cmd: bootefi: error handling bootefi selftest

If bootefi selftest is executed and a problem with the device-tree
installation occurs, efi_install_fdt() writes sensible error messages.
It never returns EFI_INVALID_PARAMETER. It neither makes sense to check
for EFI_INVALID_PARAMETER nor to show the usage help for the bootefi
command in this case.

Fixes: 296faf4f7ef1 ("cmd: bootefi: re-organize do_bootefi()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

cmd: bootefi: Don't show usage help if EFI binary fails.

If an EFI binary returns an error code EFI_INVALID_PARAMETER, we show the
usage help for the bootefi command:

Shell> exit 0x8000000000000002
## Application failed, r = 2
bootefi - Boots an EFI payload from memory

Usage:
bootefi <image address>[:<image size>] [<fdt address>]
- boot EFI payload
bootefi bootmgr [fdt address]
- load and boot EFI payload based on BootOrder/BootXXXX variables.

If specified, the device tree located at <fdt address> gets
exposed as EFI configuration table.

This makes no sense.

Fixes: 296faf4f7ef1 ("cmd: bootefi: re-organize do_bootefi()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

cmd: bootefi: move library interfaces under lib/efi_loader

In the prior commits, interfaces for executing EFI binary and boot manager
were carved out. Move them under efi_loader directory so that they can
be called from other places without depending on bootefi command.

Only efi_selftest-related code will be left in bootefi.c.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: localize global device paths for efi_selftest

Device paths allocated in bootefi_test_prepare() will be immediately
consumed by do_efi_selftest() and there is no need to keep them for later
use. Introduce test-specific varialbles to make it easier to move other
bootmgr functions into library directory in the next commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: carve out binary execution interface

Carve binary execution code out of do_bootefi_image() in order to move
binary-execution specific code into library directory in the later
commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: carve out EFI boot manager interface

Carve EFI boot manager related code out of do_bootefi_image() in order
to move boot manager specific code into library directory in the later
commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: re-organize do_bootefi()

Replicate some code and re-organize do_bootefi() into three cases, which
will be carved out as independent functions in the next two commits.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: unfold do_bootefi_image()

Unfold do_bootefi_image() into do_bootefi() in order to make it easier
to re-organize do_bootefi() in the next commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

boot: Drop size parameter from image_setup_libfdt()

The of_size parameter is not used, so remove it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

efi_loader: add return to efibootmgr event group

When the image loaded by efibootmgr returns, efibootmgr
needs to clean the resources. Adding the event of returning
to efibootmgr is useful to simplify the implementation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

cmd: Convert existing long help messages to the new macro

- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

efi_loader: make efi_delete_handle() follow the EFI spec

The EFI doesn't allow removal of handles, unless all hosted protocols
are cleanly removed. Our efi_delete_handle() is a bit intrusive.
Although it does try to delete protocols before removing a handle,
it doesn't care if that fails. Instead it only returns an error if the
handle is invalid. On top of that none of the callers of that function
check the return code.

So let's rewrite this in a way that fits the EFI spec better. Instead
of forcing the handle removal, gracefully uninstall all the handle
protocols. According to the EFI spec when the last protocol is removed
the handle will be deleted. Also switch all the callers and check the
return code. Some callers can't do anything useful apart from reporting
an error. The disk related functions on the other hand, can prevent a
medium that is being used by EFI from removal.

The only function that doesn't check the result is efi_delete_image().
But that function needs a bigger rework anyway, so we can clean it up in
the future

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: fix efi_dp_from_file()

* When called from efi_dp_from_name() we miss to append the filename
for non-block devices.
* expand_media_path() could be simplified by using efi_dp_from_file to
prepend the device path of the boot device.

This can be avoided by passing a device path to efi_dp_from_file() instead
of a block device descriptor and a partition number.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: bootefi: allocate device-tree copy from high memory

The bootefi command creates a copy of the device-tree within the first
127 MiB of memory. This may lead to overwriting previously loaded binaries
(e.g. kernel, initrd).

Linux EFI stub itself copies U-Boot's copy of the device-tree. This means
there is not restriction for U-Boot to place the device-tree copy to any
address. (Restrictions existed for 32bit ARM before Linux commit
7a1be318f579 ("ARM: 9012/1: move device tree mapping out of linear region")
for legacy booting.

Reported-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com>

efi_loader: Measure the loaded DTB

Measures the DTB passed to the EFI application upon new boolean config
switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the
content of the DTB passed to the OS can change across reboots, there is
not point measuring it hence the config switch to allow platform to not
embed this feature.

Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

efi_loader: remove efi_delete_handle on loadfile2

Loadfile2 code is installing two protocols on it's own handle
and uses efi_delete_handle() to clean it up on failure(s). However
commit 05c4c9e21ae6 ("efi_loader: define internal implementations of
install/uninstallmultiple") prepares the ground for us to clean up
efi_delete_handle() used in favor of Install/UninstallMultipleProtocol.

While at it clean up the non needed void casts to (void *) on the
protolcol installation.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: replace efi_create_handle/add_protocol with InstallMultipleProtocol

In general handles should only be deleted if the last remaining protocol
is removed. Instead of explicitly calling
efi_create_handle -> efi_add_protocol -> efi_delete_handle which blindly
removes all protocols from a handle before removing it, use
InstallMultiple/UninstallMultiple which adheres to the EFI spec and only
deletes a handle if there are no additional protocols present

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

treewide: Drop bootm_headers_t typedef

This is not needed and we should avoid typedefs. Use the struct instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: memory leak in efi_set_bootdev()

efi_dp_str() allocates memory which should be released after use.

Use %pD printf code. Adjust message wording.

Fixes: d837cb1e3b6b ("efi: Add debugging to efi_set_bootdev()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: load: add load command for memory mapped

cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.

So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.

ex: loadm $kernel_addr $kernel_addr_r $kernel_size

with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

cmd/bootefi: correct command syntax

For indicating the address and size of a memory region other commands use a
<addr>[:<size>] syntax. Do the same for bootefi.

Fixes: 2058983689f0 ("cmd: bootefi: restore ability to boot arbitrary blob")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: bootefi: restore ability to boot arbitrary blob

Up until commit 5f59518a7b1ae ("efi_loader: setting boot device"), we
could boot an arbitrary blob with bootefi. Indeed, efi_run_image() even
has a special case for missing device paths indicating a payload that
was directly loaded via JTAG, for example.

Restore the ability to inject a UEFI payload into memory and `bootefi`
it. If the address passed isn't the last PE-COFF loaded, then we'll
wipe out the pre-existing DP/Image information and let efi_run_image()
synthesize a memory device path.

An image size is required if we're booting an arbitrary payload, and
the FDT argument has been changed to accept `-`. The size could be
deduced from the image header, but it's required anyways as an explicit
acknowledgment that one's trying to boot an arbitrary payload rather
than accidentally using the wrong address in the single-addr form.

Fixes: 5f59518a7b1a ("efi_loader: setting boot device")
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: Ignore DT when ACPI is on

For targets that enable ACPI, we should not pass Device Trees into
the payload. However, our distro boot logic always passes the builtin
DT as an argument.

To make it easy to use ACPI with distro boot, let's just ignore the DT
argument to bootefi when ACPI is enabled. That way, we can successfully
distro boot payloads on ACPI enabled targets.

Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: update the timing of enabling and disabling EFI watchdog

UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

1) The EFI Image may reset or disable the watchdog timer as needed.
2) If control is returned to the firmware's boot manager,
the watchdog timer must be disabled.
3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi: Add debugging to efi_set_bootdev()

The operation of this function can be confusing. Add some debugging so
we can see what it is doing and when it is called.

Also drop the preprocessor usage.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installed

U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen
node. That would be problematic in case we want to measure the DTB we
install in the configuration table, since it would change across reboots.

The Linux kernel EFI-stub completely ignores it and only relies on
EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization
of the physical placement of the kernel). In fact it (blindly) overwrites
the existing seed if the protocol is installed. However it still uses it
for randomizing it's virtual placement.
So let's get rid of it in the presence of the RNG protocol.

It's worth noting that TPMs also provide an RNG. So if we tweak our
EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device
is present the 'kaslr-seed' property will always be removed, allowing
us to reliably measure our DTB.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: Replace config option for initrd loading

Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.

This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.

So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:

"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"

When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.

This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

image: Adjust the workings of fit_check_format()

At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

efi_loader: switch to non-secure mode later

Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.

With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().

Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: make the UEFI boot manager configurable

Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: implement EFI_DT_FIXUP_PROTOCOL

A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: setting boot device

Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.

Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.

For a PE-COFF image remember address and size, boot device and path.

For a FIT image remember boot device and path.

If the PE-COFF image is overwritten by loading another file, forget it.

Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: simplify running helloworld.efi

Currently when executing 'bootefi hello' we copy helloworld.efi to the
address identified by environment variable loadaddr. This is unexected
behavior for a user. There is no need to copy helloworld.efi before
executing it after relocation.

Remove the copy action.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: consider no-map property of reserved memory

The device tree may contain a /reserved-memory node. The no-map property
of the sub-nodes signals if the memory may be accessed by the UEFI payload
or not.

In the EBBR specification (https://github.com/arm-software/ebbr) the
modeling of the reserved memory has been clarified.

If a reserved memory node in the device tree has the no-map property map,
create a EfiReservedMemoryType memory map entry else use
EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: log messages for bootefi command

Write log messages when booting via the bootefi command to allow tracking
on the syslog server. Example messages are

Booting /snp.efi

or

Booting /MemoryMapped(0x0,0x4fe00000,0x35a40)
Loading image failed

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: document parameters of do_bootefi_exec()

Add the missing description of the load_options parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set load options in boot manager

Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: factor out efi_set_load_options()

The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use logging for bootefi command

Log messages of the bootefi command instead of simply printing them to the
console.

Do not show "## Application terminated" message when the UEFI binary
completed successfully.

Adjust the python tests testing for '## Application terminated'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: incorrect check against FDT_ADDR_T_NONE

With commit 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells
properties correctly") addr was replaced by fdt_addr. But not in the check
against FDT_ADDR_T_NONE.

Fixes: 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells properties
correctly")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: Fix fdt_size variable type in efi_carve_out_dt_rsv()

Variable fdt_size should be of type 'fdt_size_t', not 'fdt_addr_t'.

Fixes 0d7c2913fdf7: ("cmd: bootefi: Honor the address & size cells properties correctly")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: Honor the address & size cells properties correctly

fdtdec_get_addr_size reads the uses a fixed value for address & size
cell properties which may not be correct always.

Use the auto variant of the function which automatically reads
#address-cells & #size-cells from parent and uses to read the "reg"
property.

Signed-off-by: Atish Patra <atish.patra@wdc.com>

On 32 bit systems fdt_addr_t may be 4 bytes long but size is defined as
u64. Avoid filling the upper 4 bytes of the sizep parameter of
fdtdec_get_addr_size_auto_parent() with random bytes from the stack by
defining a separate variable fdt_size.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: round the memory area in efi_add_memory_map()

Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: put device tree into EfiACPIReclaimMemory

According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: remove superfluous NULL check in bootefi.c

efi_free_pool() and efi_delete_handle() both check if their argument is
NULL. The caller should not duplicate this check.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: only reserve memory if fdt node enabled

Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.

Reported-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Fixes: fef907b2e440 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Atish Patra <atish.patra@wdc.com>

cmd: bootefi: Parse reserved-memory node from DT

Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.

Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.

1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]

Signed-off-by: Atish Patra <atish.patra@wdc.com>

Fix an endless loop.

The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: create reservations after ft_board_setup

Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().

The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.

Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: fix efi_install_fdt() description

In the function description use the correct parameter name.

Mention EFI_FDT_USE_INTERNAL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

dm: core: Create a new header file for 'compat' features

At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.

Move the compatibility features into a separate header file.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: free load options after execution

When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.

Free memory allocated for load options when the UEFI binary exits.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: export efi_install_fdt()

Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().

Export the efi_install_fdt() function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: carve out efi_run_image()

Provide public function efi_run_imager() which can be used to run an UEFI
image from memory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use hardware device tree by default

If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: pass address to efi_install_fdt()

As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.

If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

env: Move env_get() to env.h

Move env_get() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: fix function comments in cmd/bootefi.c

Describe efi_set_bootdev().

Change function descriptions to Sphinx style.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: Change return type of efi_add_memory_map()

We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.

This patch does the following:

- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()

Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce30b ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: comments for efi_install_fdt()

Describe that efi_install_fdt() defaults to using the device tree
indicated by environment variable fdtcontroladdr.

ACPI tables and device trees are mutually exclusive.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: deduplicate code in cmd/bootefi.c

Move duplicate initialization code to single instance.

Adjust comments of concerned functions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: clean up UEFI sub-system initialization

allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.

Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().

Remove unused includes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: implement support of exit data

In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().

Let the `bootefi` command print the exit data string in case of an error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set OsIndicationsSupported at init

UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Add comments. Rename a variable.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: need either ACPI table or device tree

The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.

If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.

The fdt unit test should not be run on boards with an ACPI table.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: rework bootmgr/bootefi using load_image API

In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.

With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out do_bootefi_image() from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.
All the non-boot-manager-based (that is, bootefi <addr>) code is put
into one function, do_bootefi_image().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out bootmgr code from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.
do_bootmgr_exec() is renamed to do_efibootmgr() as we put all the necessary
code into this function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: move do_bootefi_bootmgr_exec() forward

This is a preparatory patch for reworking do_bootefi() in later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out efi_selftest code from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.

Efi_selftest code is unusual in terms of execution path in do_bootefi(),
which make that function complicated and hard to understand. With this
patch, all efi_selftest related code will be put in a separate function.

The change also includes expanding efi_run_prepare() and efi_run_finish()
in do_bootefi_exec().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: merge efi_install_fdt() and efi_process_fdt()

This is a preparatory patch for reworking do_bootefi() in later patch.
For simplicity, merge two functions.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Return error code of efi_install_configuration_table() when aborting from
efi_install_fdt().

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out fdt handling from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.

Carve out a function to handle the installation of the device tree
as a configuration table in system table.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: rework set_load_options()

set_load_options() can fail, so it should return error code to stop
invoking an image.
In addition, set_load_options() now takes a handle, instead of
loaded_image_info, to utilize efi_load_image() in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Change FDT memory type from runtime data to boot services data

Following Ard's suggestion:
Runtime data sections are intended for data that is used by the runtime
services implementation.
Let's change the type to EFI_BOOT_SERVICES_DATA.

This also fixes booting of armv7 using efi and fdtcontroladdr.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: clean up bootefi_test_prepare()

Free resources upon failure.

Correct the function description.

As there is no need for any special address in the dummy memory device
path passed via the EFI_LOADED_IMAGE_PROTOCOL simply use 0 as address.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: fix EFI entry counting

`bootefi selftest` fails on qemu-x86_defconfig if efi_selftest() is not
invoked using EFI_CALL().

Likewise we call the entry point of EFI payloads with
EFI_CALL(efi_start_image()).

entry_count indicates if we are in U-Boot (1) or in EFI payload code (0).
As we start in U-Boot code the initial value has to be 1.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use efi_start_image() for bootefi

Remove the duplicate code in efi_do_enter() and use efi_start_image() to
start the image invoked by the bootefi command.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set entry point in efi_load_pe()

Up to now efi_load_pe() returns the entry point or NULL in case of an
error. This does not allow to return correct error codes from LoadImage().

Let efi_load_pe() return a status code and fill in the entry point in the
corresponding field of the image object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: refactor switch to non-secure mode

Refactor the switch from supervisor to hypervisor to a new function called
at the beginning of do_bootefi().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: move efi_init_obj_list() to a new efi_setup.c

The function, efi_init_obj_list(), can be shared in different pseudo efi
applications, like bootefi/bootmgr as well as my efishell. Moreover, it
will be utilized to extend efi initialization, for example, my "removable
disk support" patch and "capsule-on-disk support" patch in the future.

So with this patch, it will be moved to a new file, efi_setup.c, under
lib/efi_loader and exported, making no changes in functionality.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Remove lines deactivated by #if 1 #else
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: avoid unnecessary pointer to long conversion

debug() support supports %p to print pointers.

The debug message is unique. So there is not need to write a possibly
distracting line number.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: use named constant for efi_dp_from_mem()

When calling efi_dp_from_mem() use a named constant for the memory type.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: create fdt reservation before copy

When copying the device we must ensure that the copy does not fall into a
memory area reserved by the same.

So let's change the sequence: first create memory reservations and then
copy the device tree.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: fix memory mapping for sandbox

The sandbox is using a virtual address space which is neither the physical
address space of the operating system nor the virtual address space in
which Linux aplications live. The addresses used insided the flattened
device tree use this sandbox virtual address space. The EFI subsystem uses
the virtual address space of the operating system and this is where the fdt
is stored.

Fix all incorrect addresses for the fdt in cmd/bootefi.cmd.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: macro efi_size_in_pages()

When allocating EFI memory pages the size in bytes has to be converted to
pages.

Provide a macro efi_size_in_pages() for this conversion.
Use it in the EFI subsystem and correct related comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Rename bootefi_test_finish() to bootefi_run_finish()

This function can be used from do_bootefi_exec() so that we use mostly the
same code for a normal EFI application and an EFI test.

Rename the function and use it in both places.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Create a function to set up for running EFI code

There is still duplicated code in efi_loader for tests and normal
operation.

Add a new bootefi_run_prepare() function which holds common code used to
set up U-Boot to run EFI code. Make use of this from the existing
bootefi_test_prepare() function, as well as do_bootefi_exec().

Also shorten a few variable names.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Split out test init/uninit into functions

The functions in bootefi are very long because they mix high-level code
and control with the low-level implementation. To help with this, create
functions which handle preparing for running the test and cleaning up
afterwards.

Also shorten the awfully long variable names here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Check for failure to create objects in selftest

At present a few error conditions are not checked. Before refactoring
this code, add some basic checks. Note that this code still leaks memory
in the event of error. This will be tackled after the refactor.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: carving out memory reservations

The "Devicetree Specification 0.2" does not prescribe that memory
reservations must be EFI page aligned. So let's not make such an
assumption in our code.

Do not carve out the pages for the device tree. This memory area is
already marked as EFI_RUNTIME_SERVICES_DATA.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: memory reservation for fdt

In copy_fdt() we allocate EFI pages for the fdt plus extra 12 KiB as
EFI_RUNTIME_SERVICES_DATA. Afterwards in efi_install_fdt() we overwrite
part of this memory allocation by marking it as EFI_BOOT_SERVICES_DATA.

Remove the code marking the fdt as EFI_BOOT_SERVICES_DATA.

Cf. commit 17ff6f02f5ad ("efi_loader: store DT in EFI_RUNTIME_SERVICES_DATA
memory")

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: fix typos

Fix typos in EFI subsystem comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: add efi_dp_from_name()

Factor out efi_set_bootdev() and extract efi_dp_from_name().
This function will be used to set a boot device in efishell command.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: rename parent to header

Rename the component parent of some EFI objects to header. This avoids
misunderstandings.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: typedef struct efi_object *efi_handle_t

All our handles point to a struct efi_object. So let's define the
efi_handle_t accordingly. This helps us to discover coding errors much
more easily. This becomes evident by the corrections to the usage of
handles in this patch.

Rename variable image_handle to image_obj where applicable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: execute efi_save_gd() first

If DEBUG is defined we may be calling EFI_CALL already during the
initialization of the EFI subsystem. We must make sure efi_save_gd() has
already been called at that moment.

Anyway it is better to have this call in one location instead of three.

This fixes an illegal memory access occurring since 4e6b5d6503ce
("efi_loader: create root node") with DEBUG = 1.

Fixes: 4e6b5d6503ce ("efi_loader: create root node")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: refactor efi_setup_loaded_image()

Create the handle of loaded images and the EFI_LOADED_IMAGE_PROTOCOL
inside efi_setup_loaded_image(). Do not use local variables.

Currently we expect the loaded image handle to point to the loaded image
protocol. Additionally we have appended private fields to the protocol.

With the patch the handle points to a loaded image object and the private
fields are added here. This matches how we handle the net and the gop
object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Fix loaded_image handle passing from EL3

When running in EL3 mode on AArch64, we have to first drop to EL2
to execute a UEFI payload. When dropping down, the arguments to
the entry point have to stay identical to the ones for normal entry
though.

In commit ea54ad59286 ("efi_loader: pass handle of loaded image")
we incorrectly changed that logic and had the el3 entry path diverge.
Fix it up by syncing it back to what it's supposed to be.

Fixes: ea54ad59286 ("efi_loader: pass handle of loaded image")
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>

efi_loader: create root node

Currently we assign a lot of protocols to loaded images though
these protocols are not related to them. Instead they should be
installed on a separate handle. Via the device path it is the
parent to the devices like the network adapter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: memory leak in efi_set_bootdev()

efi_set_bootdev() may be called repeatedly.
Free the memory allocated for device paths in previous calls.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: do not use local variable for handle

Do not use a local variable for the handle backing the memory device path.
Adjust relate comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: buffer size for load options

The number of bytes in an utf-8 string is an upper limit for the number of
words in the equivalent utf-16 string. In so far the inumbant coding works
correctly. For non-ASCII characters the utf-16 string is shorter. With the
patch only the necessary buffer size is allocated for the load options.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: sandbox: Tidy up copy_fdt() to work with sandbox

At present this function takes a pointer as its argument, then passes this
to efi_allocate_pages(), which actually takes an address. It uses casts,
which are not supported on sandbox.

Also the function calculates the FDT size rounded up to the neared EFI
page size, then its caller recalculates the size and adds a bit more to
it.

This function is much better written as something that works with
addresses only, and returns both the address and the size of the relocated
FDT.

Also, copy_fdt() returns NULL on error, but really should propagate the
error from efi_allocate_pages(). To do this it needs to return an
efi_status_t, not a void *.

Update the code in this way, so that it is easier to follow, and also
supports sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Relocate FDT to 127MB instead of 128MB

Sandbox only has 128MB of memory so we cannot relocate the device tree up
to start at 128MB. Use 127MB instead, which should be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: remove unused efi_get_time_init()

Remove unused function efi_get_time_init().

Initialization of the RTC has to be done in board bring up not in the EFI
subsystem.

There is no RTC device in the UEFI spec. The RTC is only accessed through
the runtime services.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: calculate crc32 for EFI tables

For the boot and runtime services tables and for the system table the
crc32 has to be set in the header.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Drop error return in efi_carve_out_dt_rsv()

This function currently returns an error code, but never uses it. There is
no function comment so it is not obvious why. Presuambly the error is not
important.

Update the function to explain its purpose and why it ignores the error.
Drop the useful error return value.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Tidy up device-tree-size calculation in copy_fdt()

This is a bit confusing at present since it adds 4KB to the pointer, then
rounds it up. It looks like a bug, but is not.

Move the 4KB addition into a separate statement and expand the comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Use map_sysmem() in bootefi command

The bootefi command gets a few addresses as values passed in. In sandbox,
these values are in U-Boot address space, so we need to make sure we
explicitly call map_sysmem() on them to be able to access them.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: ARM: don't attempt to enter non-secure mode twice

Multiple EFI binaries may be executed in sequence. So if we already
are in non-secure mode after running the first one we should skip
the switching code since it no longer works once we're non-secure.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: ARM: run EFI payloads non-secure

If desired (and possible) switch into HYP mode or non-secure SVC mode
before calling the entry point of an EFI application. This allows
U-Boot to provide a usable PSCI implementation and makes it possible
to boot kernels into hypervisor mode using an EFI bootloader.

Based on diffs from Heinrich Schuchardt and Alexander Graf.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
[agraf: Fix indentation]
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Install ACPI configuration tables

ACPI tables can be passed via EFI configuration table to an EFI
application. This is only supported on x86 so far.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

efi_loader: Allocate memory handle for mem dp

When we boot using memdp (bootefi on an address without previous
load that populates the device path) then the memory device path
we pass in is not backed by any handle.

That can result in weird effects. For example grub gets very grumpy
about this inside the efi_net module and just loops endlessly.

So let's expose a simple handle that the memory device path is backed
on. That way any code that looks for the device the dp is on, finds
one.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: avoid anonymous constants for AllocatePages

Do not use anonymous constants when calling efi_allocage_pages.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: allow unaligned memory access

The UEFI spec mandates that unaligned memory access should be enabled if
supported by the CPU architecture.

This patch adds an empty weak function unaligned_access() that can be
overridden by an architecture specific routine.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_selftest: do not call efi_init_obj_list() twice

Remove a superfluous call to efi_init_obj_list() invoked by
'bootefi selftest'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

SPDX: Convert a few files that were missed before

As part of the main conversion a few files were missed. These files had
additional whitespace after the '*' and before the SPDX tag and my
previous regex was too strict. This time I did a grep for all SPDX tags
and then filtered out anything that matched the correct styles.

Fixes: 83d290c56fab ("SPDX: Convert all of our single license tags to Linux Kernel style")
Reported-by: Heinrich Schuchardt <xypron.debian@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>

Revert "Kconfig: cmd: Make networking command dependent on NET"

This reverts the parts of commit 3b3ea2c56ec4bc5588281fd103c744e608f8b25c
where it changed the EFI dependency on NET.

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>

Reviewed-by: Duncan Hare <dh@synoia.com>

efi_loader: Respect DT reserved regions

With legacy boot (booti, bootz), people can declare memory regions as
reserved using device tree memory reservations. This feature is some
times used to indicate memory regions that should not be touched.

Since in a UEFI world, the DT memory reservations do not get honored,
let's copy them into the UEFI memory map so everyone has a coherent
view of the world and we give people the chance to add reservations
on demand.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: correctly determine the boot partition

The device path of the loaded image should be set to the partition
from which the image was loaded. This requires using the same logic as
the load command.

Without the patch the device path pointed to the whole disk after executing

load mmc 0: 0x43000000 FILE

and not to the boot partition from which the file was actually loaded.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: support device tree for bootefi selftest

The second argument of the bootefi command should always be usable to
specify a device tree. This was missing for bootefi selftest and
bootefi hello.

Proper error handling is added.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: check initialization of EFI subsystem is successful

Up to now errors in the initialization of the EFI subsystems was not
checked.

If any initialization fails, leave the bootefi command.

We do not retry initialization because this would require to undo all prior
initalization steps.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: do_bootefi_exec should always return an EFI status code

The return type of do_bootefi_exec() is efi_status_t. So in case
of an error we should always return an EFI status code.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: simplify calling efi_init_obj_list

efi_init_obj_list() should be executed only once.

Rather than having the caller check this variable and the callee set it,
move all access to the variable inside the function. This reduces the
logic needed to call efi_init_obj_list().

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

libfdt: move headers to <linux/libfdt.h> and <linux/libfdt_env.h>

Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.

This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h

and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Kconfig: cmd: Make networking command dependent on NET

Enable networking command only when NET is enabled.
And remove selecting NET for CMD_NET

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Tom Rini <trini@konsulko.com>

efi_loader: fix the online help for bootefi bootmgr

The bootefi command is missing in the online help for
bootefi bootmgr.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: catch misspelled bootefi subcommand

If 'bootefi hello' or 'bootefi selftest' can be executed depends on the
configuration.

If an invalid non-numeric 1st argument is passed to bootefi, e.g.
'bootefi hola', this string is converted to 0 and U-Boot jumps to
this typically invalid address.

With the patch the online help is shown instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Always use EFIAPI instead of asmlinkage

EFI calls are usually defined as asmlinkage. That means we pass all parameters
to functions via the stack x86_32.

On x86_64 however, we need to also stick to the MS ABI calling conventions,
which the EFIAPI define conveniently handles for us. Most EFI functions were
also marked with EFIAPI, except for the entry call.

So this patch adjusts all entry calls to use EFIAPI instead of the manual
asmlinkage attribute.

While at it, we also change the prototype of the entry point to return
efi_status_t instead of ulong, as this is the correct prototype definition.

Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

- Use efi_status_t in all occurences

efi_driver: EFI block driver

This patch provides
* a uclass for EFI drivers
* a EFI driver for block devices

For each EFI driver the uclass
* creates a handle
* adds the driver binding protocol

The uclass provides the bind, start, and stop entry points for the driver
binding protocol.

In bind() and stop() it checks if the controller implements the protocol
supported by the EFI driver. In the start() function it calls the bind()
function of the EFI driver. In the stop() function it destroys the child
controllers.

The EFI block driver binds to controllers implementing the block io
protocol.

When the bind function of the EFI block driver is called it creates a
new U-Boot block device. It installs child handles for all partitions and
installs the simple file protocol on these.

The read and write functions of the EFI block driver delegate calls to the
controller that it is bound to.

A usage example is as following:

U-Boot loads the iPXE snp.efi executable. iPXE connects an iSCSI drive and
exposes a handle with the block IO protocol. It calls ConnectController.

Now the EFI block driver installs the partitions with the simple file
protocol.

iPXE uses the simple file protocol to load Grub or the Linux Kernel.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: add comment on calloc len]
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: store DT in EFI_RUNTIME_SERVICES_DATA memory

The device tree is needed at runtime. So we have to store it in
EFI_RUNTIME_SERVICES_DATA memory.

The UEFI spec recommends to store all configuration tables in
EFI_RUNTIME_SERVICES_DATA memory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: consistently use efi_handle_t for handles

We should consistently use the efi_handle_t typedef when
referring to handles.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: pass handle of loaded image

The handle of a loaded image is the value of the handle
member of the loaded image info object and not the
address of the loaded image info.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Exit in efi_set_bootdev() upon invalid "desc"

When trying to load an image from a non-existent USB key, U-Boot v2017.11
crashes on my x86 platform:

=> load usb 0:1 03000000 abc
General Protection
EIP: 0010:[<7b59030d>] EFLAGS: 00010286
Original EIP :[<fff4330d>]
...

This used to work in v2017.09. Testing has shown, that this bug was
introduced with patch 95c5553e [efi_loader: refactor boot device and
loaded_image handling].

This patch now checks if a valid "desc" is returned from blk_get_dev()
and only continues when "desc" is available. Resulting in this cmd
output (again):

=> load usb 0:1 03000000 abc
** Bad device usb 0 **

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: use bootargs as load options

Use environment variable bootargs used as load options
for bootefi payloads.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_selftest: correctly cleanup after selftest

After executing bootefi selftest
* restore GD
* unlink the load image handle
* return 0 or 1 and not a truncated efi_status_t.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_selftest: allow to select a single test for execution

Environment variable efi_selftest is passed as load options
to the selftest application. It is used to select a single
test to be executed.

The load options are an UTF8 string. Yet I decided to keep
the name propertiy of the tests as char[] to reduce code
size.

Special value 'list' displays a list of all available tests.

Tests get an on_request property. If this property is set
the tests are only executed if explicitly requested.

The invocation of efi_selftest is changed to reflect that
bootefi selftest with efi_selftest = 'list' will call the
Exit bootservice.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_selftest: provide a dummy device path

Currently we pass bootefi_device_path and bootefi_image_path as
device and image path without initializing them. They may carry
values from previous calls to bootefi.

With the patch the variables are initialized valid dummy values.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: consistently use efi_status_t in bootefi

Where ulong or unsigned long are used to hold an EFI status
code we should consistenly use efi_status_t.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: implement SetWatchdogTimer

The watchdog is initialized with a 5 minute timeout period.
It can be reset by SetWatchdogTimer.
It is stopped by ExitBoottimeServices.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add mem-mapped for fallback

When we don't have a real device/image path, such as 'bootefi hello',
construct a mem-mapped device-path.

This fixes 'bootefi hello' after devicepath refactoring.

Fixes: 95c5553ea2 ("efi_loader: refactor boot device and loaded_image handling")
Signed-off-by: Rob Clark <robdclark@gmail.com>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: fix efi_exit

efi_exit() already restores gd, so we shouldn't EFI_EXIT() on the
otherside of the longjmp().

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: reenable selftest

ad503ffe9c6 efi_loader: refactor boot device and loaded_image handling
leads to an error when building with CONFIG_CMD_BOOTEFI_SELFTEST=y
This patch fixes the problem.

Fixes: ad503ffe9c6 efi_loader: refactor boot device and loaded_image handling
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: add bootmgr

Similar to a "real" UEFI implementation, the bootmgr looks at the
BootOrder and BootXXXX variables to try to find an EFI payload to load
and boot. This is added as a sub-command of bootefi.

The idea is that the distro bootcmd would first try loading a payload
via the bootmgr, and then if that fails (ie. first boot or corrupted
EFI variables) it would fallback to loading bootaa64.efi. (Which
would then load fallback.efi which would look for \EFI\*\boot.csv and
populate BootOrder and BootXXXX based on what it found.)

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: efi variable support

Add EFI variable support, mapping to u-boot environment variables.
Variables are pretty important for setting up boot order, among other
things. If the board supports saveenv, then it will be called in
ExitBootServices() to persist variables set by the efi payload. (For
example, fallback.efi configuring BootOrder and BootXXXX load-option
variables.)

Variables are *not* currently exposed at runtime, post ExitBootServices.
On boards without a dedicated device for storage, which the loaded OS
is not trying to also use, this is rather tricky. One idea, at least
for boards that can persist RAM across reboot, is to keep a "journal"
of modified variables in RAM, and then turn halt into a reboot into
u-boot, plus store variables, plus halt. Whatever the solution, it
likely involves some per-board support.

Mapping between EFI variables and u-boot variables:

efi_$guid_$varname = {attributes}(type)value

For example:

efi_8be4df61-93ca-11d2-aa0d-00e098032b8c_OsIndicationsSupported=
"{ro,boot,run}(blob)0000000000000000"
efi_8be4df61-93ca-11d2-aa0d-00e098032b8c_BootOrder=
"(blob)00010000"

The attributes are a comma separated list of these possible
attributes:

+ ro - read-only
+ boot - boot-services access
+ run - runtime access

NOTE: with current implementation, no variables are available after
ExitBootServices, and all are persisted (if possible).

If not specified, the attributes default to "{boot}".

The required type is one of:

+ utf8 - raw utf8 string
+ blob - arbitrary length hex string

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: refactor boot device and loaded_image handling

Get rid of the hacky fake boot-device and duplicate device-path
constructing (which needs to match what efi_disk and efi_net do).
Instead convert over to use efi_device_path helpers to construct
device-paths, and use that to look up the actual boot device.

Also, extract out a helper to plug things in properly to the
loaded_image. In a following patch we'll want to re-use this in
efi_load_image() to handle the case of loading an image from a
file_path.

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_selftest: provide an EFI selftest application

A testing framework for the EFI API is provided.
It can be executed with the 'bootefi selftest' command.

It is coded in a way that at a later stage we may turn it
into a standalone EFI application. The current build system
does not allow this yet.

All tests use a driver model and are run in three phases:
setup, execute, teardown.

A test may be setup and executed at boottime,
it may be setup at boottime and executed at runtime,
or it may be setup and executed at runtime.

After executing all tests the system is reset.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: rename __efi_hello_world_*

In scripts/Makefile.lib we build section including helloworld.efi.
This allows to load the EFI binary with command 'bootefi hello'.

scripts/Makefile.lib contains explicit references to strings
containing helloworld and hello_world. This makes it impossible
to generalize the coding to accomodate additional built in
EFI binaries.

Let us rename the variables __efi_hello_world_* to
__efi_helloworld_*.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: bootefi hello should use loadaddr

Command 'bootefi hello' currently uses CONFIG_SYS_LOAD_ADDR
as loading address.

qemu machines have by default 128 MiB RAM.
CONFIG_SYS_LOAD_ADDR for x86 is 0x20000000 (512 MiB).
This causes 'bootefi hello' to fail.

We should use the environment variable loadaddr if available.
It defaults to 0x1000000 (16 MiB) on qemu_x86.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: use EFI_PAGE_SIZE instead of 4096

We should use constant EFI_PAGE_SIZE instead of 4096 where the
coding relies on 4096 being EFI_PAGE_SIZE.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Fix configuration table override

Before commit 7cbc12415d ("efi_loader: initalize EFI object list
only once") we recreated the world on every bootefi invocation.

That included the object tree as well as the configuration tables.

Now however we don't recreate them, which means we must not explicitly
override the configuration tables, as otherwise we may lose our SMBIOS
table from the configuration table list on second bootefi invocation.

This patch makes bootefi call our normal configuration table modification
APIs to add/remove the FDT instead of recreating all tables from scratch.
That way the SMBIOS table gets preserved across multiple invocations.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: initalize EFI object list only once

If several EFI applications are executed in sequence we want
to keep the content of the EFI object list.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: gop: fixes for CONFIG_DM_VIDEO without CONFIG_LCD

Make EFI GOP support work with DM_VIDEO but without legacy LCD.

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: EFI file paths should be DOS style

shim.efi, for example, actually tries to parse this, but is expecting
backslashes.

Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_console: set up events

Set up a timer event and the WaitForKey event.
In the notify function of the timer event check for console input
and signal the WaitForKey event accordingly.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: provide meaningful status code

Currenty any EFI status other than EFI_SUCCESS is reported as
Application terminated, r = -22

With the patch the status code returned by the EFI application
is printed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

bootefi: allow return without EFI_BOOT_SERVICES.Exit

The Unified Extensible Firmware Interface Specification, version 2.7,
defines in chapter 2.1.2 - UEFI Application that an EFI application may
either directly return or call EFI_BOOT_SERVICES.Exit().

Unfortunately U-Boot makes the incorrect assumption that
EFI_BOOT_SERVICES.Exit() is always called.

So the following application leads to a memory exception on the aarch64
architecture when returning:

EFI_STATUS efi_main(
EFI_HANDLE handle,
EFI_SYSTEM_TABlE systable) {
return EFI_SUCCESS;
}

With this patch the entry point is stored in the image handle.

The new wrapper function do_enter is used to call the EFI entry point.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: implement EFI_DEVICE_PATH_TO_TEXT_PROTOCOL

ConvertPathToText is implemented for
* type 4 - media device path
* subtype 4 - file path

This is the kind of device path we hand out for block devices.

All other cases may be implemented later.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: fix whitespace]
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: reimplement efi_locate_protocol

The UEFI specification requires that LocateProtol finds the first
handle supporting the protocol and to return a pointer to its
interface.

So we have to assign the protocols to an efi_object and not use
any separate storage.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: refactor efi_open_protocol

efi_open_protocol was implemented to call a protocol specific open
function to retrieve the protocol interface.

The UEFI specification does not know of such a function.

It is not possible to implement InstallProtocolInterface with the
current design.

With the patch the protocol interface itself is stored in the list
of installed protocols of an efi_object instead of an open function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: fix efi gop support]
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add check for fallback fdt memory reservation

When running bootefi, we allocate new space but never check whether
the allocation succeeded. This patch adds a check so that in case
things go wrong, we at least know they did.

Signed-off-by: Alexander Graf <agraf@suse.de>

dm: Use dm.h header when driver mode is used

This header includes things that are needed to make driver build. Adjust
existing users to include that always, even if other dm/ includes are
present

Signed-off-by: Simon Glass <sjg@chromium.org>

disk: convert CONFIG_ISO_PARTITION to Kconfig

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay73@gmail.com>

armv8: aarch64: Fix the warning about x1-x3 nonzero issue

For 64-bit kernel, there is a warning about x1-x3 nonzero in violation
of boot protocol. To fix this issue, input argument 4 is added for
armv8_switch_to_el2 and armv8_switch_to_el1. The input argument 4 will
be set to the right value, such as zero.

Signed-off-by: Alison Wang <alison.wang@nxp.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: York Sun <york.sun@nxp.com>

armv8: Support loading 32-bit OS in AArch32 execution state

To support loading a 32-bit OS, the execution state will change from
AArch64 to AArch32 when jumping to kernel.

The architecture information will be got through checking FIT image,
then U-Boot will load 32-bit OS or 64-bit OS automatically.

Signed-off-by: Ebony Zhu <ebony.zhu@nxp.com>
Signed-off-by: Alison Wang <alison.wang@nxp.com>
Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

efi_loader: AArch64: Run EFI payloads in EL2 if U-Boot runs in EL3

Some boards decided not to run ATF or other secure firmware in EL3, so
they instead run U-Boot there. The uEFI spec doesn't know what EL3 is
though - it only knows about EL2 and EL1. So if we see that we're running
in EL3, let's get into EL2 to make payloads happy.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: York Sun <york.sun@nxp.com>

efi: Add support for a hello world test program

It is useful to have a basic sanity check for EFI loader support. Add a
'bootefi hello' command which loads HelloWord.efi and runs it under U-Boot.

Signed-off-by: Simon Glass <sjg@chromium.org>
[agraf: Fix documentation, add unfulfilled kconfig dep]
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Fix debug message address format

This should use U-Boot's standard format for hex address. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Revert device_handle to disk after net boot

When you boot an efi payload from network, then exit that payload
and load another payload from disk afterwords, the disk payload will
currently see the network device as its boot path.

This breaks grub2 for example which tries to find its modules based
on the path it was loaded from.

This patch fixes that issue by always reverting to disk paths if we're
not in the network boot. That way the data structures after a network
boot look the same as before.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Fix missing EFIAPI specifiers

These are missing in some functions. Add them to keep things consistent.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

smbios: Expose in efi_loader as table

We can pass SMBIOS easily as EFI configuration table to an EFI payload. This
patch adds enablement for that case.

While at it, we also enable SMBIOS generation for ARM systems, since they support
EFI_LOADER.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

efi_loader: Allow boards to implement get_time and reset_system

EFI allows an OS to leverage firmware drivers while the OS is running. In the
generic code we so far had to stub those implementations out, because we would
need board specific knowledge about MMIO setups for it.

However, boards can easily implement those themselves. This patch provides the
framework so that a board can implement its own versions of get_time and
reset_system which would actually do something useful.

While at it we also introduce a simple way for code to reserve MMIO pointers
as runtime available.

Signed-off-by: Alexander Graf <agraf@suse.de>

cmd: efi_loader: Return CMD_RET_USAGE in case of not enough arguments

When typing 'bootefi' from U-Boot shell, nothing outputs. Like other
commands, return CMD_RET_USAGE so that it can print help message.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alexander Graf <agraf@suse.de>

efi_loader: disk: Fix CONFIG_BLK breakage

When using CONFIG_BLK, there were 2 issues:

1) The name we generate the device with has to match the
name we set in efi_set_bootdev()

2) The device we pass into our block functions was wrong,
we should not rediscover it but just use the already known
pointer.

This patch fixes both issues.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Make exposed image loader path absolute

When loading an efi image, we pass it the location it was loaded from.

On file system backends, there are no relative paths, so we should always
pass in absolute ones. For network paths, we may be relative.

This fixes distro booting with grub2 for me when it fetches the grub2 config
file from the loader partition.

Reported-by: york sun <york.sun@nxp.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

cmd: bootefi: cosmetic

Short help (description) in bootefi command has a trailing "\n" that
breaks the "help" command output (empty line after "bootefi").

Nothing important, doesn't affect anything but better be fixed in the
upcoming release.

Still working on i.MX6 and their siblings NAND U-Boot update -- it
works here but not ready for a submission yet. Anyway it is for the
next cycle, not going to go into this release because it is too big
and may affect something else.

Also have some thoughts about fastboot (using multiple devices) but
this will go into separate email with RFC.

Signed-off-by: Sergey Kubushyn <ksi@koi8.net>

efi_loader: Move to normal debug infrastructure

We introduced special "DEBUG_EFI" defines when the efi loader
support was new. After giving it a bit of thought, turns out
we really didn't have to - the normal #define DEBUG infrastructure
works well enough for efi loader as well.

So this patch switches to the common debug() and #define DEBUG
way of printing debug information.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add exit support

Some times you may want to exit an EFI payload again, for example
to default boot into a PXE installation and decide that you would
rather want to boot from the local disk instead.

This patch adds exit functionality to the EFI implementation, allowing
EFI payloads to exit.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add network access support

We can now successfully boot EFI applications from disk, but users
may want to also run them from a PXE setup.

This patch implements rudimentary network support, allowing a payload
to send and receive network packets.

With this patch, I was able to successfully run grub2 with network
access inside of QEMU's -M xlnx-ep108.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Pass fdt address directly to bootefi cmd

The bootefi cmd today fetches its device tree pointer from either the
location appointed by "fdt addr" with a fallback to the U-Boot control
fdt.

This integration is unusual for U-Boot and diverges from the way we
usually handle parameters to boot commands. So let's pass the fdt
directly into the bootefi command instead and move the control fdt
logic into the distro boot script.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Stephen Warren <swarren@wwwdotorg.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>

efi_loader: Put fdt into convenient location

The uEFI spec doesn't dictate where the device tree should live at, but
legacy 32bit ARM grub2 has some assumptions that it may stay at its place
when it's already loaded by the firmware.

So let's put it somewhere where Linux that comes after would happily find
it - around the recommended 128MB line.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Andreas Färber <afaerber@suse.de>

efi_loader: Use system fdt as fallback

When the user did not pass any device tree or the boot script
didn't find any, let's use the system device tree as last resort
to get something the payload (Linux) may understand.

This means that on systems that use the same device tree for U-Boot
and Linux we can just share it and there's no need to manually provide
a device tree in the target image.

While at it, also copy and pad the device tree by 64kb to give us
space for modifications.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Andreas Färber <afaerber@suse.de>

efi_loader: Increase path string to 32 characters

Whenever we want to tell our payload about a path, we limit ourselves
to a reasonable amount of characters. So far we only passed in device
names - exceeding 16 chars was unlikely there.

However by now we also pass real file path information, so let's increase
the limit to 32 characters. That way common paths like "boot/efi/bootaa64.efi"
fit just fine.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Pass file path to payload

The payload gets information on where it got loaded from. This includes
the device as well as file path.

So far we've treated both as the same thing and always gave it the device
name. However, in some situations grub2 actually wants to find its loading
path to find its configuration file.

So let's split the two semantically separte bits into separate structs and
pass the loaded file name into our payload when we load it using "load".

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add el torito support

When loading an el torito image, uEFI exposes said image as a raw
block device to the payload.

Let's do the same by creating new block devices with added offsets for
the respective el torito partitions.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add GOP support

The EFI standard defines a simple boot protocol that an EFI payload can use
to access video output.

This patch adds support to expose exactly that one (and the mode already in
use) as possible graphical configuration to an EFI payload.

With this, I can successfully run grub2 with graphical output.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Pass proper device path in on boot

EFI payloads can query for the device they were booted from. Because
we have a disconnect between loading binaries and running binaries,
we passed in a dummy device path so far.

Unfortunately that breaks grub2's logic to find its configuration
file from the same device it was booted from.

This patch adds logic to have the "load" command call into our efi
code to set the device path to the one we last loaded a binary from.

With this grub2 properly detects where we got booted from and can
find its configuration file, even when searching by-partition.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Call fdt preparation functions

We have a nice framework around image fils to prepare a device tree
for OS execution. That one patches in missing device tree nodes and
fixes up the memory range bits.

We need to call that one from the EFI boot path too to get all those
nice fixups. This patch adds the call.

Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Add "bootefi" command

In order to execute an EFI application, we need to bridge the gap between
U-Boot's notion of executing images and EFI's notion of doing the same.

The best path forward IMHO here is to stick completely to the way U-Boot
deals with payloads. You manually load them using whatever method to RAM
and then have a simple boot command to execute them. So in our case, you
would do

# load mmc 0:1 $loadaddr grub.efi
# bootefi $loadaddr

which then gets you into a grub shell. Fdt information known to U-boot
via the fdt addr command is also passed to the EFI payload.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
[trini: Guard help text with CONFIG_SYS_LONGHELP]
Signed-off-by: Tom Rini <trini@konsulko.com>

cmd: bootefi: move library interfaces under lib/efi_loader

In the prior commits, interfaces for executing EFI binary and boot manager
were carved out. Move them under efi_loader directory so that they can
be called from other places without depending on bootefi command.

Only efi_selftest-related code will be left in bootefi.c.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: localize global device paths for efi_selftest

Device paths allocated in bootefi_test_prepare() will be immediately
consumed by do_efi_selftest() and there is no need to keep them for later
use. Introduce test-specific varialbles to make it easier to move other
bootmgr functions into library directory in the next commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: carve out binary execution interface

Carve binary execution code out of do_bootefi_image() in order to move
binary-execution specific code into library directory in the later
commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: carve out EFI boot manager interface

Carve EFI boot manager related code out of do_bootefi_image() in order
to move boot manager specific code into library directory in the later
commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: re-organize do_bootefi()

Replicate some code and re-organize do_bootefi() into three cases, which
will be carved out as independent functions in the next two commits.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

cmd: bootefi: unfold do_bootefi_image()

Unfold do_bootefi_image() into do_bootefi() in order to make it easier
to re-organize do_bootefi() in the next commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

boot: Drop size parameter from image_setup_libfdt()

The of_size parameter is not used, so remove it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

efi_loader: add return to efibootmgr event group

When the image loaded by efibootmgr returns, efibootmgr
needs to clean the resources. Adding the event of returning
to efibootmgr is useful to simplify the implementation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

cmd: Convert existing long help messages to the new macro

- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

efi_loader: make efi_delete_handle() follow the EFI spec

The EFI doesn't allow removal of handles, unless all hosted protocols
are cleanly removed. Our efi_delete_handle() is a bit intrusive.
Although it does try to delete protocols before removing a handle,
it doesn't care if that fails. Instead it only returns an error if the
handle is invalid. On top of that none of the callers of that function
check the return code.

So let's rewrite this in a way that fits the EFI spec better. Instead
of forcing the handle removal, gracefully uninstall all the handle
protocols. According to the EFI spec when the last protocol is removed
the handle will be deleted. Also switch all the callers and check the
return code. Some callers can't do anything useful apart from reporting
an error. The disk related functions on the other hand, can prevent a
medium that is being used by EFI from removal.

The only function that doesn't check the result is efi_delete_image().
But that function needs a bigger rework anyway, so we can clean it up in
the future

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: fix efi_dp_from_file()

* When called from efi_dp_from_name() we miss to append the filename
for non-block devices.
* expand_media_path() could be simplified by using efi_dp_from_file to
prepend the device path of the boot device.

This can be avoided by passing a device path to efi_dp_from_file() instead
of a block device descriptor and a partition number.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: bootefi: allocate device-tree copy from high memory

The bootefi command creates a copy of the device-tree within the first
127 MiB of memory. This may lead to overwriting previously loaded binaries
(e.g. kernel, initrd).

Linux EFI stub itself copies U-Boot's copy of the device-tree. This means
there is not restriction for U-Boot to place the device-tree copy to any
address. (Restrictions existed for 32bit ARM before Linux commit
7a1be318f579 ("ARM: 9012/1: move device tree mapping out of linear region")
for legacy booting.

Reported-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com>

efi_loader: Measure the loaded DTB

Measures the DTB passed to the EFI application upon new boolean config
switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the
content of the DTB passed to the OS can change across reboots, there is
not point measuring it hence the config switch to allow platform to not
embed this feature.

Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

efi_loader: remove efi_delete_handle on loadfile2

Loadfile2 code is installing two protocols on it's own handle
and uses efi_delete_handle() to clean it up on failure(s). However
commit 05c4c9e21ae6 ("efi_loader: define internal implementations of
install/uninstallmultiple") prepares the ground for us to clean up
efi_delete_handle() used in favor of Install/UninstallMultipleProtocol.

While at it clean up the non needed void casts to (void *) on the
protolcol installation.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: replace efi_create_handle/add_protocol with InstallMultipleProtocol

In general handles should only be deleted if the last remaining protocol
is removed. Instead of explicitly calling
efi_create_handle -> efi_add_protocol -> efi_delete_handle which blindly
removes all protocols from a handle before removing it, use
InstallMultiple/UninstallMultiple which adheres to the EFI spec and only
deletes a handle if there are no additional protocols present

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

treewide: Drop bootm_headers_t typedef

This is not needed and we should avoid typedefs. Use the struct instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: memory leak in efi_set_bootdev()

efi_dp_str() allocates memory which should be released after use.

Use %pD printf code. Adjust message wording.

Fixes: d837cb1e3b6b ("efi: Add debugging to efi_set_bootdev()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: load: add load command for memory mapped

cp.b is used a lot as a way to load binaries to memory and execute
them, however we may need to integrate this with the efi subsystem to
set it up as a bootdev.

So, introduce a loadm command that will be consistent with the other
loadX commands and will call the efi API's.

ex: loadm $kernel_addr $kernel_addr_r $kernel_size

with this a kernel with CONFIG_EFI_STUB enabled will be loaded and
then subsequently booted with bootefi command.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

cmd/bootefi: correct command syntax

For indicating the address and size of a memory region other commands use a
<addr>[:<size>] syntax. Do the same for bootefi.

Fixes: 2058983689f0 ("cmd: bootefi: restore ability to boot arbitrary blob")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

cmd: bootefi: restore ability to boot arbitrary blob

Up until commit 5f59518a7b1ae ("efi_loader: setting boot device"), we
could boot an arbitrary blob with bootefi. Indeed, efi_run_image() even
has a special case for missing device paths indicating a payload that
was directly loaded via JTAG, for example.

Restore the ability to inject a UEFI payload into memory and `bootefi`
it. If the address passed isn't the last PE-COFF loaded, then we'll
wipe out the pre-existing DP/Image information and let efi_run_image()
synthesize a memory device path.

An image size is required if we're booting an arbitrary payload, and
the FDT argument has been changed to accept `-`. The size could be
deduced from the image header, but it's required anyways as an explicit
acknowledgment that one's trying to boot an arbitrary payload rather
than accidentally using the wrong address in the single-addr form.

Fixes: 5f59518a7b1a ("efi_loader: setting boot device")
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: Ignore DT when ACPI is on

For targets that enable ACPI, we should not pass Device Trees into
the payload. However, our distro boot logic always passes the builtin
DT as an argument.

To make it easy to use ACPI with distro boot, let's just ignore the DT
argument to bootefi when ACPI is enabled. That way, we can successfully
distro boot payloads on ACPI enabled targets.

Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: update the timing of enabling and disabling EFI watchdog

UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

1) The EFI Image may reset or disable the watchdog timer as needed.
2) If control is returned to the firmware's boot manager,
the watchdog timer must be disabled.
3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi: Add debugging to efi_set_bootdev()

The operation of this function can be confusing. Add some debugging so
we can see what it is doing and when it is called.

Also drop the preprocessor usage.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installed

U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen
node. That would be problematic in case we want to measure the DTB we
install in the configuration table, since it would change across reboots.

The Linux kernel EFI-stub completely ignores it and only relies on
EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization
of the physical placement of the kernel). In fact it (blindly) overwrites
the existing seed if the protocol is installed. However it still uses it
for randomizing it's virtual placement.
So let's get rid of it in the presence of the RNG protocol.

It's worth noting that TPMs also provide an RNG. So if we tweak our
EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device
is present the 'kaslr-seed' property will always be removed, allowing
us to reliably measure our DTB.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: Replace config option for initrd loading

Up to now we install EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader, only falls back to the cmdline interpreted initrd if the
protocol is not installed.

This creates a problem for EFI installers, since they won't be able to
load their own initrd and continue the installation. It also makes the
feature hard to use, since we can either have a single initrd or we have
to recompile u-boot if the filename changes.

So let's introduce a different logic that will decouple the initrd
path from the config option we currently have.
When defining a UEFI BootXXXX we can use the filepathlist and store
a file path pointing to our initrd. Specifically the EFI spec describes:

"The first element of the array is a device path that describes the device
and location of the Image for this load option. Other device paths may
optionally exist in the FilePathList, but their usage is OSV specific"

When the EFI application is launched through the bootmgr, we'll try to
interpret the extra device path. If that points to a file that exists on
our disk, we'll now install the load_file2 and the efi-stub will be able
to use it.

This opens up another path using U-Boot and defines a new boot flow.
A user will be able to control the kernel/initrd pairs without explicit
cmdline args or GRUB.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

image: Adjust the workings of fit_check_format()

At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

efi_loader: switch to non-secure mode later

Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.

With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().

Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: make the UEFI boot manager configurable

Some boards are very tight on the binary size. Booting via UEFI is possible
without using the boot manager.

Provide a configuration option to make the boot manager available.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: implement EFI_DT_FIXUP_PROTOCOL

A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: setting boot device

Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.

Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.

For a PE-COFF image remember address and size, boot device and path.

For a FIT image remember boot device and path.

If the PE-COFF image is overwritten by loading another file, forget it.

Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: simplify running helloworld.efi

Currently when executing 'bootefi hello' we copy helloworld.efi to the
address identified by environment variable loadaddr. This is unexected
behavior for a user. There is no need to copy helloworld.efi before
executing it after relocation.

Remove the copy action.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: consider no-map property of reserved memory

The device tree may contain a /reserved-memory node. The no-map property
of the sub-nodes signals if the memory may be accessed by the UEFI payload
or not.

In the EBBR specification (https://github.com/arm-software/ebbr) the
modeling of the reserved memory has been clarified.

If a reserved memory node in the device tree has the no-map property map,
create a EfiReservedMemoryType memory map entry else use
EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: log messages for bootefi command

Write log messages when booting via the bootefi command to allow tracking
on the syslog server. Example messages are

Booting /snp.efi

or

Booting /MemoryMapped(0x0,0x4fe00000,0x35a40)
Loading image failed

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: document parameters of do_bootefi_exec()

Add the missing description of the load_options parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set load options in boot manager

Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: factor out efi_set_load_options()

The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use logging for bootefi command

Log messages of the bootefi command instead of simply printing them to the
console.

Do not show "## Application terminated" message when the UEFI binary
completed successfully.

Adjust the python tests testing for '## Application terminated'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: incorrect check against FDT_ADDR_T_NONE

With commit 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells
properties correctly") addr was replaced by fdt_addr. But not in the check
against FDT_ADDR_T_NONE.

Fixes: 0d7c2913fdf7 ("cmd: bootefi: Honor the address & size cells properties
correctly")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: Fix fdt_size variable type in efi_carve_out_dt_rsv()

Variable fdt_size should be of type 'fdt_size_t', not 'fdt_addr_t'.

Fixes 0d7c2913fdf7: ("cmd: bootefi: Honor the address & size cells properties correctly")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: Honor the address & size cells properties correctly

fdtdec_get_addr_size reads the uses a fixed value for address & size
cell properties which may not be correct always.

Use the auto variant of the function which automatically reads
#address-cells & #size-cells from parent and uses to read the "reg"
property.

Signed-off-by: Atish Patra <atish.patra@wdc.com>

On 32 bit systems fdt_addr_t may be 4 bytes long but size is defined as
u64. Avoid filling the upper 4 bytes of the sizep parameter of
fdtdec_get_addr_size_auto_parent() with random bytes from the stack by
defining a separate variable fdt_size.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: round the memory area in efi_add_memory_map()

Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: put device tree into EfiACPIReclaimMemory

According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: remove superfluous NULL check in bootefi.c

efi_free_pool() and efi_delete_handle() both check if their argument is
NULL. The caller should not duplicate this check.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: only reserve memory if fdt node enabled

Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.

Reported-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Fixes: fef907b2e440 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Atish Patra <atish.patra@wdc.com>

cmd: bootefi: Parse reserved-memory node from DT

Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.

Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.

1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]

Signed-off-by: Atish Patra <atish.patra@wdc.com>

Fix an endless loop.

The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: create reservations after ft_board_setup

Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().

The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.

Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: fix efi_install_fdt() description

In the function description use the correct parameter name.

Mention EFI_FDT_USE_INTERNAL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

dm: core: Create a new header file for 'compat' features

At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.

Move the compatibility features into a separate header file.

Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: free load options after execution

When be launch a binary via bootefi the bootargs environment variable is
used to set the load options in the loaded image protocol.

Free memory allocated for load options when the UEFI binary exits.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: export efi_install_fdt()

Use a pointer to addressable memory instead of a "physical" address in the
virtual address space of the sandbox to efi_install_fdt().

Export the efi_install_fdt() function.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: carve out efi_run_image()

Provide public function efi_run_imager() which can be used to run an UEFI
image from memory.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use hardware device tree by default

If the bootefi command is called without passing the address of a device
tree, the internal device tree is used. For devices with a hardware device
tree it is preferable to used the hardware device tree in this case.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: pass address to efi_install_fdt()

As part of moving the parsing of command line arguments to do_bootefi()
call efi_install_fdt() with the address of the device tree instead of a
string.

If the address is EFI_FDT_USE_INTERNAL (= 0), the internal device tree
is used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

env: Move env_get() to env.h

Move env_get() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

efi_loader: fix function comments in cmd/bootefi.c

Describe efi_set_bootdev().

Change function descriptions to Sphinx style.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: Change return type of efi_add_memory_map()

We currently have some inconsistent use of efi_add_memory_map()
throughout the code. In particular the return value of efi_add_memory_map()
is not interpreted the same way by various users in the codebase.

This patch does the following:

- Changes efi_add_memory_map() to return efi_status_t.
- Adds a method description to efi_add_memory_map().
- Changes efi_add_memory_map() to return EFI_SUCCESS
- Returns non-zero for error in efi_add_memory_map()
- Updates efi_allocate_pages() to new efi_add_memory_map()
- Updates efi_free_pages() to new efi_add_memory_map()
- Updates efi_carve_out_dt_rsv() to new efi_add_memory_map()
- Updates efi_add_runtime_mmio() to new efi_add_memory_map()

Fixes: 5d00995c361c ("efi_loader: Implement memory allocation and map")
Fixes: 74c16acce30b ("efi_loader: Don't allocate from memory holes")
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Alexander Graf <agraf@csgraf.de>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: comments for efi_install_fdt()

Describe that efi_install_fdt() defaults to using the device tree
indicated by environment variable fdtcontroladdr.

ACPI tables and device trees are mutually exclusive.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: deduplicate code in cmd/bootefi.c

Move duplicate initialization code to single instance.

Adjust comments of concerned functions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: clean up UEFI sub-system initialization

allow_unaligned(), switch_to_non_secure_mode(), and efi_init_obj_list() are
called in sequence in multiple places.

Move calls to allow_unaligned() and switch_to_non_secure_mode() to
efi_init_obj_list().

Remove unused includes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: implement support of exit data

In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().

Let the `bootefi` command print the exit data string in case of an error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set OsIndicationsSupported at init

UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Add comments. Rename a variable.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: need either ACPI table or device tree

The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.

If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.

The fdt unit test should not be run on boards with an ACPI table.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: rework bootmgr/bootefi using load_image API

In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.

With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out do_bootefi_image() from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.
All the non-boot-manager-based (that is, bootefi <addr>) code is put
into one function, do_bootefi_image().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out bootmgr code from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.
do_bootmgr_exec() is renamed to do_efibootmgr() as we put all the necessary
code into this function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: move do_bootefi_bootmgr_exec() forward

This is a preparatory patch for reworking do_bootefi() in later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out efi_selftest code from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.

Efi_selftest code is unusual in terms of execution path in do_bootefi(),
which make that function complicated and hard to understand. With this
patch, all efi_selftest related code will be put in a separate function.

The change also includes expanding efi_run_prepare() and efi_run_finish()
in do_bootefi_exec().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: merge efi_install_fdt() and efi_process_fdt()

This is a preparatory patch for reworking do_bootefi() in later patch.
For simplicity, merge two functions.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

Return error code of efi_install_configuration_table() when aborting from
efi_install_fdt().

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: carve out fdt handling from do_bootefi()

This is a preparatory patch for reworking do_bootefi() in later patch.

Carve out a function to handle the installation of the device tree
as a configuration table in system table.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

cmd: bootefi: rework set_load_options()

set_load_options() can fail, so it should return error code to stop
invoking an image.
In addition, set_load_options() now takes a handle, instead of
loaded_image_info, to utilize efi_load_image() in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Change FDT memory type from runtime data to boot services data

Following Ard's suggestion:
Runtime data sections are intended for data that is used by the runtime
services implementation.
Let's change the type to EFI_BOOT_SERVICES_DATA.

This also fixes booting of armv7 using efi and fdtcontroladdr.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: clean up bootefi_test_prepare()

Free resources upon failure.

Correct the function description.

As there is no need for any special address in the dummy memory device
path passed via the EFI_LOADED_IMAGE_PROTOCOL simply use 0 as address.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: fix EFI entry counting

`bootefi selftest` fails on qemu-x86_defconfig if efi_selftest() is not
invoked using EFI_CALL().

Likewise we call the entry point of EFI payloads with
EFI_CALL(efi_start_image()).

entry_count indicates if we are in U-Boot (1) or in EFI payload code (0).
As we start in U-Boot code the initial value has to be 1.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: use efi_start_image() for bootefi

Remove the duplicate code in efi_do_enter() and use efi_start_image() to
start the image invoked by the bootefi command.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: set entry point in efi_load_pe()

Up to now efi_load_pe() returns the entry point or NULL in case of an
error. This does not allow to return correct error codes from LoadImage().

Let efi_load_pe() return a status code and fill in the entry point in the
corresponding field of the image object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: refactor switch to non-secure mode

Refactor the switch from supervisor to hypervisor to a new function called
at the beginning of do_bootefi().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: move efi_init_obj_list() to a new efi_setup.c

The function, efi_init_obj_list(), can be shared in different pseudo efi
applications, like bootefi/bootmgr as well as my efishell. Moreover, it
will be utilized to extend efi initialization, for example, my "removable
disk support" patch and "capsule-on-disk support" patch in the future.

So with this patch, it will be moved to a new file, efi_setup.c, under
lib/efi_loader and exported, making no changes in functionality.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Remove lines deactivated by #if 1 #else
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: avoid unnecessary pointer to long conversion

debug() support supports %p to print pointers.

The debug message is unique. So there is not need to write a possibly
distracting line number.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: use named constant for efi_dp_from_mem()

When calling efi_dp_from_mem() use a named constant for the memory type.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: create fdt reservation before copy

When copying the device we must ensure that the copy does not fall into a
memory area reserved by the same.

So let's change the sequence: first create memory reservations and then
copy the device tree.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: fix memory mapping for sandbox

The sandbox is using a virtual address space which is neither the physical
address space of the operating system nor the virtual address space in
which Linux aplications live. The addresses used insided the flattened
device tree use this sandbox virtual address space. The EFI subsystem uses
the virtual address space of the operating system and this is where the fdt
is stored.

Fix all incorrect addresses for the fdt in cmd/bootefi.cmd.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: macro efi_size_in_pages()

When allocating EFI memory pages the size in bytes has to be converted to
pages.

Provide a macro efi_size_in_pages() for this conversion.
Use it in the EFI subsystem and correct related comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Rename bootefi_test_finish() to bootefi_run_finish()

This function can be used from do_bootefi_exec() so that we use mostly the
same code for a normal EFI application and an EFI test.

Rename the function and use it in both places.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Create a function to set up for running EFI code

There is still duplicated code in efi_loader for tests and normal
operation.

Add a new bootefi_run_prepare() function which holds common code used to
set up U-Boot to run EFI code. Make use of this from the existing
bootefi_test_prepare() function, as well as do_bootefi_exec().

Also shorten a few variable names.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Split out test init/uninit into functions

The functions in bootefi are very long because they mix high-level code
and control with the low-level implementation. To help with this, create
functions which handle preparing for running the test and cleaning up
afterwards.

Also shorten the awfully long variable names here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi: Check for failure to create objects in selftest

At present a few error conditions are not checked. Before refactoring
this code, add some basic checks. Note that this code still leaks memory
in the event of error. This will be tackled after the refactor.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: carving out memory reservations

The "Devicetree Specification 0.2" does not prescribe that memory
reservations must be EFI page aligned. So let's not make such an
assumption in our code.

Do not carve out the pages for the device tree. This memory area is
already marked as EFI_RUNTIME_SERVICES_DATA.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: memory reservation for fdt

In copy_fdt() we allocate EFI pages for the fdt plus extra 12 KiB as
EFI_RUNTIME_SERVICES_DATA. Afterwards in efi_install_fdt() we overwrite
part of this memory allocation by marking it as EFI_BOOT_SERVICES_DATA.

Remove the code marking the fdt as EFI_BOOT_SERVICES_DATA.

Cf. commit 17ff6f02f5ad ("efi_loader: store DT in EFI_RUNTIME_SERVICES_DATA
memory")

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: fix typos

Fix typos in EFI subsystem comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: add efi_dp_from_name()

Factor out efi_set_bootdev() and extract efi_dp_from_name().
This function will be used to set a boot device in efishell command.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: rename parent to header

Rename the component parent of some EFI objects to header. This avoids
misunderstandings.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: typedef struct efi_object *efi_handle_t

All our handles point to a struct efi_object. So let's define the
efi_handle_t accordingly. This helps us to discover coding errors much
more easily. This becomes evident by the corrections to the usage of
handles in this patch.

Rename variable image_handle to image_obj where applicable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: execute efi_save_gd() first

If DEBUG is defined we may be calling EFI_CALL already during the
initialization of the EFI subsystem. We must make sure efi_save_gd() has
already been called at that moment.

Anyway it is better to have this call in one location instead of three.

This fixes an illegal memory access occurring since 4e6b5d6503ce
("efi_loader: create root node") with DEBUG = 1.

Fixes: 4e6b5d6503ce ("efi_loader: create root node")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: refactor efi_setup_loaded_image()

Create the handle of loaded images and the EFI_LOADED_IMAGE_PROTOCOL
inside efi_setup_loaded_image(). Do not use local variables.

Currently we expect the loaded image handle to point to the loaded image
protocol. Additionally we have appended private fields to the protocol.

With the patch the handle points to a loaded image object and the private
fields are added here. This matches how we handle the net and the gop
object.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

efi_loader: Fix loaded_image handle passing from EL3

When running in EL3 mode on AArch64, we have to first drop to EL2
to execute a UEFI payload. When dropping down, the arguments to
the entry point have to stay identical to the ones for normal entry
though.

In commit ea54ad59286 ("efi_loader: pass handle of loaded image")
we incorrectly changed that logic and had the el3 entry path diverge.
Fix it up by syncing it back to what it's supposed to be.

Fixes: ea54ad59286 ("efi_loader: pass handle of loaded image")
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>

efi_loader: create root node

Currently we assign a lot of protocols to loaded images though
these protocols are not related to them. Instead they should be
installed on a separate handle. Via the device path it is the
parent to the devices like the network adapter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>