This is done so that the device path protocol interface of the network
device can be changed internally by u-boot when a new bootfile gets
downloaded.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The fix provided by 997fc12ec9 is actually introducing
a buffer overrun, and the overrun is effective if the
memory after the reloc section is not zeroed.
Probably that's why this bug is not always noticeable.
The problem is that 8-bytes 'rel' pointer can be 4-bytes aligned
according to the PE Format, so the actual relocate function can
take values after the reloc section.
One example is the following dump from the reloc section:
bce26000: 3000 0000 000c 0000 0000 0000 0000 0000
bce26010: 7c00 9340 67e0 f900 1c00 0ea1 a400 0f20
This section has two relocations at offset bce26008 and bce2600a,
however the given size (rel_size) for this relocation is 16-bytes
and this is coming form the efi image Misc.VirtualSize, so in this
case the 'reloc' pointer ends at affset bce2600c and is taken as
valid and this is where the overflow is.
In our system we see this problem when we are starting the
Boot Guard efi image.
This patch is fixing the overrun while preserving the fix done
by 997fc12ec9.
Signed-off-by: Aleksandar Gerasimovski <aleksandar.gerasimovski@belden.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When the TCG2 protocol installation fails, we are trying to remove
all the objects we created in tcg2_uninit().
However, there are cases when this function runs before the config
table was installed. So instead of printing an error unconditionally
check against EFI_NOT_FOUND and don't print anything if the table wasn't
installed to begin with.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We should not write messages in UEFI API functions. This may lead to
incorrect screen layout in UEFI application.
For single statements after if clause we don't need braces.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lmb_alloc_base() is just calling lmb_alloc_base_flags() with LMB_NONE.
There's not much we gain from this abstraction, so let's remove the
former add the flags argument to lmb_alloc_base() and make the code
a bit easier to follow.
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Tested-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lmb_alloc_addr() is just calling lmb_alloc_addr_flags() with LMB_NONE
There's not much we gain from this abstraction, so let's remove the
latter, add a flags argument to lmb_alloc_addr() and make the code a
bit easier to follow.
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Tested-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The gen_v5_guid() is a void and does no error checking with pointers
being available etc. Instead it expects all things to be in place to
generate GUIDs. If a board capsule definition is buggy and does not
define the firmware names when enabling capsule updates, the board will
crash trying to bring up the EFI subsystem.
Check for a valid firmware name before generating GUIDs.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Given that OF_LIBFDT is library functionality, the feature of EFI_LOADER
needs to select OF_LIBFDT rather than depend on it being already
enabled.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
With this pull request support for the EFI_HTTP_PROTOCOL and
EFI_IP4_CONFIG2 protocols are added. This allows EFI applications
to load files via HTTP.
UEFI:
add efi_dp_from_ipv4 function
add efi_net_set_addr, efi_net_get_addr functions
add support for HTTP device path
set EFI bootdevice device path to HTTP when loaded from wget
add support to send http requests and parse http headers
provide EFI_IP4_CONFIG2_PROTOCOL
provide EFI_HTTP_PROTOCOL
support IPv4() in device path to text protocol
provide unit tests for the HTTP and IPv4 Config2 protocols
Network:
zero terminate string with headers in wget_fill_info()
zero terminate string with headers in wget_lwip_fill_info()
pass port and server_name via wget_ctx in lwIP network stack
let wget_with_dns work with dns disabled
Others:
Add HTTP and IPV4 Config II protocols to UUID library functions.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmdQPCsACgkQhO4vgnE3
U0vqSA//Qhe8pM2na+9xuF1woFhLwAvxRyFc4XFkCNfuMk8qLbL+pqNoXpRKzqSE
bm8qAfanO3twDKIyrFPYtUtI3ntm0/KpcB2eYsSaROoT7nDrh2EpUZ/5wjsGhkJn
DbL8fYcRTxSDhf7gWimVBiF3Frdctfu5OOrkqT/CFx6l7GJtugF7cCU44Kg1Ec+P
h2X+itvZ2B44YAgGwuOmbjf6FZeWj6HckNxr6w/XAw6LchDwTei2QCDRE/mJNSzy
Ugm72VBD7bEa0B0zv33FARVmDzC94eITCRyPj+OhuQhqGopPq4v/vczsR69s6Gpn
aucJukq+s4jdvivfKPEstvGBHC1kzPfuNOMRhdCLfdHDDS0L0Vr17BuZLDWrhflp
i5HU8RPbUWeeLfP5uogbbgGKpTY/SzHHt7k9nsr4SceSlqXlzAqUvMFBBdfSxRS/
YI5ThsLpnHfALnWv4cnlq+OW4Lo5wAmsrf4REGqH0JP/9sR1m2IszktgSIwYcSoC
xPfGxqEQbSeJdjYWaB6LpMhEqIpNYZH44dEOOy2FS3Dwop3FBzb05BtDqeun90mS
Bzzu/B4tbFOI88Gn/7P+5bD6KgGJzd8SmOWgu4imTCKLUKJV63V3mVz/6Kd3NoPm
72vwMcKbrJZxRnaKKNisEQTzGygdz6eKRo7Ule1stYJ0R2KBJF8=
=Wa3j
-----END PGP SIGNATURE-----
Merge tag 'efi-next-2024-12-04' of https://source.denx.de/u-boot/custodians/u-boot-efi into next
CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/23707
With this pull request support for the EFI_HTTP_PROTOCOL and
EFI_IP4_CONFIG2 protocols are added. This allows EFI applications
to load files via HTTP.
UEFI:
add efi_dp_from_ipv4 function
add efi_net_set_addr, efi_net_get_addr functions
add support for HTTP device path
set EFI bootdevice device path to HTTP when loaded from wget
add support to send http requests and parse http headers
provide EFI_IP4_CONFIG2_PROTOCOL
provide EFI_HTTP_PROTOCOL
support IPv4() in device path to text protocol
provide unit tests for the HTTP and IPv4 Config2 protocols
Network:
zero terminate string with headers in wget_fill_info()
zero terminate string with headers in wget_lwip_fill_info()
pass port and server_name via wget_ctx in lwIP network stack
let wget_with_dns work with dns disabled
Others:
Add HTTP and IPV4 Config II protocols to UUID library functions.
Add an EFI HTTP driver. This commit implements the
EFI_HTTP_PROTOCOL and the EFI_HTTP_SERVICE_BINDING_PROTOCOL.
The latter is attached to the handle of th efi network
device. This is the same handle where snp, pxe, and ipconfig
are attached to.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Add an implementation of the EFI_IP4_CONFIG2_PROTOCOL. The protocol
is attached to the handle of the efi network device. This is the same
handle where snp and pxe are attached to.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Add network-stack agnostic way to send an http request and
parse http headers from efi drivers. This uses wget as a
backend and communicates with it via efi_wget_info.
The function efi_net_do_request allocates a buffer on behalf of an
efi application using efi_alloc and passes it to wget to receive
the data. If the method is GET and the buffer is too small, it
re-allocates the buffer based on the last received Content-Length
header and tries again. If the method is HEAD it just issues one
request. So issuing a HEAD request (to update Content-Length) and
then a GET request is preferred but not required.
The function efi_net_parse_headers parses a raw buffer containing
an http header into an array of EFI specific 'http_header' structs.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Set the device path of the efi boot device to an HTTP device path
(as formed by efi_dp_from_http) when the next boot stage is loaded
using wget (i.e., when wget is used with wget_info.set_bootdev=1).
When loaded from HTTP, the device path should account for it so that
the next boot stage is aware (e.g. grub only loads its http stack if
it itself was loaded from http, and it checks this from its device path).
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add efi_dp_from_http to form a device path from HTTP. The
device path is the concatenation of the device path returned
by efi_dp_from_ipv4 together with an URI node and an END node.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add the functions efi_net_set_addr and efi_net_get_addr to set
and get the ip address from efi code in a network agnostic way.
This could also go in net_common, or be compiled conditionally
for each network stack.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implement Ipv4() node support in the device path to text protocol.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add efi_dp_from_ipv4 to form a device path from an ipv4 address.
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This was marked as TODO in the code:
- Enable use of wget_with_dns even if CMD_DNS is disabled if
the given uri has the ip address for the http server.
- Move the check for CMD_DNS inside wget_with_dns.
- Rename wget_with_dns to wget_do_request
Signed-off-by: Adriano Cordova <adrianox@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
The cache-flush function is incorrect which causes a crash in the
remoteproc tests with arm64.
Fix both problems by using map_sysmem() to convert an address to a
pointer and map_to_sysmem() to convert a pointer to an address.
Also update the image-loader's cache-flushing logic.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 3286d223fd ("sandbox: implement invalidate_icache_all()")
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Changes in v6:
- Re-introduce
Changes in v2:
- Drop message about EFI_LOADER
arch/sandbox/cpu/cache.c | 8 +++++++-
drivers/remoteproc/rproc-elf-loader.c | 18 +++++++++++-------
lib/efi_loader/efi_image_loader.c | 3 ++-
3 files changed, 20 insertions(+), 9 deletions(-)
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reverts commit ("commit a68c9ac5d8 ("efi_memory: do not add
U-Boot memory to the memory map").
This code was removed when the EFI subsystem started using LMB calls for
the reservations. In hindsight it unearthed two problems.
The e820 code is adding u-boot memory as EfiReservedMemory while it
should look at what LMB added and decide instead of blindly overwriting
it. The reason this worked is that we marked that code properly late,
when the EFI came up. But now with the LMB changes, the EFI map gets
added first and the e820 code overwrites it.
The second problem is that we never mark SetVirtualAddressMap as runtime
code, which we should according to the spec. Until we fix this the
current hack can't go away, at least for architectures that *need* to
call SVAM.
More specifically x86 currently requires SVAM and sets the NX bit for
pages not marked as *_CODE. So unless we do that late, it will crash
trying to execute from non-executable memory. It's also worth noting
that x86 calls SVAM late in the boot, so this will work until someone
decides to overwrite/use BootServicesCode from the OS.
Notably arm64 disables it explicitly if the VA space is > 48bits, so
doesn't suffer from any of these problems.
This doesn't really deserve a fixes tag, since it brings back a hack to
remedy a situation that was wrong long before that commit, but in case
anyone hits the same bug ...
Simon sent the original revert in the link, but we need a proper
justification for it.
Link: https://lore.kernel.org/u-boot/20241112131830.576864-1-sjg@chromium.org/
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reported-by: Simon Glass <sjg@chromium.org>
Janne Grunau <j@jannau.net> says:
Starting with v2024.10 dev_iommu_dma_unmap calls during device removal
trigger a NULL pointer dereference in the Apple dart iommu driver. The
iommu device is removed before its user. The sparsely used DM_FLAG_VITAL
flag is intended to describe this dependency. Add it to the driver.
Adding this flag is unfortunately not enough since the boot routines
except the arm one simply remove all drivers. Add and use a new function
which calls
dm_remove_devioce_flags(DM_REMOVE_ACTIVE_ALL | DM_REMOVE_NON_VITAL);
dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
to ensure this order dependency is head consistently.
Link: https://lore.kernel.org/r/20241123-iommu_apple_dart_ordering-v2-0-cc2ade6dde97@jannau.net
This replaces dm_remove_devices_flags() calls in all boot
implementations to ensure non vital devices are consistently removed
first. All boot implementation except arch/arm/lib/bootm.c currently
just call dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL). This can result
in crashes when dependencies between devices exists. The driver model's
design document describes DM_FLAG_VITAL as "indicates that the device is
'vital' to the operation of other devices". Device removal at boot
should follow this.
Instead of adding dm_remove_devices_flags() with (DM_REMOVE_ACTIVE_ALL |
DM_REMOVE_NON_VITAL) everywhere add dm_remove_devices_active() which
does this.
Fixes a NULL pointer deref in the apple dart IOMMU driver during EFI
boot. The xhci-pci (driver which depends on the IOMMU to work) removes
its mapping on removal. This explodes when the IOMMU device was removed
first.
dm_remove_devices_flags() is kept since it is used for testing of
device_remove() calls in dm.
Signed-off-by: Janne Grunau <j@jannau.net>
We never free and unmap the memory on errors and we never unmap it when
freeing it. The latter won't cause any problems even on sandbox, but for
consistency always use unmap_sysmem()
Fixes: commit 22f2c9ed9f ("efi: memory: use the lmb API's for allocating and freeing memory")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Commit 775f7657ba ("Kconfig: clean up the efi configuration status")
by mistake revoked commit dcd1b63b70 ("efi_loader: allow
EFI_LOADER_BOUNCE_BUFFER on all architectures").
Fixes: 775f7657ba ("Kconfig: clean up the efi configuration status")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Loic Devulder <ldevulder@suse.com>
The value of variable nt is never used. Just use NULL when calling
efi_check_pe().
The API function is not expected to write to the console. Such output might
have unwanted side effects on the screen layout of an EFI application.
Leave error handling to the caller.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When the --native flag is given, pretend to be running the host
architecture rather than sandbox.
Allow the same control for PXE too.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this function from the EFI bootmeth to the common efi_helper file.
No functional change is intended.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a simple app to use for testing. This is intended to do whatever it
needs to for testing purposes. For now it just prints a message and
exits boot services.
There was a considerable amount of discussion about whether it is OK to
call exit-boot-services and then return to U-Boot. This is not normally
done in a real application, since exit-boot-services is used to
completely disconnect from U-Boot. For now, this part is skipped.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
All call sites are using size rather than end addresses,
so instead - as previously done - calculating an end address
everywhere, just modify the function to use size and internally
calculate the end address
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Patrick Wildt <pwildt@google.com>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> says:
With this series opendir, readdir, closedir are implemented for ext4.
These functions are needed for the UEFI sub-system to interact with
the ext4 file system.
To reduce code growth the functions are reused to implement the ls
command for ext4.
A memory leak in ext4fs_exists is resolved.
ext4fs_iterate_dir is simplified by removing a redundant pointer copy.
Link: https://lore.kernel.org/r/20241026064048.370062-1-heinrich.schuchardt@canonical.com
* Some of our file system drivers cannot report a file size for
directories. Use a dummy value in this case.
* For SetInfo the UEFI spec requires to ignore the file size field.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The function expects an end address but is being called with
an size instead.
Fixes: 6422820ac3 ("efi_loader: split unrelated code from efi_bootmgr.c")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Patrick Wildt <pwildt@google.com>
This function is only used locally, so make it static and quiesce
the W=1 warning
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
That variable is defined and assigned a value in two functions
but it's never used.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Mark functions that are only used locally as static and
quiesce W=1 warnings
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A few functions are only used locally but miss the 'static' keyword.
Add it and quiesce W=1 build wanrings
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This is only used locally so make it static
Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
We currently call efi_free_pages() with a notify flag and explicitly
update the efi memory map. That's not needed as lmb_free_flags() will do
that for us if the LMB_NONOTIFY flag is removed
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CONFIG_CMD_DNS and CONFIG_CMD_WGET depend on CONFIG_CMD_NET.
CONFIG_CMD_NET depends on CONFIG_NET or CONFIG_NET_LWIP.
We shall only enable CONFIG_EFI_HTTP if there is network support.
We have to select CONFIG_CMD_NET.
Fixes: d7d07a8b50 ("efi_loader: support boot from URI device path")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lmb_alloc_flags() & lmb_alloc_base_flags() are just a wrappers for
_lmb_alloc_base(). Since the only difference is the max address of the
allowed allocation which _lmb_alloc_base() already supports with the
LMB_ALLOC_ANYWHERE flag, remove one of them.
Keep the lmb_alloc_base_flags() which also prints an error on failures
and adjust efi_allocate_pages() to only use one of them.
While at it clean up the duplicate function description from the header
file.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We should not write "ERROR:" or "WARNING:" when using log_err() or
log_warning(). These prefixed don't provide additional information.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Messages written with log_err() should terminate with a linefeed.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
EFI variables can be stored in a file on the EFI system partition. If that
partition is missing we are writing two error messages per variable. This
is too noisy.
Just warn once about the missing ESP.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We prefer `if` over `#ifdef` in our code.
Eliminate #ifdef statements in efi_setup.c.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The variable overlap_only_ram is used to specify that the new memory
region that is being created needs to come from the free memory pool
-- this is done by carving out the memory region from the free
memory. The name is a bit confusing though, as other allocated memory
regions, like boot-services code and data are also part of the RAM
memory. Rename the variable to overlap_conventional to highlight the
fact that it is the free/conventional memory that is being referred to
in this context.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The EFI_CONVENTIONAL_MEMORY type, which is the usable RAM memory is
now being managed by the LMB module. Remove the addition of this
memory type to the EFI memory map. This memory now gets added to the
EFI memory map as part of the LMB memory map update event handler.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The memory region occupied by U-Boot is reserved by LMB, and gets
added to the EFI memory map through a call from the LMB module. Remove
this superfluous addition to the EFI memory map.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
