Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
diff --git a/board/nokia/rx51/MAINTAINERS b/board/nokia/rx51/MAINTAINERS
index 58b16bf..25f8b3c 100644
--- a/board/nokia/rx51/MAINTAINERS
+++ b/board/nokia/rx51/MAINTAINERS
@@ -4,5 +4,5 @@
 F:	board/nokia/rx51/
 F:	include/configs/nokia_rx51.h
 F:	configs/nokia_rx51_defconfig
-F:	doc/README.nokia_rx51
+F:	doc/board/nokia/rx51.rst
 F:	test/nokia_rx51_test.sh
diff --git a/doc/README.nokia_rx51 b/doc/README.nokia_rx51
deleted file mode 100644
index 7f22ed4..0000000
--- a/doc/README.nokia_rx51
+++ /dev/null
@@ -1,96 +0,0 @@
-Board: Nokia RX-51 aka N900
-
-This board definition results in a u-boot.bin which can be chainloaded
-from NOLO in qemu or on a real N900. It does very little hardware config
-because NOLO has already configured the board. Only needed is enabling
-internal eMMC memory via twl4030 regulator which is not enabled by NOLO.
-
-NOLO is expecting a kernel image and will treat any image it finds in
-onenand as such. This u-boot is intended to be flashed to the N900 like
-a kernel. In order to transparently boot the original kernel, it will be
-appended to u-boot.bin at 0x40000. NOLO will load the entire image into
-(random) memory and execute u-boot, which saves hw revision, boot reason
-and boot mode ATAGs set by NOLO. Then the bootscripts will attempt to load
-uImage, zImage or boot.scr from a fat or ext2/3/4 filesystem on external
-SD card or internal eMMC memory. If this fails or keyboard is closed then
-the appended kernel image will be booted using some generated and some
-stored ATAGs (see boot order).
-
-For generating combined image of u-boot and kernel (either in uImage or zImage
-format) there is a simple script called u-boot-gen-combined. It is available in
-following repository:
-
-  https://github.com/pali/u-boot-maemo
-
-There is support for hardware watchdog. Hardware watchdog is started by
-NOLO so u-boot must kick watchdog to prevent reboot device (but not very
-often, max every 2 seconds). There is also support for framebuffer display
-output with ANSI escape codes and the N900 HW keyboard input.
-
-When U-Boot is starting it enable IBE bit in Auxiliary Control Register,
-which is needed for Thumb-2 ISA support. It is workaround for errata 430973.
-
-Default boot order:
-
- * 0. if keyboard is closed boot automatically attached kernel image
- * 1. try boot from external SD card
- * 2. try boot from internal eMMC memory
- * 3. try boot from attached kernel image
-
-Boot from SD or eMMC in this order:
-
- * 1.
-   * 1.1 find boot.scr on first fat partition
-   * 1.2 find uImage on first fat partition
-   * 1.3 find zImage on first fat partition
-   * 1.4 same order for 2. - 4. fat partition
- * 2. same as 1. but for ext2/3 partition
- * 3. same as 1. but for ext4 partition
-
-
-Available additional commands/variables:
-
- * run sdboot - Boot from external SD card (see boot order)
- * run emmcboot - Boot from internal eMMC memory (see boot order)
- * run attachboot - Boot attached kernel image (attached to U-Boot binary)
-
- * run scriptload - Load boot script ${mmcscriptfile}
- * run scriptboot - Run loaded boot script
- * run kernload - Load kernel image ${mmckernfile}
- * run initrdload - Load initrd image ${mmcinitrdfile}
- * run kernboot - Boot loaded kernel image
- * run kerninitrdboot - Boot loaded kernel image with loaded initrd image
-
- * run trymmcscriptboot - Try to load and boot script ${mmcscriptfile}
- * run trymmckernboot - Try to load and boot kernel image ${mmckernfile}
- * run trymmckerninitrdboot - Try to load and boot kernel image ${mmckernfile}
-                              with initrd image ${mmcinitrdfile}
-
-Additional variables for loading files from mmc:
-
- * mmc ${mmcnum} (0 - external, 1 - internal)
- * partition number ${mmcpart} (1 - 4)
- * parition type ${mmctype} (fat, ext2, ext4)
-
-Additional variables for booting kernel:
-
- * setup_omap_atag - Add OMAP table into atags structure (needs maemo kernel)
- * setup_console_atag - Enable serial console in OMAP table
- * setup_boot_reason_atag - Change boot reason in OMAP table
- * setup_boot_mode_atag - Change boot mode in OMAP table
-
- Variable setup_omap_atag is automatically set when booting attached kernel.
- When variable setup_omap_atag is set, variable setup_console_atag is unset
- and u-boot standard output is set to serial then setup_console_atag is
- automatically set to 1. So output from Maemo kernel would go to serial port.
-
-UBIFS support:
-
- UBIFS support is disabled, because U-Boot image is too big and cannot be
- flashed with attached zImage to RX-51 kernel nand area. For enabling UBIFS
- support add following lines into file configs/nokia_rx51_defconfig
-
- CONFIG_CMD_UBI=y
- CONFIG_CMD_UBIFS=y
- CONFIG_MTD_UBI_FASTMAP=y
- CONFIG_MTD_UBI_FASTMAP_AUTOCONVERT=1
diff --git a/doc/board/index.rst b/doc/board/index.rst
index 5607e1f..75c34c4 100644
--- a/doc/board/index.rst
+++ b/doc/board/index.rst
@@ -22,6 +22,7 @@
    intel/index
    kontron/index
    microchip/index
+   nokia/index
    nxp/index
    openpiton/index
    qualcomm/index
diff --git a/doc/board/nokia/index.rst b/doc/board/nokia/index.rst
new file mode 100644
index 0000000..b68c3c6
--- /dev/null
+++ b/doc/board/nokia/index.rst
@@ -0,0 +1,9 @@
+.. SPDX-License-Identifier: GPL-2.0+
+
+Nokia
+=====
+
+.. toctree::
+   :maxdepth: 2
+
+   rx51
diff --git a/doc/board/nokia/rx51.rst b/doc/board/nokia/rx51.rst
new file mode 100644
index 0000000..941f78e
--- /dev/null
+++ b/doc/board/nokia/rx51.rst
@@ -0,0 +1,162 @@
+.. SPDX-License-Identifier: GPL-2.0+
+
+Nokia RX-51 aka N900
+====================
+
+The ``nokia_rx51_defconfig`` configuration file results in a ``u-boot.bin``
+which can be chainloaded by the Nokia second stage bootloader (NOLO) in QEMU or
+on a real N900. It does very little hardware configuration because NOLO has
+already configured the board. It is only needed to enable the internal eMMC
+memory via the twl4030 regulator which is not enabled by NOLO.
+
+NOLO is expecting a kernel image and will treat any image it finds in
+OneNAND as such. This u-boot is intended to be flashed to the N900 like
+a kernel. In order to transparently boot the original kernel, it will be
+appended to ``u-boot.bin`` at 0x40000. NOLO will load the entire image into
+(random) memory and execute U-Boot, which saves hardware revision, boot reason
+and boot mode ATAGs set by NOLO. Then the bootscripts will attempt to load
+``uImage``, ``zImage`` or ``boot.scr`` file from a FAT or ext2/3/4 filesystem
+on external SD card or internal eMMC memory. If this fails or keyboard is
+closed then the appended kernel image will be booted using some generated
+and some stored ATAGs (see boot order).
+
+For generating combined image of U-Boot and kernel (either in uImage or zImage
+format) there is a simple script called ``u-boot-gen-combined``. It is available
+in following repository: https://github.com/pali/u-boot-maemo.
+
+To generate the ``combined.bin`` image from ``u-boot.bin`` and ``kernel.bin``
+(in either uImage or zImage format) use:
+
+.. code-block:: bash
+
+   sh u-boot-gen-combined u-boot.bin kernel.bin combined.bin
+
+The original Maemo Fremantle PR1.3 zImage kernel binary is available at:
+http://repository.maemo.org/pool/maemo5.0/free/k/kernel/kernel_2.6.28-20103103+0m5_armel.deb
+
+To unpack it (from DEB/AR, TAR and FIASCO) execute the following commands:
+
+.. code-block:: bash
+
+   ar x kernel_2.6.28-20103103+0m5_armel.deb data.tar.gz
+   tar -O -xf data.tar.gz ./boot/zImage-2.6.28-20103103+0m5.fiasco > kernel_2.6.28-20103103+0m5.fiasco
+   0xFFFF -M kernel_2.6.28-20103103+0m5.fiasco -u
+
+The flashed image must start with a 2 KiB ``NOLO!img`` header which contains
+size of the image. The header consists of the bytes
+``NOLO!img\x02\x00\x00\x00\x00\x00\x00\x00`` followed by the 4 byte little
+endian size of the image. The rest of the 2 KiB header just contains zero bytes.
+
+The Nokia proprietary flasher and also the open source 0xFFFF flasher
+automatically prepend the required ``NOLO!img`` header and both applications
+expect that the image does not contain a ``NOLO!img`` header. Adding a
+``NOLO!img`` header is required only in case of using the ``nandwrite`` tool for
+flashing.
+
+The open source 0xFFFF flasher is available in the following repository:
+https://github.com/pali/0xFFFF
+
+It is possible to load ``u-boot.bin`` via USB to the N900 RAM and boot it
+without needing to flash it. This is done via 0xFFFF running on the host PC:
+
+.. code-block:: bash
+
+   0xFFFF -m u-boot.bin -l -b
+
+0xFFFF also supports flashing a kernel image either via USB or directly on
+N900 device. Flashing u-boot/kernel/combined image is done as:
+
+.. code-block:: bash
+
+   0xFFFF -m combined.bin -f
+
+Via 0xFFFF it is also possible to generate a standard flashable image in
+Nokia FIASCO format which contains metadata information like device
+identification (RX-51) and version string (v2021.04):
+
+.. code-block:: bash
+
+   0xFFFF -m RX-51:v2021.04:kernel:u-boot.bin -g u-boot.fiasco
+
+There is support for the hardware watchdog. The hardware watchdog is started by
+NOLO so U-Boot must reset the watchdog to prevent rebooting the device (but not
+very often, max every 2 seconds). There is also support for framebuffer display
+output with ANSI escape codes and the N900 hardware keyboard input.
+
+When U-Boot is starting it sets the IBE bit in the Auxiliary Control Register,
+which is needed for Thumb-2 ISA support. This is a workaround for erratum
+430973.
+
+Default boot order
+------------------
+
+0. if keyboard is closed boot automatically attached kernel image
+1. try boot from external SD card
+2. try boot from internal eMMC memory
+3. try boot from attached kernel image
+
+Boot from SD or eMMC in this order:
+
+1. boot from FAT partition
+
+    a. find ``boot.scr`` on first FAT partition
+    b. find ``uImage`` on first FAT partition
+    c. find ``zImage`` on first FAT partition
+    d. same order for 2nd - 4th FAT partition
+
+2. same as 1. but for ext2/3/4 partition
+
+Available additional commands/variables
+---------------------------------------
+
+* run sdboot - Boot from external SD card (see boot order)
+* run emmcboot - Boot from internal eMMC memory (see boot order)
+* run attachboot - Boot attached kernel image (attached to U-Boot binary)
+
+\
+
+* run scriptload - Load boot script ``${mmcscriptfile}``
+* run scriptboot - Run loaded boot script
+* run kernload - Load kernel image ``${mmckernfile}``
+* run initrdload - Load initrd image ``${mmcinitrdfile}``
+* run kernboot - Boot loaded kernel image
+* run kerninitrdboot - Boot loaded kernel image with loaded initrd image
+
+\
+
+* run trymmcscriptboot - Try to load and boot script ``${mmcscriptfile}``
+* run trymmckernboot - Try to load and boot kernel image ``${mmckernfile}``
+* run trymmckerninitrdboot - Try to load and boot kernel image ``${mmckernfile}``
+  with initrd image ``${mmcinitrdfile}``
+
+Additional variables for loading files from mmc
+-----------------------------------------------
+
+* mmc ``${mmcnum}`` (0 - external, 1 - internal)
+* partition number ``${mmcpart}`` (1 - 4)
+* partition type ``${mmctype}`` (fat, ext2, ext4; ext2 is just alias for ext4)
+
+Additional variables for booting a kernel
+-----------------------------------------
+
+* ``setup_omap_atag`` - Add OMAP table into atags structure (needed for maemo kernel)
+* ``setup_console_atag`` - Enable serial console in OMAP table
+* ``setup_boot_reason_atag`` - Change boot reason in OMAP table
+* ``setup_boot_mode_atag`` - Change boot mode in OMAP table
+
+Variable ``setup_omap_atag`` is automatically set when booting attached kernel.
+When variable ``setup_omap_atag`` is set, variable ``setup_console_atag`` is unset
+and u-boot standard output is set to serial then ``setup_console_atag`` is
+automatically set to 1. So output from Maemo kernel would go to serial port.
+
+UBIFS support
+-------------
+
+UBIFS support is disabled, because U-Boot image is too big and cannot be
+flashed with attached kernel image to RX-51 kernel nand area. For enabling
+UBIFS support add following lines into file ``configs/nokia_rx51_defconfig``::
+
+    CONFIG_CMD_UBI=y
+    CONFIG_CMD_UBIFS=y
+    CONFIG_MTD_UBI_FASTMAP=y
+    CONFIG_MTD_UBI_FASTMAP_AUTOCONVERT=1
diff --git a/doc/board/sifive/unmatched.rst b/doc/board/sifive/unmatched.rst
index b52a1f6..24a8899 100644
--- a/doc/board/sifive/unmatched.rst
+++ b/doc/board/sifive/unmatched.rst
@@ -20,8 +20,11 @@
 4. SiFive SPI Driver.
 5. MMC SPI Driver for MMC/SD support.
 
-Booting from uSD using U-Boot SPL
----------------------------------
+Booting from micro SD card using U-Boot SPL
+-------------------------------------------
+
+Booting from an SD card requires that the boot mode selection DIP switches
+MSEL[3:0] are set to 1011.
 
 Building
 --------
diff --git a/include/efi_api.h b/include/efi_api.h
index 8d5d835..982c200 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -438,6 +438,10 @@
 	EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, \
 		 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
 
+#define RISCV_EFI_BOOT_PROTOCOL_GUID \
+	EFI_GUID(0xccd15fec, 0x6f73, 0x4eec, 0x83, \
+		 0x95, 0x3e, 0x69, 0xe4, 0xb9, 0x40, 0xbf)
+
 /**
  * struct efi_configuration_table - EFI Configuration Table
  *
@@ -1845,9 +1849,21 @@
 #define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000
 
 /* Certificate types in signature database */
+#define EFI_CERT_SHA1_GUID \
+	EFI_GUID(0x826ca512, 0xcf10, 0x4ac9, 0xb1, 0x87, \
+		 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd)
+#define EFI_CERT_SHA224_GUID \
+	EFI_GUID(0xb6e5233, 0xa65c, 0x44c9, 0x94, 0x07, \
+		 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd)
 #define EFI_CERT_SHA256_GUID \
 	EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, \
 		 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
+#define EFI_CERT_SHA384_GUID \
+	EFI_GUID(0xff3e5307, 0x9fd0, 0x48c9, 0x85, 0xf1, \
+		 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01)
+#define EFI_CERT_SHA512_GUID \
+	EFI_GUID(0x93e0fae, 0xa6c4, 0x4f50, 0x9f, 0x1b, \
+		 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a)
 #define EFI_CERT_RSA2048_GUID \
 	EFI_GUID(0x3c5766e8, 0x269c, 0x4e34, 0xaa, 0x14, \
 		 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 701efcd..4e50f2d 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -527,6 +527,8 @@
 efi_status_t efi_rng_register(void);
 /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */
 efi_status_t efi_tcg2_register(void);
+/* Called by efi_init_obj_list() to install RISCV_EFI_BOOT_PROTOCOL */
+efi_status_t efi_riscv_register(void);
 /* Called by efi_init_obj_list() to do initial measurement */
 efi_status_t efi_tcg2_do_initial_measurement(void);
 /* measure the pe-coff image, extend PCR and add Event Log */
@@ -910,7 +912,8 @@
 struct pkcs7_message;
 
 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
-				 struct efi_signature_store *db);
+				 struct efi_signature_store *db,
+				 bool dbx);
 bool efi_signature_verify(struct efi_image_regions *regs,
 			  struct pkcs7_message *msg,
 			  struct efi_signature_store *db,
diff --git a/include/efi_riscv.h b/include/efi_riscv.h
new file mode 100644
index 0000000..4bd39c4
--- /dev/null
+++ b/include/efi_riscv.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * RISCV_EFI_BOOT_PROTOCOL
+ *
+ * Copyright (c) 2022 Ventana Micro Systems Inc
+ */
+
+#include <efi_api.h>
+
+#define RISCV_EFI_BOOT_PROTOCOL_REVISION 0x00010000
+
+/**
+ * struct riscv_efi_boot_protocol - RISCV_EFI_BOOT_PROTOCOL
+ * @revision:		Version of the protocol implemented
+ * @get_boot_hartid:	Get the boot hart ID
+ */
+struct riscv_efi_boot_protocol {
+	u64 revision;
+
+	efi_status_t (EFIAPI * get_boot_hartid) (struct riscv_efi_boot_protocol *this,
+						 efi_uintn_t *boot_hartid);
+};
+
+extern struct riscv_efi_boot_protocol riscv_efi_boot_prot;
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 24f9a2b..e5e35fe 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -369,4 +369,14 @@
 	help
 	  Enabling this option creates the ESRT UEFI system table.
 
+config EFI_RISCV_BOOT_PROTOCOL
+	bool "RISCV_EFI_BOOT_PROTOCOL support"
+	default y
+	depends on RISCV
+	help
+	  The EFI_RISCV_BOOT_PROTOCOL is used to transfer the boot hart ID
+	  to the next boot stage. It should be enabled as it is meant to
+	  replace the transfer via the device-tree. The latter is not
+	  possible on systems using ACPI.
+
 endif
diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index fd344ce..b2c664d 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -62,6 +62,7 @@
 obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
 obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
 obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
+obj-$(CONFIG_EFI_RISCV_BOOT_PROTOCOL) += efi_riscv.o
 obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o
 obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o
 
diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
index 9aa0030..7a7077e 100644
--- a/lib/efi_loader/efi_file.c
+++ b/lib/efi_loader/efi_file.c
@@ -1084,7 +1084,7 @@
  * efi_file_from_path() - open file via device path
  *
  * @fp:		device path
- * @return:	EFI_FILE_PROTOCOL for the file or NULL
+ * Return:	EFI_FILE_PROTOCOL for the file or NULL
  */
 struct efi_file_handle *efi_file_from_path(struct efi_device_path *fp)
 {
diff --git a/lib/efi_loader/efi_freestanding.c b/lib/efi_loader/efi_freestanding.c
index bd0dff1..c85df02 100644
--- a/lib/efi_loader/efi_freestanding.c
+++ b/lib/efi_loader/efi_freestanding.c
@@ -97,8 +97,8 @@
  *
  * We do nothing here.
  *
- * @param func_ptr	Pointer to function being entered
- * @param caller	Pointer to function which called this function
+ * func_ptr:	Pointer to function being entered
+ * caller:	Pointer to function which called this function
  */
 void __attribute__((no_instrument_function))
 __cyg_profile_func_enter(void *func_ptr, void *caller)
@@ -113,8 +113,8 @@
  *
  * We do nothing here.
  *
- * @param func_ptr	Pointer to function being entered
- * @param caller	Pointer to function which called this function
+ * func_ptr:	Pointer to function being entered
+ * caller:	Pointer to function which called this function
  */
 void __attribute__((no_instrument_function))
 __cyg_profile_func_exit(void *func_ptr, void *caller)
diff --git a/lib/efi_loader/efi_gop.c b/lib/efi_loader/efi_gop.c
index 7683a34..2c81859 100644
--- a/lib/efi_loader/efi_gop.c
+++ b/lib/efi_loader/efi_gop.c
@@ -407,7 +407,7 @@
  * @width:	width of rectangle
  * @height:	height of rectangle
  * @delta:	length in bytes of a line in the pixel buffer (optional)
- * @return:	status code
+ * Return:	status code
  */
 efi_status_t EFIAPI gop_blt(struct efi_gop *this, struct efi_gop_pixel *buffer,
 			    u32 operation, efi_uintn_t sx,
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 255613e..f43dfb3 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -545,13 +545,13 @@
 	}
 
 	/* try black-list first */
-	if (efi_signature_lookup_digest(regs, dbx)) {
+	if (efi_signature_lookup_digest(regs, dbx, true)) {
 		EFI_PRINT("Image is not signed and its digest found in \"dbx\"\n");
 		goto out;
 	}
 
 	/* try white-list */
-	if (efi_signature_lookup_digest(regs, db))
+	if (efi_signature_lookup_digest(regs, db, false))
 		ret = true;
 	else
 		EFI_PRINT("Image is not signed and its digest not found in \"db\" or \"dbx\"\n");
@@ -633,7 +633,7 @@
 		goto err;
 	}
 
-	if (efi_signature_lookup_digest(regs, dbx)) {
+	if (efi_signature_lookup_digest(regs, dbx, true)) {
 		EFI_PRINT("Image's digest was found in \"dbx\"\n");
 		goto err;
 	}
@@ -734,7 +734,7 @@
 
 		EFI_PRINT("Signature was not verified by \"db\"\n");
 
-		if (efi_signature_lookup_digest(regs, db)) {
+		if (efi_signature_lookup_digest(regs, db, false)) {
 			ret = true;
 			break;
 		}
diff --git a/lib/efi_loader/efi_riscv.c b/lib/efi_loader/efi_riscv.c
new file mode 100644
index 0000000..bccfefd
--- /dev/null
+++ b/lib/efi_loader/efi_riscv.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Defines APIs that allow an OS to interact with UEFI firmware to query
+ * information about the boot hart ID.
+ *
+ * Copyright (c) 2022, Ventana Micro Systems Inc
+ */
+
+#define LOG_CATEGORY LOGC_EFI
+#include <common.h>
+#include <efi_loader.h>
+#include <efi_variable.h>
+#include <log.h>
+#include <asm/global_data.h>
+#include <efi_riscv.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+static const efi_guid_t efi_guid_riscv_boot_protocol = RISCV_EFI_BOOT_PROTOCOL_GUID;
+
+/**
+ * efi_riscv_get_boot_hartid() - return boot hart ID
+ * @this:		RISCV_EFI_BOOT_PROTOCOL instance
+ * @boot_hartid:	caller allocated memory to return boot hart id
+ * Return:		status code
+ */
+static efi_status_t EFIAPI
+efi_riscv_get_boot_hartid(struct riscv_efi_boot_protocol *this,
+			  efi_uintn_t *boot_hartid)
+{
+	EFI_ENTRY("%p, %p",  this, boot_hartid);
+
+	if (this != &riscv_efi_boot_prot || !boot_hartid)
+		return EFI_INVALID_PARAMETER;
+
+	*boot_hartid = gd->arch.boot_hart;
+
+	return EFI_EXIT(EFI_SUCCESS);
+}
+
+struct riscv_efi_boot_protocol riscv_efi_boot_prot = {
+	.revision = RISCV_EFI_BOOT_PROTOCOL_REVISION,
+	.get_boot_hartid = efi_riscv_get_boot_hartid
+};
+
+/**
+ * efi_riscv_register() - register RISCV_EFI_BOOT_PROTOCOL
+ *
+ * Return:	status code
+ */
+efi_status_t efi_riscv_register(void)
+{
+	efi_status_t ret = EFI_SUCCESS;
+
+	ret = efi_add_protocol(efi_root, &efi_guid_riscv_boot_protocol,
+			       (void *)&riscv_efi_boot_prot);
+	if (ret != EFI_SUCCESS)
+		log_err("Cannot install RISCV_EFI_BOOT_PROTOCOL\n");
+	return ret;
+}
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 49172e3..380adc1 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -247,6 +247,12 @@
 			goto out;
 	}
 
+	if (IS_ENABLED(CONFIG_EFI_RISCV_BOOT_PROTOCOL)) {
+		ret = efi_riscv_register();
+		if (ret != EFI_SUCCESS)
+			goto out;
+	}
+
 	/* Secure boot */
 	ret = efi_init_secure_boot();
 	if (ret != EFI_SUCCESS)
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 3243e2c..1bd1fdc 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -147,9 +147,34 @@
 }
 
 /**
+ * hash_algo_supported - check if the requested hash algorithm is supported
+ * @guid: guid of the algorithm
+ *
+ * Return: true if supported false otherwise
+ */
+static bool hash_algo_supported(const efi_guid_t guid)
+{
+	int i;
+	const efi_guid_t unsupported_hashes[] = {
+		 EFI_CERT_SHA1_GUID,
+		 EFI_CERT_SHA224_GUID,
+		 EFI_CERT_SHA384_GUID,
+		 EFI_CERT_SHA512_GUID,
+	};
+
+	for (i = 0; i < ARRAY_SIZE(unsupported_hashes); i++) {
+		if (!guidcmp(&unsupported_hashes[i], &guid))
+			return false;
+	}
+
+	return true;
+}
+
+/**
  * efi_signature_lookup_digest - search for an image's digest in sigdb
  * @regs:	List of regions to be authenticated
  * @db:		Signature database for trusted certificates
+ * @dbx		Caller needs to set this to true if he is searching dbx
  *
  * A message digest of image pointed to by @regs is calculated and
  * its hash value is compared to entries in signature database pointed
@@ -158,13 +183,16 @@
  * Return:	true if found, false if not
  */
 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
-				 struct efi_signature_store *db)
+				 struct efi_signature_store *db,
+				 bool dbx)
+
 {
 	struct efi_signature_store *siglist;
 	struct efi_sig_data *sig_data;
 	void *hash = NULL;
 	size_t size = 0;
 	bool found = false;
+	bool hash_done = false;
 
 	EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db);
 
@@ -172,17 +200,27 @@
 		goto out;
 
 	for (siglist = db; siglist; siglist = siglist->next) {
-		/* TODO: support other hash algorithms */
-		if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
-			EFI_PRINT("Digest algorithm is not supported: %pUs\n",
-				  &siglist->sig_type);
-			break;
-		}
+		/*
+		 * if the hash algorithm is unsupported and we get an entry in
+		 * dbx reject the image
+		 */
+		if (dbx && !hash_algo_supported(siglist->sig_type)) {
+			found = true;
+			continue;
+		};
+		/*
+		 * Only support sha256 for now, that's what
+		 * hash-to-efi-sig-list produces
+		 */
+		if (guidcmp(&siglist->sig_type, &efi_guid_sha256))
+			continue;
 
-		if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
+		if (!hash_done &&
+		    !efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
 			EFI_PRINT("Digesting an image failed\n");
 			break;
 		}
+		hash_done = true;
 
 		for (sig_data = siglist->sig_data_list; sig_data;
 		     sig_data = sig_data->next) {
diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c
index 3f215e2..33e4fbc 100644
--- a/lib/efi_loader/helloworld.c
+++ b/lib/efi_loader/helloworld.c
@@ -133,7 +133,7 @@
  *
  * @handle:	handle of the loaded image
  * @systab:	system table
- * @return:	status code
+ * Return:	status code
  */
 efi_status_t EFIAPI efi_main(efi_handle_t handle,
 			     struct efi_system_table *systab)
diff --git a/lib/efi_selftest/dtbdump.c b/lib/efi_selftest/dtbdump.c
index ed3b985..6e1eaa4 100644
--- a/lib/efi_selftest/dtbdump.c
+++ b/lib/efi_selftest/dtbdump.c
@@ -495,7 +495,7 @@
  *
  * @handle:	handle of the loaded image
  * @systab:	system table
- * @return:	status code
+ * Return:	status code
  */
 efi_status_t EFIAPI efi_main(efi_handle_t image_handle,
 			     struct efi_system_table *systab)
diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c
index 3da34b1..474a8b8 100644
--- a/lib/efi_selftest/efi_selftest.c
+++ b/lib/efi_selftest/efi_selftest.c
@@ -149,7 +149,7 @@
  * Check that a test requiring reset exists.
  *
  * @testname:	name of the test
- * @return:	test, or NULL if not found
+ * Return:	test, or NULL if not found
  */
 static bool need_reset(const u16 *testname)
 {
@@ -170,7 +170,7 @@
  * Check that a test exists.
  *
  * @testname:	name of the test
- * @return:	test, or NULL if not found
+ * Return:	test, or NULL if not found
  */
 static struct efi_unit_test *find_test(const u16 *testname)
 {
diff --git a/lib/efi_selftest/efi_selftest_bitblt.c b/lib/efi_selftest/efi_selftest_bitblt.c
index fb33150..1def843 100644
--- a/lib/efi_selftest/efi_selftest_bitblt.c
+++ b/lib/efi_selftest/efi_selftest_bitblt.c
@@ -94,7 +94,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -198,7 +198,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -225,7 +225,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_block_device.c b/lib/efi_selftest/efi_selftest_block_device.c
index ad53dac..62b3e04 100644
--- a/lib/efi_selftest/efi_selftest_block_device.c
+++ b/lib/efi_selftest/efi_selftest_block_device.c
@@ -180,7 +180,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -240,7 +240,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -292,7 +292,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_config_table.c b/lib/efi_selftest/efi_selftest_config_table.c
index 2bf12b5..1961e29 100644
--- a/lib/efi_selftest/efi_selftest_config_table.c
+++ b/lib/efi_selftest/efi_selftest_config_table.c
@@ -68,7 +68,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -85,7 +85,7 @@
  * A table is installed, updated, removed. The table entry and the
  * triggering of events is checked.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_console.c b/lib/efi_selftest/efi_selftest_console.c
index 3187e10..fd2b3d0 100644
--- a/lib/efi_selftest/efi_selftest_console.c
+++ b/lib/efi_selftest/efi_selftest_console.c
@@ -274,7 +274,7 @@
 /*
  * Reads an Unicode character from the input device.
  *
- * @return: Unicode character
+ * Return: Unicode character
  */
 u16 efi_st_get_key(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_crc32.c b/lib/efi_selftest/efi_selftest_crc32.c
index 19153c7..f2be353 100644
--- a/lib/efi_selftest/efi_selftest_crc32.c
+++ b/lib/efi_selftest/efi_selftest_crc32.c
@@ -68,7 +68,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -112,7 +112,7 @@
  *
  * Check tables after ExitBootServices()
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_devicepath_util.c b/lib/efi_selftest/efi_selftest_devicepath_util.c
index c846e05..1801e30 100644
--- a/lib/efi_selftest/efi_selftest_devicepath_util.c
+++ b/lib/efi_selftest/efi_selftest_devicepath_util.c
@@ -49,7 +49,7 @@
  *
  * @length:	length of the media device node
  * @dp:		device path
- * @return:	status code
+ * Return:	status code
  */
 static int create_single_node_device_path(unsigned int length,
 					  struct efi_device_path **dp)
diff --git a/lib/efi_selftest/efi_selftest_esrt.c b/lib/efi_selftest/efi_selftest_esrt.c
index 99793de..922ff25 100644
--- a/lib/efi_selftest/efi_selftest_esrt.c
+++ b/lib/efi_selftest/efi_selftest_esrt.c
@@ -108,7 +108,7 @@
  * @esrt: pointer to the ESRT
  * @img_info: an image_info_descriptor output by the FMP get_image_info
  *
- * @return: true if matching ESRT entry is found and if all the ESRT entry fields match the
+ * Return: true if matching ESRT entry is found and if all the ESRT entry fields match the
  * corresponding @img_info fields.
  */
 static bool lib_test_check_uuid_entry(struct efi_system_resource_table *esrt,
@@ -168,7 +168,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -185,7 +185,7 @@
  *
  * Uninstall the test FMP.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_event_groups.c b/lib/efi_selftest/efi_selftest_event_groups.c
index 6dcde50..7a6d9fb 100644
--- a/lib/efi_selftest/efi_selftest_event_groups.c
+++ b/lib/efi_selftest/efi_selftest_event_groups.c
@@ -38,7 +38,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -54,7 +54,7 @@
  * Create multiple events in an event group. Signal each event once and check
  * that all events are notified once in each round.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_events.c b/lib/efi_selftest/efi_selftest_events.c
index 1077cbd..9007153 100644
--- a/lib/efi_selftest/efi_selftest_events.c
+++ b/lib/efi_selftest/efi_selftest_events.c
@@ -39,7 +39,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -69,7 +69,7 @@
  *
  * Close the events created in setup.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -103,7 +103,7 @@
  * Run a 100 ms single shot timer and check that it is called once
  * while waiting for 100 ms periodic timer for two periods.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_exception.c b/lib/efi_selftest/efi_selftest_exception.c
index d86228a..dca7f7d 100644
--- a/lib/efi_selftest/efi_selftest_exception.c
+++ b/lib/efi_selftest/efi_selftest_exception.c
@@ -99,7 +99,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -118,7 +118,7 @@
  *
  * Load and start the application image.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_exitbootservices.c b/lib/efi_selftest/efi_selftest_exitbootservices.c
index 59ab154..f5e0d9d 100644
--- a/lib/efi_selftest/efi_selftest_exitbootservices.c
+++ b/lib/efi_selftest/efi_selftest_exitbootservices.c
@@ -63,7 +63,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -101,7 +101,7 @@
  * Call ExitBootServices again and check that the notification function is
  * not called again.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c
index 739f029..70fe06e 100644
--- a/lib/efi_selftest/efi_selftest_fdt.c
+++ b/lib/efi_selftest/efi_selftest_fdt.c
@@ -165,7 +165,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t img_handle,
 		 const struct efi_system_table *systable)
@@ -192,7 +192,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_gop.c b/lib/efi_selftest/efi_selftest_gop.c
index d64294a..e500752 100644
--- a/lib/efi_selftest/efi_selftest_gop.c
+++ b/lib/efi_selftest/efi_selftest_gop.c
@@ -18,7 +18,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -39,7 +39,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -49,7 +49,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_hii.c b/lib/efi_selftest/efi_selftest_hii.c
index f4b70f7..66ccec1 100644
--- a/lib/efi_selftest/efi_selftest_hii.c
+++ b/lib/efi_selftest/efi_selftest_hii.c
@@ -28,7 +28,7 @@
  * @handle:	handle of the loaded image
  * @systable:	system table
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -1033,7 +1033,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success, EFI_ST_FAILURE for failure
+ * Return:	EFI_ST_SUCCESS for success, EFI_ST_FAILURE for failure
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_load_file.c b/lib/efi_selftest/efi_selftest_load_file.c
index bf955cb..bac0e6b 100644
--- a/lib/efi_selftest/efi_selftest_load_file.c
+++ b/lib/efi_selftest/efi_selftest_load_file.c
@@ -284,7 +284,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int efi_st_load_file_setup(const efi_handle_t handle,
 				  const struct efi_system_table *systable)
@@ -326,7 +326,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int efi_st_load_file_teardown(void)
 {
@@ -377,7 +377,7 @@
  * Try loading an image via the EFI_LOAD_FILE_PROTOCOL and the
  * EFI_LOAD_FILE2_PROTOCOL. Finally execute the image.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int efi_st_load_file_execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_loadimage.c b/lib/efi_selftest/efi_selftest_loadimage.c
index 4975d80..72c8d51 100644
--- a/lib/efi_selftest/efi_selftest_loadimage.c
+++ b/lib/efi_selftest/efi_selftest_loadimage.c
@@ -411,7 +411,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -447,7 +447,7 @@
  *
  * Uninstall protocols and free memory.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -486,7 +486,7 @@
  *
  * Load and start the application image.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_miniapp_exit.c b/lib/efi_selftest/efi_selftest_miniapp_exit.c
index 6b5cfb0..2ea19f2 100644
--- a/lib/efi_selftest/efi_selftest_miniapp_exit.c
+++ b/lib/efi_selftest/efi_selftest_miniapp_exit.c
@@ -21,7 +21,7 @@
  *
  * @image_handle:	handle of the loaded image
  * @systable:		system table
- * @return:		status code
+ * Return:		status code
  */
 static efi_status_t EFIAPI check_loaded_image_protocol
 		(efi_handle_t image_handle, struct efi_system_table *systable)
@@ -60,7 +60,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	status code
+ * Return:	status code
  */
 efi_status_t EFIAPI efi_main(efi_handle_t handle,
 			     struct efi_system_table *systable)
diff --git a/lib/efi_selftest/efi_selftest_reset.c b/lib/efi_selftest/efi_selftest_reset.c
index 8b6ac24..f888054 100644
--- a/lib/efi_selftest/efi_selftest_reset.c
+++ b/lib/efi_selftest/efi_selftest_reset.c
@@ -17,7 +17,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -29,7 +29,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_rng.c b/lib/efi_selftest/efi_selftest_rng.c
index fca9749..007d1c8 100644
--- a/lib/efi_selftest/efi_selftest_rng.c
+++ b/lib/efi_selftest/efi_selftest_rng.c
@@ -20,7 +20,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -35,7 +35,7 @@
  * Retrieve available RNG algorithms.
  * Retrieve two random values and compare them.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_rtc.c b/lib/efi_selftest/efi_selftest_rtc.c
index 6f7035d..e9e47e9 100644
--- a/lib/efi_selftest/efi_selftest_rtc.c
+++ b/lib/efi_selftest/efi_selftest_rtc.c
@@ -19,7 +19,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -35,7 +35,7 @@
  * Set a new value and read it back.
  * Set the real time clock back the current time.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_set_virtual_address_map.c b/lib/efi_selftest/efi_selftest_set_virtual_address_map.c
index 8e2e8ba..d28ed83 100644
--- a/lib/efi_selftest/efi_selftest_set_virtual_address_map.c
+++ b/lib/efi_selftest/efi_selftest_set_virtual_address_map.c
@@ -73,7 +73,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -176,7 +176,7 @@
  * The triggering of the EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event is checked via
  * the call count of the notification function.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_snp.c b/lib/efi_selftest/efi_selftest_snp.c
index 818cbfc..15af8d3 100644
--- a/lib/efi_selftest/efi_selftest_snp.c
+++ b/lib/efi_selftest/efi_selftest_snp.c
@@ -77,7 +77,7 @@
  *
  * @buf:	IP header
  * @len:	length of header in bytes
- * @return:	checksum
+ * Return:	checksum
  */
 static unsigned int efi_ip_checksum(const void *buf, size_t len)
 {
@@ -175,7 +175,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -282,7 +282,7 @@
  * A DHCP discover message is sent. The test is successful if a
  * DHCP reply is received within 10 seconds.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
@@ -422,7 +422,7 @@
  * Close the timer event created in setup.
  * Shut down the network adapter.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_startimage_exit.c b/lib/efi_selftest/efi_selftest_startimage_exit.c
index 5d4c0a6..b65a10b 100644
--- a/lib/efi_selftest/efi_selftest_startimage_exit.c
+++ b/lib/efi_selftest/efi_selftest_startimage_exit.c
@@ -79,7 +79,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -96,7 +96,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -117,7 +117,7 @@
  *
  * Load and start the application image.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_startimage_return.c b/lib/efi_selftest/efi_selftest_startimage_return.c
index 44c2364..3e0c5a9 100644
--- a/lib/efi_selftest/efi_selftest_startimage_return.c
+++ b/lib/efi_selftest/efi_selftest_startimage_return.c
@@ -79,7 +79,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -96,7 +96,7 @@
 /*
  * Tear down unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -117,7 +117,7 @@
  *
  * Load and start the application image.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_tcg2.c b/lib/efi_selftest/efi_selftest_tcg2.c
index 2eed588..a2b4a79 100644
--- a/lib/efi_selftest/efi_selftest_tcg2.c
+++ b/lib/efi_selftest/efi_selftest_tcg2.c
@@ -612,7 +612,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	status code
+ * Return:	status code
  */
 static int efi_st_tcg2_setup(const efi_handle_t img_handle,
 			     const struct efi_system_table *systable)
@@ -949,7 +949,7 @@
 /*
  * efi_st_tcg2_teardown() - Tear down unit test
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int efi_st_tcg2_teardown(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_textinput.c b/lib/efi_selftest/efi_selftest_textinput.c
index b90671c..141856a 100644
--- a/lib/efi_selftest/efi_selftest_textinput.c
+++ b/lib/efi_selftest/efi_selftest_textinput.c
@@ -21,7 +21,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -34,7 +34,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_textinputex.c b/lib/efi_selftest/efi_selftest_textinputex.c
index de44224..bd221d6 100644
--- a/lib/efi_selftest/efi_selftest_textinputex.c
+++ b/lib/efi_selftest/efi_selftest_textinputex.c
@@ -45,7 +45,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -93,7 +93,7 @@
  *
  * Unregister notify function.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -112,7 +112,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_textoutput.c b/lib/efi_selftest/efi_selftest_textoutput.c
index a87f65e..450fe97 100644
--- a/lib/efi_selftest/efi_selftest_textoutput.c
+++ b/lib/efi_selftest/efi_selftest_textoutput.c
@@ -15,7 +15,7 @@
 /*
  * Execute unit test.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_tpl.c b/lib/efi_selftest/efi_selftest_tpl.c
index 0c0e412..f4e4672 100644
--- a/lib/efi_selftest/efi_selftest_tpl.c
+++ b/lib/efi_selftest/efi_selftest_tpl.c
@@ -37,7 +37,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -68,7 +68,7 @@
  *
  * Close the events created in setup.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -106,7 +106,7 @@
  * Lower the TPL level and check that the queued notification
  * function is called.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_unaligned.c b/lib/efi_selftest/efi_selftest_unaligned.c
index 1802948..6fce110 100644
--- a/lib/efi_selftest/efi_selftest_unaligned.c
+++ b/lib/efi_selftest/efi_selftest_unaligned.c
@@ -19,7 +19,7 @@
  * occurs.
  *
  * @addr:	address to read
- * @return:	value at the address
+ * Return:	value at the address
  */
 static inline u32 deref(u32 *addr)
 {
@@ -37,7 +37,7 @@
  * Execute unit test.
  * An unaligned memory access is executed. The result is checked.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/efi_selftest_watchdog.c b/lib/efi_selftest/efi_selftest_watchdog.c
index cbc6761..a352d4a 100644
--- a/lib/efi_selftest/efi_selftest_watchdog.c
+++ b/lib/efi_selftest/efi_selftest_watchdog.c
@@ -65,7 +65,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup(const efi_handle_t handle,
 		 const struct efi_system_table *systable)
@@ -98,7 +98,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup_timer(const efi_handle_t handle,
 		       const struct efi_system_table *systable)
@@ -112,7 +112,7 @@
  *
  * @handle:	handle of the loaded image
  * @systable:	system table
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int setup_reboot(const efi_handle_t handle,
 			const struct efi_system_table *systable)
@@ -126,7 +126,7 @@
  *
  * Close the events created in setup.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int teardown(void)
 {
@@ -166,7 +166,7 @@
  * Run a 1350 ms single shot timer and check that the 600ms timer has
  * been called 2 times.
  *
- * @return:	EFI_ST_SUCCESS for success
+ * Return:	EFI_ST_SUCCESS for success
  */
 static int execute(void)
 {
diff --git a/lib/efi_selftest/initrddump.c b/lib/efi_selftest/initrddump.c
index 325951b..efdcf0d 100644
--- a/lib/efi_selftest/initrddump.c
+++ b/lib/efi_selftest/initrddump.c
@@ -405,7 +405,7 @@
  *
  * @handle:	handle of the loaded image
  * @systab:	system table
- * @return:	status code
+ * Return:	status code
  */
 efi_status_t EFIAPI efi_main(efi_handle_t image_handle,
 			     struct efi_system_table *systab)
diff --git a/lib/uuid.c b/lib/uuid.c
index 24571ef..284f811 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -220,7 +220,13 @@
 		"TCG2 Final Events Table",
 		EFI_TCG2_FINAL_EVENTS_TABLE_GUID,
 	},
+#ifdef CONFIG_EFI_RISCV_BOOT_PROTOCOL
+	{
+		"RISC-V Boot",
+		RISCV_EFI_BOOT_PROTOCOL_GUID,
+	},
 #endif
+#endif /* CONFIG_CMD_EFIDEBUG */
 #ifdef CONFIG_CMD_NVEDIT_EFI
 	/* signature database */
 	{
diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c
index 4995ba4..243fd6e 100644
--- a/tools/mkeficapsule.c
+++ b/tools/mkeficapsule.c
@@ -7,6 +7,7 @@
 #include <getopt.h>
 #include <malloc.h>
 #include <stdbool.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -51,27 +52,132 @@
 static void print_usage(void)
 {
 	printf("Usage: %s [options] <output file>\n"
-	       "Options:\n"
+		"Options:\n"
 
-	       "\t-f, --fit <fit image>       new FIT image file\n"
-	       "\t-r, --raw <raw image>       new raw image file\n"
-	       "\t-i, --index <index>         update image index\n"
-	       "\t-I, --instance <instance>   update hardware instance\n"
-	       "\t-h, --help                  print a help message\n",
-	       tool_name);
+		"\t-f, --fit <fit image>       new FIT image file\n"
+		"\t-r, --raw <raw image>       new raw image file\n"
+		"\t-i, --index <index>         update image index\n"
+		"\t-I, --instance <instance>   update hardware instance\n"
+		"\t-h, --help                  print a help message\n",
+		tool_name);
 }
 
+/**
+ * read_bin_file - read a firmware binary file
+ * @bin:	Path to a firmware binary file
+ * @data:	Pointer to pointer of allocated buffer
+ * @bin_size:	Size of allocated buffer
+ *
+ * Read out a content of binary, @bin, into @data.
+ * A caller should free @data.
+ *
+ * Return:
+ * * 0  - on success
+ * * -1 - on failure
+ */
+static int read_bin_file(char *bin, void **data, off_t *bin_size)
+{
+	FILE *g;
+	struct stat bin_stat;
+	void *buf;
+	size_t size;
+	int ret = 0;
+
+	g = fopen(bin, "r");
+	if (!g) {
+		fprintf(stderr, "cannot open %s\n", bin);
+		return -1;
+	}
+	if (stat(bin, &bin_stat) < 0) {
+		fprintf(stderr, "cannot determine the size of %s\n", bin);
+		ret = -1;
+		goto err;
+	}
+	if (bin_stat.st_size > SIZE_MAX) {
+		fprintf(stderr, "file size is too large for malloc: %s\n", bin);
+		ret = -1;
+		goto err;
+	}
+	buf = malloc(bin_stat.st_size);
+	if (!buf) {
+		fprintf(stderr, "cannot allocate memory: %zx\n",
+			(size_t)bin_stat.st_size);
+		ret = -1;
+		goto err;
+	}
+
+	size = fread(buf, 1, bin_stat.st_size, g);
+	if (size < bin_stat.st_size) {
+		fprintf(stderr, "read failed (%zx)\n", size);
+		ret = -1;
+		goto err;
+	}
+
+	*data = buf;
+	*bin_size = bin_stat.st_size;
+err:
+	fclose(g);
+
+	return ret;
+}
+
+/**
+ * write_capsule_file - write a capsule file
+ * @bin:	FILE stream
+ * @data:	Pointer to data
+ * @bin_size:	Size of data
+ *
+ * Write out data, @data, with the size @bin_size.
+ *
+ * Return:
+ * * 0  - on success
+ * * -1 - on failure
+ */
+static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)
+{
+	size_t size_written;
+
+	size_written = fwrite(data, 1, size, f);
+	if (size_written < size) {
+		fprintf(stderr, "%s: write failed (%zx != %zx)\n", msg,
+			size_written, size);
+		return -1;
+	}
+
+	return 0;
+}
+
+/**
+ * create_fwbin - create an uefi capsule file
+ * @path:	Path to a created capsule file
+ * @bin:	Path to a firmware binary to encapsulate
+ * @guid:	GUID of related FMP driver
+ * @index:	Index number in capsule
+ * @instance:	Instance number in capsule
+ * @mcount:	Monotonic count in authentication information
+ * @private_file:	Path to a private key file
+ * @cert_file:	Path to a certificate file
+ *
+ * This function actually does the job of creating an uefi capsule file.
+ * All the arguments must be supplied.
+ * If either @private_file ror @cert_file is NULL, the capsule file
+ * won't be signed.
+ *
+ * Return:
+ * * 0  - on success
+ * * -1 - on failure
+ */
 static int create_fwbin(char *path, char *bin, efi_guid_t *guid,
 			unsigned long index, unsigned long instance)
 {
 	struct efi_capsule_header header;
 	struct efi_firmware_management_capsule_header capsule;
 	struct efi_firmware_management_capsule_image_header image;
-	FILE *f, *g;
-	struct stat bin_stat;
-	u8 *data;
-	size_t size;
+	FILE *f;
+	void *data;
+	off_t bin_size;
 	u64 offset;
+	int ret;
 
 #ifdef DEBUG
 	printf("For output: %s\n", path);
@@ -79,25 +185,28 @@
 	printf("\tindex: %ld\n\tinstance: %ld\n", index, instance);
 #endif
 
-	g = fopen(bin, "r");
-	if (!g) {
-		printf("cannot open %s\n", bin);
-		return -1;
-	}
-	if (stat(bin, &bin_stat) < 0) {
-		printf("cannot determine the size of %s\n", bin);
-		goto err_1;
-	}
-	data = malloc(bin_stat.st_size);
-	if (!data) {
-		printf("cannot allocate memory: %zx\n", (size_t)bin_stat.st_size);
-		goto err_1;
-	}
+	f = NULL;
+	data = NULL;
+	ret = -1;
+
+	/*
+	 * read a firmware binary
+	 */
+	if (read_bin_file(bin, &data, &bin_size))
+		goto err;
+
+	/*
+	 * write a capsule file
+	 */
 	f = fopen(path, "w");
 	if (!f) {
-		printf("cannot open %s\n", path);
-		goto err_2;
+		fprintf(stderr, "cannot open %s\n", path);
+		goto err;
 	}
+
+	/*
+	 * capsule file header
+	 */
 	header.capsule_guid = efi_guid_fm_capsule;
 	header.header_size = sizeof(header);
 	/* TODO: The current implementation ignores flags */
@@ -105,70 +214,57 @@
 	header.capsule_image_size = sizeof(header)
 					+ sizeof(capsule) + sizeof(u64)
 					+ sizeof(image)
-					+ bin_stat.st_size;
-
-	size = fwrite(&header, 1, sizeof(header), f);
-	if (size < sizeof(header)) {
-		printf("write failed (%zx)\n", size);
-		goto err_3;
-	}
+					+ bin_size;
+	if (write_capsule_file(f, &header, sizeof(header),
+			       "Capsule header"))
+		goto err;
 
+	/*
+	 * firmware capsule header
+	 * This capsule has only one firmware capsule image.
+	 */
 	capsule.version = 0x00000001;
 	capsule.embedded_driver_count = 0;
 	capsule.payload_item_count = 1;
-	size = fwrite(&capsule, 1, sizeof(capsule), f);
-	if (size < (sizeof(capsule))) {
-		printf("write failed (%zx)\n", size);
-		goto err_3;
-	}
+	if (write_capsule_file(f, &capsule, sizeof(capsule),
+			       "Firmware capsule header"))
+		goto err;
+
 	offset = sizeof(capsule) + sizeof(u64);
-	size = fwrite(&offset, 1, sizeof(offset), f);
-	if (size < sizeof(offset)) {
-		printf("write failed (%zx)\n", size);
-		goto err_3;
-	}
+	if (write_capsule_file(f, &offset, sizeof(offset),
+			       "Offset to capsule image"))
+		goto err;
 
+	/*
+	 * firmware capsule image header
+	 */
 	image.version = 0x00000003;
 	memcpy(&image.update_image_type_id, guid, sizeof(*guid));
 	image.update_image_index = index;
 	image.reserved[0] = 0;
 	image.reserved[1] = 0;
 	image.reserved[2] = 0;
-	image.update_image_size = bin_stat.st_size;
+	image.update_image_size = bin_size;
 	image.update_vendor_code_size = 0; /* none */
 	image.update_hardware_instance = instance;
 	image.image_capsule_support = 0;
-
-	size = fwrite(&image, 1, sizeof(image), f);
-	if (size < sizeof(image)) {
-		printf("write failed (%zx)\n", size);
-		goto err_3;
-	}
-	size = fread(data, 1, bin_stat.st_size, g);
-	if (size < bin_stat.st_size) {
-		printf("read failed (%zx)\n", size);
-		goto err_3;
-	}
-	size = fwrite(data, 1, bin_stat.st_size, f);
-	if (size < bin_stat.st_size) {
-		printf("write failed (%zx)\n", size);
-		goto err_3;
-	}
+	if (write_capsule_file(f, &image, sizeof(image),
+			       "Firmware capsule image header"))
+		goto err;
 
-	fclose(f);
-	fclose(g);
-	free(data);
+	/*
+	 * firmware binary
+	 */
+	if (write_capsule_file(f, data, bin_size, "Firmware binary"))
+		goto err;
 
-	return 0;
-
-err_3:
-	fclose(f);
-err_2:
+	ret = 0;
+err:
+	if (f)
+		fclose(f);
 	free(data);
-err_1:
-	fclose(g);
 
-	return -1;
+	return ret;
 }
 
 /*
@@ -194,7 +290,7 @@
 		switch (c) {
 		case 'f':
 			if (file) {
-				printf("Image already specified\n");
+				fprintf(stderr, "Image already specified\n");
 				return -1;
 			}
 			file = optarg;
@@ -202,7 +298,7 @@
 			break;
 		case 'r':
 			if (file) {
-				printf("Image already specified\n");
+				fprintf(stderr, "Image already specified\n");
 				return -1;
 			}
 			file = optarg;
@@ -234,7 +330,7 @@
 
 	if (create_fwbin(argv[optind], file, guid, index, instance)
 			< 0) {
-		printf("Creating firmware capsule failed\n");
+		fprintf(stderr, "Creating firmware capsule failed\n");
 		exit(EXIT_FAILURE);
 	}