From 119fafdefb81677dc629b79263672e9457849c61 Mon Sep 17 00:00:00 2001 From: Sughosh Ganu Date: Wed, 1 Jun 2022 23:30:39 +0530 Subject: [PATCH 1/5] EFI: Do not consider OsIndications variable if CONFIG_EFI_IGNORE_OSINDICATIONS is enabled The EFI_IGNORE_OSINDICATIONS config symbol was introduced as a mechanism to have capsule updates work even on platforms where the SetVariable runtime service was not supported. The current logic requires the OsIndications variable to have been set to a 64 bit value even when the EFI_IGNORE_OSINDICATIONS config is enabled. Return an error code on not being able to read the variable only when EFI_IGNORE_OSINDICATIONS is not enabled. Signed-off-by: Sughosh Ganu Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_capsule.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index c76a5f3570..a6b98f066a 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -1058,14 +1058,15 @@ static void efi_capsule_scan_done(void) */ static efi_status_t check_run_capsules(void) { - u64 os_indications; + u64 os_indications = 0x0; efi_uintn_t size; efi_status_t r; size = sizeof(os_indications); r = efi_get_variable_int(u"OsIndications", &efi_global_variable_guid, NULL, &size, &os_indications, NULL); - if (r != EFI_SUCCESS || size != sizeof(os_indications)) + if (!IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS) && + (r != EFI_SUCCESS || size != sizeof(os_indications))) return EFI_NOT_FOUND; if (os_indications & @@ -1084,7 +1085,7 @@ static efi_status_t check_run_capsules(void) return EFI_SUCCESS; } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) { return EFI_SUCCESS; - } else { + } else { return EFI_NOT_FOUND; } } From 556a12654a3350113edbd826cbcdde4c03cb7f20 Mon Sep 17 00:00:00 2001 From: Sughosh Ganu Date: Wed, 1 Jun 2022 23:30:41 +0530 Subject: [PATCH 2/5] EFI: FMP: Use a common GetImageInfo function for FIT and raw images The GetImageInfo function definitions for the FIT images and raw images are the same. Use a common function for the both the Firmware Management Protocol(FMP) instances for raw and FIT images. Signed-off-by: Sughosh Ganu Reviewed-by: Heinrich Schuchardt --- lib/efi_loader/efi_firmware.c | 80 ++++++----------------------------- 1 file changed, 14 insertions(+), 66 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 0ce6c1e34f..30cafd15ca 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -241,18 +241,8 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, return EFI_SUCCESS; } -#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_FIT -/* - * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update - * method with existing FIT image format, and handles - * - multiple regions of firmware via DFU - * but doesn't support - * - versioning of firmware image - * - package information - */ - /** - * efi_firmware_fit_get_image_info - return information about the current + * efi_firmware_get_image_info - return information about the current * firmware image * @this: Protocol instance * @image_info_size: Size of @image_info @@ -270,7 +260,7 @@ efi_status_t efi_firmware_capsule_authenticate(const void **p_image, * Return status code */ static -efi_status_t EFIAPI efi_firmware_fit_get_image_info( +efi_status_t EFIAPI efi_firmware_get_image_info( struct efi_firmware_management_protocol *this, efi_uintn_t *image_info_size, struct efi_firmware_image_descriptor *image_info, @@ -303,6 +293,16 @@ efi_status_t EFIAPI efi_firmware_fit_get_image_info( return EFI_EXIT(ret); } +#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_FIT +/* + * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update + * method with existing FIT image format, and handles + * - multiple regions of firmware via DFU + * but doesn't support + * - versioning of firmware image + * - package information + */ + /** * efi_firmware_fit_set_image - update the firmware image * @this: Protocol instance @@ -348,7 +348,7 @@ efi_status_t EFIAPI efi_firmware_fit_set_image( } const struct efi_firmware_management_protocol efi_fmp_fit = { - .get_image_info = efi_firmware_fit_get_image_info, + .get_image_info = efi_firmware_get_image_info, .get_image = efi_firmware_get_image_unsupported, .set_image = efi_firmware_fit_set_image, .check_image = efi_firmware_check_image_unsupported, @@ -363,58 +363,6 @@ const struct efi_firmware_management_protocol efi_fmp_fit = { * method with raw data. */ -/** - * efi_firmware_raw_get_image_info - return information about the current - * firmware image - * @this: Protocol instance - * @image_info_size: Size of @image_info - * @image_info: Image information - * @descriptor_version: Pointer to version number - * @descriptor_count: Pointer to number of descriptors - * @descriptor_size: Pointer to descriptor size - * @package_version: Package version - * @package_version_name: Package version's name - * - * Return information bout the current firmware image in @image_info. - * @image_info will consist of a number of descriptors. - * Each descriptor will be created based on "dfu_alt_info" variable. - * - * Return status code - */ -static -efi_status_t EFIAPI efi_firmware_raw_get_image_info( - struct efi_firmware_management_protocol *this, - efi_uintn_t *image_info_size, - struct efi_firmware_image_descriptor *image_info, - u32 *descriptor_version, - u8 *descriptor_count, - efi_uintn_t *descriptor_size, - u32 *package_version, - u16 **package_version_name) -{ - efi_status_t ret = EFI_SUCCESS; - - EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this, - image_info_size, image_info, - descriptor_version, descriptor_count, descriptor_size, - package_version, package_version_name); - - if (!image_info_size) - return EFI_EXIT(EFI_INVALID_PARAMETER); - - if (*image_info_size && - (!image_info || !descriptor_version || !descriptor_count || - !descriptor_size || !package_version || !package_version_name)) - return EFI_EXIT(EFI_INVALID_PARAMETER); - - ret = efi_fill_image_desc_array(image_info_size, image_info, - descriptor_version, descriptor_count, - descriptor_size, package_version, - package_version_name); - - return EFI_EXIT(ret); -} - /** * efi_firmware_raw_set_image - update the firmware image * @this: Protocol instance @@ -461,7 +409,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( } const struct efi_firmware_management_protocol efi_fmp_raw = { - .get_image_info = efi_firmware_raw_get_image_info, + .get_image_info = efi_firmware_get_image_info, .get_image = efi_firmware_get_image_unsupported, .set_image = efi_firmware_raw_set_image, .check_image = efi_firmware_check_image_unsupported, From 3a0654ecd0d6a39406e6fe91f7a40ce589594ae9 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Fri, 10 Jun 2022 18:24:48 +0200 Subject: [PATCH 3/5] efi_loader: correctly identify binary name Only on the sandbox the default EFI binary name (e.g. BOOTX64.EFI) must match the host architecture. In all other cases we must use the target architecture. Use #elif where appropriate. Reported-by: Vagrant Cascadian Signed-off-by: Heinrich Schuchardt --- include/efi_default_filename.h | 43 +++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/include/efi_default_filename.h b/include/efi_default_filename.h index 13b9de8754..77932984b5 100644 --- a/include/efi_default_filename.h +++ b/include/efi_default_filename.h @@ -5,6 +5,7 @@ * file name is defined in this include. * * Copyright (c) 2022, Heinrich Schuchardt + * Copyright (c) 2022, Linaro Limited */ #ifndef _EFI_DEFAULT_FILENAME_H @@ -14,32 +15,42 @@ #undef BOOTEFI_NAME +#ifdef CONFIG_SANDBOX + #if HOST_ARCH == HOST_ARCH_X86_64 #define BOOTEFI_NAME "BOOTX64.EFI" -#endif - -#if HOST_ARCH == HOST_ARCH_X86 +#elif HOST_ARCH == HOST_ARCH_X86 #define BOOTEFI_NAME "BOOTIA32.EFI" -#endif - -#if HOST_ARCH == HOST_ARCH_AARCH64 +#elif HOST_ARCH == HOST_ARCH_AARCH64 #define BOOTEFI_NAME "BOOTAA64.EFI" -#endif - -#if HOST_ARCH == HOST_ARCH_ARM +#elif HOST_ARCH == HOST_ARCH_ARM #define BOOTEFI_NAME "BOOTARM.EFI" -#endif - -#if HOST_ARCH == HOST_ARCH_RISCV32 +#elif HOST_ARCH == HOST_ARCH_RISCV32 #define BOOTEFI_NAME "BOOTRISCV32.EFI" -#endif - -#if HOST_ARCH == HOST_ARCH_RISCV64 +#elif HOST_ARCH == HOST_ARCH_RISCV64 #define BOOTEFI_NAME "BOOTRISCV64.EFI" +#else +#error Unsupported UEFI architecture #endif -#ifndef BOOTEFI_NAME +#else + +#if defined(CONFIG_ARM64) +#define BOOTEFI_NAME "BOOTAA64.EFI" +#elif defined(CONFIG_ARM) +#define BOOTEFI_NAME "BOOTARM.EFI" +#elif defined(CONFIG_X86_64) +#define BOOTEFI_NAME "BOOTX64.EFI" +#elif defined(CONFIG_X86) +#define BOOTEFI_NAME "BOOTIA32.EFI" +#elif defined(CONFIG_ARCH_RV32I) +#define BOOTEFI_NAME "BOOTRISCV32.EFI" +#elif defined(CONFIG_ARCH_RV64I) +#define BOOTEFI_NAME "BOOTRISCV64.EFI" +#else #error Unsupported UEFI architecture #endif #endif + +#endif From 178667b34bf0aa5312727eba6612b3500adad4a3 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 11 Jun 2022 05:22:07 +0000 Subject: [PATCH 4/5] efi_loader: allow booting from short dev only DP Allow booting from a short form device-path without file path, e.g. /HD(1,GPT,5ef79931-a1aa-4c70-9d67-611e8f69eafd,0x800,0x1000) Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_bootmgr.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index 93f6590530..9b65f34035 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -44,7 +44,7 @@ static const struct efi_runtime_services *rs; static struct efi_device_path *expand_media_path(struct efi_device_path *device_path) { - struct efi_device_path *dp, *full_path; + struct efi_device_path *dp, *rem, *full_path; efi_handle_t handle; efi_status_t ret; @@ -57,11 +57,10 @@ struct efi_device_path *expand_media_path(struct efi_device_path *device_path) * booting from removable media. */ dp = device_path; - ret = EFI_CALL(efi_locate_device_path( - &efi_simple_file_system_protocol_guid, - &dp, &handle)); + handle = efi_dp_find_obj(dp, &efi_simple_file_system_protocol_guid, + &rem); if (ret == EFI_SUCCESS) { - if (dp->type == DEVICE_PATH_TYPE_END) { + if (rem->type == DEVICE_PATH_TYPE_END) { dp = efi_dp_from_file(NULL, 0, "/EFI/BOOT/" BOOTEFI_NAME); full_path = efi_dp_append(device_path, dp); From 72fa9cd59edcf99cb32c05604d2a904018acd30a Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 11 Jun 2022 05:22:08 +0000 Subject: [PATCH 5/5] efi_loader: create boot options without file path Allow the efidebug command to create boot options without file path, e.g. efidebug boot add -b 0001 'short dev only' host 0:1 '' efidebug boot add -B 0002 'long dev only' host 0:1 '' Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/efi_bootmgr.c | 3 +-- lib/efi_loader/efi_device_path.c | 33 +++++++++++++++++++++++--------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index 9b65f34035..234073ecb7 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -46,7 +46,6 @@ struct efi_device_path *expand_media_path(struct efi_device_path *device_path) { struct efi_device_path *dp, *rem, *full_path; efi_handle_t handle; - efi_status_t ret; if (!device_path) return NULL; @@ -59,7 +58,7 @@ struct efi_device_path *expand_media_path(struct efi_device_path *device_path) dp = device_path; handle = efi_dp_find_obj(dp, &efi_simple_file_system_protocol_guid, &rem); - if (ret == EFI_SUCCESS) { + if (handle) { if (rem->type == DEVICE_PATH_TYPE_END) { dp = efi_dp_from_file(NULL, 0, "/EFI/BOOT/" BOOTEFI_NAME); diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 50a988c561..171661b897 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -973,9 +973,22 @@ static void path_to_uefi(void *uefi, const char *src) *pos = 0; } -/* - * If desc is NULL, this creates a path with only the file component, - * otherwise it creates a full path with both device and file components +/** + * efi_dp_from_file() - create device path for file + * + * The function creates a device path from the block descriptor @desc and the + * partition number @part and appends a device path node created describing the + * file path @path. + * + * If @desc is NULL, the device path will not contain nodes describing the + * partition. + * If @path is an empty string "", the device path will not contain a node + * for the file path. + * + * @desc: block device descriptor or NULL + * @part: partition number + * @path: file path on partition or "" + * Return: device path or NULL in case of an error */ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part, const char *path) @@ -1002,12 +1015,14 @@ struct efi_device_path *efi_dp_from_file(struct blk_desc *desc, int part, buf = dp_part_fill(buf, desc, part); /* add file-path: */ - fp = buf; - fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE; - fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH; - fp->dp.length = (u16)fpsize; - path_to_uefi(fp->str, path); - buf += fpsize; + if (*path) { + fp = buf; + fp->dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE; + fp->dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH; + fp->dp.length = (u16)fpsize; + path_to_uefi(fp->str, path); + buf += fpsize; + } *((struct efi_device_path *)buf) = END;