Commit Graph

3194 Commits

Author SHA1 Message Date
Heinrich Schuchardt
b571b3acda efi_loader: fix efi_add_known_memory()
In efi_add_known_memory() we currently call board_get_usable_ram_top() with
an incorrect value 0 of parameter total_size. This leads to an incorrect
value for ram_top depending on the code in board_get_usable_ram_top().

Use the value of gd->ram_top instead which is set before relocation by
calling board_get_usable_ram_top().

Fixes: 7b78d6438a ("efi_loader: Reserve unaccessible memory")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-15 18:21:17 +02:00
Simon Glass
3a3543db51 lib: Suppress E when writing error-string output
When CONFIG_ERRNO_STR is not enabled this shows a spurious 'E' from the
format string. Fix this.

Fixes: 7f33194132 ("lib: Support printing an error string")
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-08-09 23:31:11 +08:00
Abdellatif El Khlifi
218b062e8f arm_ffa: efi: introduce FF-A MM communication
Add MM communication support using FF-A transport

This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.

An MM shared buffer and a door bell event are used to exchange
the data.

The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.

The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).

On such event, MM SP can read the data and updates the MM shared
buffer with the response data.

The response data is copied back to the communication buffer and
consumed by the EFI subsystem.

MM communication protocol supports FF-A 64-bit direct messaging.

We tested the FF-A MM communication on the Corstone-1000 platform.

We ran the UEFI SCT test suite containing EFI setVariable, getVariable and
getNextVariable tests which involve FF-A MM communication and all tests
are passing with the current changes.

We made the SCT test reports (part of the ACS results) public following the
latest Corstone-1000 platform software release. Please find the test
reports at [1].

[1]: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000/CORSTONE1000-2023.06/acs_results_fpga.zip

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2023-08-08 10:22:03 -04:00
Abdellatif El Khlifi
7048f26ccb lib: uuid: introduce uuid_str_to_le_bin function
convert UUID string to little endian binary data

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
2023-08-08 10:22:03 -04:00
Oleksandr Suvorov
af62d83cc0 spl: move SPL_CRC32 option to lib/Kconfig
All SPL hash algorithm options are collected in lib/Kconfig. Move
SPL_CRC32 there as well.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-07 13:41:44 -04:00
Masahisa Kojima
cd87d2c61c efi_loader: check uuid_str_to_bin return value
Check the uuid_str_to_bin return value, skip the node
if the image-type-id property is wrong format.

Addresses-Coverity-ID: 463145 ("Error handling issues")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-03 09:21:03 +02:00
Heinrich Schuchardt
405b736e81 efi_loader: catch out of memory in file_open
If calloc() return NULL, don't dereference it.

Fixes: 2a92080d8c ("efi_loader: add file/filesys support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:03 +02:00
Heinrich Schuchardt
cff7700170 efi_loader: error handling in efi_disk_add_dev
* If an error occurs in efi_disk_add_dev(), don't leak resources.
* If calloc() fails while creating the file system protocol interface,
  signal an error.
* Rename efi_simple_file_system() to efi_create_simple_file_system().
* Drop a little helpful debug message.

Fixes: 2a92080d8c ("efi_loader: add file/filesys support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:03 +02:00
Heinrich Schuchardt
ecae4bbf35 efi_loader: memory leak efi_add_memory_map_pg
Don't leak newlist if we error out.

Fixes: 74c16acce3 ("efi_loader: Don't allocate from memory holes")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Heinrich Schuchardt
257a498fbb efi_loader: out of memory in efi_mem_carve_out
Handle out of memory situation in efi_mem_carve_out().

Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Heinrich Schuchardt
48d183f2ac efi_loader: overflow in efi_allocate_pages
On 32bit systems (pages << EFI_PAGE_SHIFT) may lead to an overflow which
does not occur in 64bit arithmetics.

An overflow of (pages << EFI_PAGE_SHIFT) on 64bit systems should be treated
as an error.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-03 09:21:02 +02:00
Heinrich Schuchardt
d12c3efe53 efi_loader: error handling in tcg2_hash_pe_image()
If the hard coded array hash_algo_list[] contains an entry for an
unsupported algorithm, we should not leak resources new_efi and regs.

We should still extend the log with the digests for the supported
algorithms and not write any message.

The same holds true of tcg2_create_digest(): just continue in case
hash_algo_list[] contains an unsupported entry.

Fixes: 163a0d7e2c ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Heinrich Schuchardt
ba27563093 efi_loader: out of memory in efi_add_memory_map_pg
Handle out of memory situation in efi_add_memory_map_pg().

Fixes: 5d00995c36 ("efi_loader: Implement memory allocation and map")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Heinrich Schuchardt
b52a277f9b efi_selftest: remove superfluous assignments
In test_hii_database_list_package_lists() 'ret' is used for the return code
of EFI API calls and 'result' for the return value of the function. Writing
EFI_ST_FAILURE to ret is superfluous.

Fixes: 4c4fb10da2 ("efi_selftest: add HII database protocols test")
Fixes: ee3c8ba855 ("efi_selftest: fix memory allocation in HII tests")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Dan Carpenter
dae236924c efi_loader: fix an IS_ERR() vs NULL check
The efi_parse_pkcs7_header() function returns NULL on error so the check
for IS_ERR() should be changed to a NULL check.

Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-03 09:21:02 +02:00
AKASHI Takahiro
1b7e469a66 efi_loader: capsule: enforce guid check in api and capsule_on_disk
While UPDATE_CAPSULE api is not fully implemented, this interface and
capsule-on-disk feature should behave in the same way, especially in
handling an empty capsule for fwu multibank, for future enhancement.

So move the guid check into efi_capsule_update_firmware().

Fixed: commit a6aafce494 ("efi_loader: use efi_update_capsule_firmware() for capsule on disk")
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-03 09:21:02 +02:00
Dan Carpenter
829445382c efi_loader: Fix memory corruption on 32bit systems
It's pretty unlikely that anyone is going to be using EFI authentication
on a 32bit system.  However, if you did, the efi_prepare_aligned_image()
function would write 8 bytes of data to the &efi_size variable and it
can only hold 4 bytes so that corrupts memory.

Fixes: 163a0d7e2c ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-03 09:21:02 +02:00
Dan Carpenter
a7eb8aeccb efi_loader: fix uninitialized variable bug in efi_set_load_options()
Check for efi_search_protocol() failure before dereferencing "handler"
to avoid a crash.

Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
2023-07-28 11:36:37 +02:00
Ilias Apalodimas
54edc37a22 efi_loader: make efi_delete_handle() follow the EFI spec
The EFI doesn't allow removal of handles, unless all hosted protocols
are cleanly removed.  Our efi_delete_handle() is a bit intrusive.
Although it does try to delete protocols before removing a handle,
it doesn't care if that fails.  Instead it only returns an error if the
handle is invalid. On top of that none of the callers of that function
check the return code.

So let's rewrite this in a way that fits the EFI spec better.  Instead
of forcing the handle removal, gracefully uninstall all the handle
protocols.  According to the EFI spec when the last protocol is removed
the handle will be deleted.  Also switch all the callers and check the
return code. Some callers can't do anything useful apart from reporting
an error.  The disk related functions on the other hand, can prevent a
medium that is being used by EFI from removal.

The only function that doesn't check the result is efi_delete_image().
But that function needs a bigger rework anyway, so we can clean it up in
the future

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-28 11:36:37 +02:00
Heinrich Schuchardt
d0544244b1 efi_loader: simplify dp_fill()
Move the recursive dp_fill(dev->parent) call to a single location.
Determine uclass_id only once.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-28 11:36:37 +02:00
Heinrich Schuchardt
c227ef7c4a efi_loader: device paths for special block devices
The UEFI specification does not provide node types matching UCLASS_BLKMAP,
UCLASS_HOST, UCLASS_VIRTIO block devices.

The current implementation uses VenHw() nodes with uclass specific GUIDs
and a single byte for the device number appended. This leads to unaligned
integers in succeeding device path nodes.

The current implementation fails to create unique device paths for block
devices based on other uclasses like UCLASS_PVBLOCK.

Let's use a VenHw() node with the U-Boot GUID with a length dividable by
four and encoding blkdesc->uclass_id as well as  blkdesc->devnum.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-28 11:36:37 +02:00
Michal Simek
b378fdd1ff fwu: Show number of attempts in Trial State
It is not visible anywhere in Trial State if this is the first, second, etc
attempt that's why show a message to be aware about status.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Michal Simek
395ab12b5f fwu: mtd: Fix dfu_alt_info generation for 2 images per bank
Code rewrites the last char of size with adding &. It is visible from
dfu_alt_info print before this patch:

Make dfu_alt_info: 'mtd nor0=bank0 raw 2320000 80000;bank1 raw 27a0000
8000&mtd nor0=bank0 raw 23a0000 4000000;bank1 raw 2820000 4000000'

And after it:
Make dfu_alt_info: 'mtd nor0=bank0 raw 2320000 80000;bank1 raw 27a0000
80000&mtd nor0=bank0 raw 23a0000 4000000;bank1 raw 2820000 4000000'

Size for bank0 and bank1 must be the same because it is the same image.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Michal Simek
a6dd927f5b fwu: Allow code to properly decode trial state
Current code after capsule update (mtd write) is not changing active_index
in mdata to previous_active_index.
On the reboot this is shown but showing message
"Boot idx 1 is not matching active idx 0, changing active_idx"
which is changing active_idx and writing mdata to flash.

But when this message is visible it is not checking which state that images
are. If they have acceptance bit setup to yes everything is fine and valid
images are booted (doesn't mean the latest one).
But if acceptance bit is no and images are in trial state in_trial variable
is never setup. Which means that from new flashed image stable image can be
rewritten because in_trial is not setup properly.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
2023-07-25 12:44:46 -04:00
Mattijs Korpershoek
b1aade87ca lib: sparse: allocate FASTBOOT_MAX_BLK_WRITE instead of small number
Commit 62649165cb ("lib: sparse: Make CHUNK_TYPE_RAW buffer aligned")
fixed cache alignment for systems with a D-CACHE.

However it introduced some performance regressions [1] on system
flashing huge images, such as Android.

On AM62x SK EVM, we also observe such performance penalty:
Sending sparse 'super' 1/2 (768793 KB)             OKAY [ 23.954s]
Writing 'super'                                    OKAY [ 75.926s]
Sending sparse 'super' 2/2 (629819 KB)             OKAY [ 19.641s]
Writing 'super'                                    OKAY [ 62.849s]
Finished. Total time: 182.474s

The reason for this is that we use an arbitrary small buffer
(info->blksz * 100) for transferring.

Fix it by using a bigger buffer (info->blksz * FASTBOOT_MAX_BLK_WRITE)
as suggested in the original's patch review [2].

With this patch, performance impact is mitigated:
Sending sparse 'super' 1/2 (768793 KB)             OKAY [ 23.912s]
Writing 'super'                                    OKAY [ 15.780s]
Sending sparse 'super' 2/2 (629819 KB)             OKAY [ 19.581s]
Writing 'super'                                    OKAY [ 17.192s]
Finished. Total time: 76.569s

[1] https://lore.kernel.org/r/20221118121323.4009193-1-gary.bisson@boundarydevices.com
[2] https://lore.kernel.org/r/all/43e4c17c-4483-ec8e-f843-9b4c5569bd18@seco.com/

Fixes: 62649165cb ("lib: sparse: Make CHUNK_TYPE_RAW buffer aligned")
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2023-07-25 12:44:46 -04:00
Tom Rini
94e7cb181a Revert "Merge branch '2023-07-24-introduce-FF-A-suppport'"
This reverts commit d927d1a808, reversing
changes made to c07ad9520c.

These changes do not pass CI currently.

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-07-24 19:51:05 -04:00
Abdellatif El Khlifi
aabbc2f8b2 arm_ffa: efi: introduce FF-A MM communication
Add MM communication support using FF-A transport

This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.

An MM shared buffer and a door bell event are used to exchange
the data.

The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.

The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).

On such event, MM SP can read the data and updates the MM shared
buffer with the response data.

The response data is copied back to the communication buffer and
consumed by the EFI subsystem.

MM communication protocol supports FF-A 64-bit direct messaging.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
2023-07-24 15:30:03 -04:00
Abdellatif El Khlifi
5d24a43585 lib: uuid: introduce uuid_str_to_le_bin function
convert UUID string to little endian binary data

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
2023-07-24 15:30:02 -04:00
Manorit Chawdhry
dfe00b34ce lib: Kconfig: k3: Enable SHA512 for fit signature
We are using our custMpk for signing that is a 4096 bit key, 4096 bit
rsa key requires a SHA512 hashing algorithm to be enabled as per the
source. Even though it is not mandated but this is how it works and is
tested.

Enables SHA512 if fit signature is enabled on K3 platforms.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-07-21 22:07:46 -04:00
Heinrich Schuchardt
e07368ea57 efi_loader: support all uclasses in device path
On devices with multiple USB mass storage devices errors like

    Path /../USB(0x0,0x0)/USB(0x1,0x0)/Ctrl(0x0)
    already installed.

are seen. This is due to creating non-unique device paths. To uniquely
identify devices we must provide path nodes for all devices on the path
from the root device.

Add support for generating device path nodes for all uclasses.

Reported-by: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-20 09:12:50 +02:00
Heinrich Schuchardt
dc7a2f1d9f efi_loader: fix dp_fill() for BLKMAP, HOST, VIRTIO
Do not assume that the preceding device path contains a single VenHW node.
Instead use the return value of dp_fill() which provides the address of the
next node.

Fixes: 23ad52fff4 ("efi_loader: device_path: support Sandbox's "host" devices")
Fixes: 19ecced71c ("efi_loader: device path for virtio block devices")
Fixes: 272ec6b453 ("efi_loader: device_path: support blkmap devices")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-07-20 09:12:50 +02:00
Masahisa Kojima
06fc19ca4d efi_driver: fix duplicate efiblk#0 issue
The devnum value of the blk_desc structure starts from 0,
current efi_bl_create_block_device() function creates
two "efiblk#0" devices for the cases that blk_find_max_devnum()
returns -ENODEV and blk_find_max_devnum() returns 0(one device
found in this case).

This commit uses blk_next_free_devnum() instead of blk_find_max_devnum().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-20 09:12:50 +02:00
Ilias Apalodimas
21eb7c16ec efi_loader: make efi_remove_protocol() static
A previous patch is removing the last consumer of efi_remove_protocol().
Switch that to static and treat it as an internal API in order to force
users install and remove protocols with the appropriate EFI functions.

It's worth noting that we still have files using efi_add_protocol().  We
should convert all these to efi_install_multiple_protocol_interfaces()
and treat efi_add_protocol() in a similar manner

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Ilias Apalodimas
4a3baf9da6 efi_loader: use efi_install_multiple_protocol_interfaces()
The TCG2 protocol currently adds and removes protocols with
efi_(add/remove)_protocol().

Removing protocols with efi_remove_protocol() might prove
problematic since it doesn't call DisconnectController() when
uninstalling the protocol and does not comply with the UEFI specification.

It's also beneficial for readability to have protocol installations and
removals in pairs -- IOW when efi_install_multiple_protocol_interfaces()
is called,  efi_uninstall_multiple_protocol_interfaces() should be used to
remove it.  So let's swap the efi_add_protocol() as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Heinrich Schuchardt
6287021ff9 efi_loader: simplify efi_uninstall_protocol()
The call to efi_search_obj() is redundant as the function is called in
efi_search_protocol() too.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-20 09:12:50 +02:00
Tom Rini
13aa090b87 Merge https://source.denx.de/u-boot/custodians/u-boot-x86
- bootstd: Add a bootmeth for ChromiumOS on x86
- x86: Use qemu-x86_64 to boot EFI installers
2023-07-17 10:38:28 -04:00
Simon Glass
085f8db6b9 efi: Use the installed ACPI tables
U-Boot sets up the ACPI tables during startup. Rather than creating a
new set, install the existing ones. Create a memory-map record to cover
the tables.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-07-17 17:23:15 +08:00
Simon Glass
3710802ebf efi: Show all known UUIDs with CONFIG_CMD_EFIDEBUG
The CMD_EFIDEBUG option enables debugging so it is reasonable to assume
that all effects should be made to decode the dreaded UUIDs favoured by
UEFI.

Update the table to show them all when CONFIG_CMD_EFIDEBUG is enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2023-07-17 17:12:07 +08:00
Tom Rini
3a7a17dbdc Pull request efi-2023-10-rc1
Documentation:
 
 * enhance UEFI anti-rollback documentation
 
 EFI:
 
 * Reconnect drivers if UninstallProtocol fails
 * Prefer short device paths for boot options
 * Fix error handling when updating boot options for block devices
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmSyctkACgkQxIHbvCwF
 GsQowA//X8yryuuYnXu1z2/L9GWeIi/467M4xulThHgODq7NaUAZw+hOa/roQ8ND
 HbVzdkU/ZROmYlC/+nAPPCIPodYryvjrLtPflBIxQy1hf4NlVCJGFTqZM+uJGe9b
 kjXuKAd7oAUIbwsDEBF7tBg/lAKn7xhRUbajnd8LGganSWSmYC/kE5ZjPz68Upg+
 K3Smw4BwOI2bdTqJsq2XTMx97k4QDKx8qeAoTkYbHTco/eDTAmMIqKSnl3/rP1lg
 5m1SDAlkxqEvpuyTifaPrQx7chf2b0v5z0iF6yaqDCYb/07GdZLPm3lG3w4stLce
 c0BWS0uCPTW6bvX93QF8hm7ImiEdwzQNMpNl2x+8Zx6RoU0yx/gh4VdtLTTbY7tX
 904m4Tn5Ez6Mtb6/fcAAiVakzTiuf8Zogr7lkDV0jf5UghBrPCM3xqwAwyD5luCX
 huImX6QKzlmiUSM/qzr7i6+PWYp1tMgYwvzwDy9BH1zW9C910HJstiKnvaATdstw
 w3P63x7ryH8hnGV8YjeWs3GBCHHb/8WI5G88dZYjChya0Q1DPsSCA0QzBd+XRhVB
 mb6lGj6pvpmp9UqLP6EQxQpK5jGyIBk5NMs1w2wij0oT6kPeLwcOIQ0uyeKPR2bP
 S4jBa6Qx28uQpcF1R9m8Azs3QJYdeyCAIou2Qz4ndhERCpKKNIc=
 =+qF4
 -----END PGP SIGNATURE-----

Merge tag 'efi-2023-10-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request efi-2023-10-rc1

Documentation:

* enhance UEFI anti-rollback documentation

EFI:

* Reconnect drivers if UninstallProtocol fails
* Prefer short device paths for boot options
* Fix error handling when updating boot options for block devices
2023-07-15 11:19:11 -04:00
Ilias Apalodimas
d9df8a5f37 efi_selftests: add extra testcases on controller handling
We recently fixed a few issues wrt to controller handling.  Add a few
test cases to cover the new code.
- return EFI_DEVICE_ERROR the first time the protocol interface of
  the controller is uninstalled, after all the children have been
  disconnected.  This should make the drivers reconnect
- add tests to verify controllers are reconnected when uninstalling a
  protocol fails
- add tests to make sure EFI_NOT_FOUND is returned if a non existent
  interface is being removed

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
748cb553ff efi_loader: fix the return codes of UninstallProtocol
Up to now we did not check the return value of DisconnectController.
A previous patch is fixing that taking into account what happened during
the controller disconnect.  But that check takes place before our code
is trying to figure out if the interface exists to begin with.  In case a
driver is not allowed to unbind -- e.g returning EFI_DEVICE_ERROR, we
will end up returning that error instead of EFI_NOT_FOUND.

Add an extra check on the top of the function to make sure the protocol
interface exists before trying to disconnect any drivers

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
747d16d93c efi_loader: check the status of disconnected drivers
efi_uninstall_protocol() calls efi_disconnect_all_drivers() but never
checks the return value.  Instead it tries to identify protocols that
are still open after closing the ones that were opened with
EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL, EFI_OPEN_PROTOCOL_GET_PROTOCOL
and EFI_OPEN_PROTOCOL_TEST_PROTOCOL.

Instead of doing that,  check the return value early and exit if
disconnecting the drivers failed.  Also reconnect all the drivers of
a handle if protocols are still found on the handle after disconnecting
controllers and closing the remaining protocols.

While at it fix a memory leak and properly free the opened protocol
information when closing a protocol.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-15 11:20:41 +02:00
Ilias Apalodimas
239d59a65e efi_loader: reconnect drivers on failure
efi_disconnect_controller() doesn't reconnect drivers in case of
failure.  Reconnect the disconnected drivers properly

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-07-15 11:20:41 +02:00
Raymond Mao
7aa022c797 Load option with short device path for boot vars
The boot variables automatically generated for removable medias
should be with short form of device path without device nodes.
This is a requirement for the case that a removable media is
plugged into a different port but is still able to work with the
existing boot variables.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Raymond Mao
9945bc4f86 Fix incorrect return code of boot option update
Correct the return code for out-of-memory and no boot option found

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Raymond Mao
339b527bd4 Move bootorder and bootoption apis to lib
Rename and move bootorder and bootoption apis from cmd to lib
for re-use between eficonfig and bootmgr
Fix 'unexpected indentation' when 'make htmldocs' after functions
are moved

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-07-15 11:20:41 +02:00
Christophe Leroy
ad47974707 lzma: Fix decompression speed regression
Uncompressing a 1.7Mbytes FIT image on U-boot 2023.04 takes
approx 7s on a powerpc 8xx.
The same on U-boot 2023.07-rc6 takes approx 28s unless watchdog
is disabled.

During that decompression, LzmaDec_DecodeReal() calls schedule
1.6 million times, that is every 4µs in average.

In the past it used to be a call to WATCHDOG_RESET() which was
just calling hw_watchdog_reset().

But the combination of commit 29caf9305b ("cyclic: Use schedule()
instead of WATCHDOG_RESET()") and commit 26e8ebcd7c ("watchdog:
mpc8xxx: Make it generic") results in an heavier processing.

However, there is absolutely no point in calling schedule() that
often.

By moving and keeping only one call to schedule() in the main
loop the number of calls is reduced to 1.2 million which is still
too much. So add logic to only call schedule every 1024 times.
That leads to a call to schedule approx every 6ms which is still
far enough to entertain the watchdog which has a 1s timeout on
powerpc 8xx.

powerpc 8xx being one of the slowest targets we have today in
U-boot, and most other watchdogs having a timeout of one minutes
instead of one second like the 8xx, this fix should not have
negative impact on other targets.

Fixes: 29caf9305b ("cyclic: Use schedule() instead of WATCHDOG_RESET()")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-07-14 15:21:08 -04:00
Oleksandr Suvorov
ef402577c2 lib/zlib: Fix a bug when getting a gzip header extra field
This fixes CVE-2022-37434 [1] and bases on 2 commits from Mark
Adler's zlib master repo - the original fix of CVE bug [2] and
the fix for the fix [3].

[1]
https://github.com/advisories/GHSA-cfmr-vrgj-vqwv
[2]
eff308af42
[3]
1eb7682f84

Fixes: e89516f031 ("zlib: split up to match original source tree")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2023-07-14 15:21:08 -04:00
Simon Glass
a8f2ac2ae6 fdt: Allow more general use of livetree
At present livetree can only be used for the control FDT. It is useful
to be able to use the ofnode API for other FDTs, e.g. those used by
the upcoming configuration editor.

We already have most of the support present, and tests can be marked with
the UT_TESTF_OTHER_FDT flag to use another FDT as a special case. But
with this change, the functionality becomes more generally available.

Plumb in the require support.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-14 12:54:51 -04:00
Simon Glass
9cf39bbe96 fdt: Align the start of the livetree
Ensure that the block of memory used by live tree is aligned according to
the default for structures. This ensures that the root node appears at
the start of the block, so it can be used with free(), rather than being
4 bytes later in some cases.

This corrects a rather obscure bug in unflatten_device_tree().

Fixes: 8b50d526ea ("dm: Add a function to create a 'live' device tree")

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-07-14 12:54:51 -04:00