handling of caches.
In U-Boot v2019.04 a workaround for this was inadvertently removed.

The workaround is currently also needed for booting on systems with caches
that cannot be managed via CP15 (e.g. with an i.MX6 CPU).

Re-enable the workaround and make it customizable.

Fixes: f69d63fa

 ("efi_loader: use efi_start_image() for bootefi")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Add missing colons after parameter descriptions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

scripts/kernel-doc pointed out some errors in the function comments in
efi_boottime.c.

Add missing and remove superfluous parameter descriptions.
Escape * in a function description.
Add empty lines for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Implement the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.

This requires allocating the event and the event list from runtime data.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Linux can be called with a command line parameter efi=novamap, cf.
commit 4e46c2a95621 ("efi/arm/arm64: Allow SetVirtualAddressMap() to be
omitted"). In this case SetVirtualAddressMap() is not called after
ExitBootServices().

OpenBSD 32bit does not call SetVirtualAddressMap() either.

Runtime services must be set to an implementation supported at runtime
in ExitBootServices().
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Suggested-by: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Our variable services are only provided at boottime. Therefore when
leaving boottime the variable function are replaced by dummy functions
returning EFI_UNSUPPORTED. Move this patching of the runtime table to the
variable services implementation. Executed it in ExitBootServices().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Some entries in the system table are set to NULL in ExitBootServices(). We
had them in the runtime detach list to avoid relocation of NULL. Let's
instead assign the pointers dynamically in efi_initialize_system_table() to
avoid the relocation entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Leave only a single space after * if not aligning.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

When setting up the system table avoid superfluous void * conversions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Always use EFI_EXIT() to return from the function.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

If an image already has been started, return EFI_INVALID_PARAMETER when
StartImage() is called for the same handle again.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

If the file path does not relate to an existing file, LoadImage() must
return EFI_NOT_FOUND.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

If both SourceBuffer and DevicePath are NULL, LoadImage() must return
EFI_INVALID_PARAMETER.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Up to now we have only been using a flag queued for events. But this does
not satisfy the requirements of the UEFI spec. Events must be notified in
the sequence of decreasing TPL level and within a TPL level in the sequence
of signaling.

Implement a queue for signaled events.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

ExitBootServices() has to stop timer related activity before calling the
events of the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. But our
current implementation was stopping all other events.

All events have to observe the task priority level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

If an event is already in the signaled state, SignalEvent should not queue
the notification function but simply return EFI_SUCCESS.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

In a following patch efi_signal_event() will only queue an event if it is
not signaled.

Set the is_signaled status to false before signaling the event.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>