blob: 96f847652ec6fe11680bea7e855983eac351d0ea [file] [log] [blame]
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +02001// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (c) 2020, Linaro Limited
4 */
5
6#define LOG_CATEGORY LOGC_EFI
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +09007#include <bootm.h>
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +02008#include <env.h>
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +09009#include <image.h>
10#include <log.h>
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020011#include <malloc.h>
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +090012#include <mapmem.h>
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020013#include <dm.h>
14#include <fs.h>
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +090015#include <efi_api.h>
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020016#include <efi_load_initrd.h>
17#include <efi_loader.h>
18#include <efi_variable.h>
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +090019#include <linux/libfdt.h>
20#include <linux/list.h>
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020021
Heinrich Schuchardt6c405cb2021-10-15 02:33:33 +020022#if defined(CONFIG_CMD_EFIDEBUG) || defined(CONFIG_EFI_LOAD_FILE2_INITRD)
23/* GUID used by Linux to identify the LoadFile2 protocol with the initrd */
24const efi_guid_t efi_lf2_initrd_guid = EFI_INITRD_MEDIA_GUID;
25#endif
26
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020027/**
28 * efi_create_current_boot_var() - Return Boot#### name were #### is replaced by
29 * the value of BootCurrent
30 *
31 * @var_name: variable name
32 * @var_name_size: size of var_name
33 *
34 * Return: Status code
35 */
36static efi_status_t efi_create_current_boot_var(u16 var_name[],
37 size_t var_name_size)
38{
39 efi_uintn_t boot_current_size;
40 efi_status_t ret;
41 u16 boot_current;
42 u16 *pos;
43
44 boot_current_size = sizeof(boot_current);
Simon Glass90975372022-01-23 12:55:12 -070045 ret = efi_get_variable_int(u"BootCurrent",
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020046 &efi_global_variable_guid, NULL,
47 &boot_current_size, &boot_current, NULL);
48 if (ret != EFI_SUCCESS)
49 goto out;
50
51 pos = efi_create_indexed_name(var_name, var_name_size, "Boot",
52 boot_current);
53 if (!pos) {
54 ret = EFI_OUT_OF_RESOURCES;
55 goto out;
56 }
57
58out:
59 return ret;
60}
61
62/**
63 * efi_get_dp_from_boot() - Retrieve and return a device path from an EFI
64 * Boot### variable.
65 * A boot option may contain an array of device paths.
66 * We use a VenMedia() with a specific GUID to identify
67 * the usage of the array members. This function is
68 * used to extract a specific device path
69 *
70 * @guid: vendor GUID of the VenMedia() device path node identifying the
71 * device path
72 *
73 * Return: device path or NULL. Caller must free the returned value
74 */
Heinrich Schuchardtefd90d72024-04-26 16:13:08 +020075struct efi_device_path *efi_get_dp_from_boot(const efi_guid_t *guid)
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020076{
Ilias Apalodimasb92f7ba2024-08-12 23:57:59 +030077 struct efi_device_path *file_path = NULL;
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020078 struct efi_load_option lo;
Heinrich Schuchardt35dd3222021-10-15 02:59:15 +020079 void *var_value;
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020080 efi_uintn_t size;
81 efi_status_t ret;
82 u16 var_name[16];
83
84 ret = efi_create_current_boot_var(var_name, sizeof(var_name));
85 if (ret != EFI_SUCCESS)
86 return NULL;
87
88 var_value = efi_get_var(var_name, &efi_global_variable_guid, &size);
89 if (!var_value)
90 return NULL;
91
92 ret = efi_deserialize_load_option(&lo, var_value, &size);
93 if (ret != EFI_SUCCESS)
Heinrich Schuchardt35dd3222021-10-15 02:59:15 +020094 goto err;
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020095
Ilias Apalodimasb92f7ba2024-08-12 23:57:59 +030096 file_path = efi_dp_from_lo(&lo, guid);
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020097
Heinrich Schuchardt35dd3222021-10-15 02:59:15 +020098err:
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +020099 free(var_value);
Ilias Apalodimasb92f7ba2024-08-12 23:57:59 +0300100 return file_path;
Ilias Apalodimasaa0f7552021-03-17 21:54:59 +0200101}
Ilias Apalodimas34db9b12022-05-06 15:36:00 +0300102
Heinrich Schuchardtf7529f72024-04-26 16:13:11 +0200103/**
104 * efi_load_option_dp_join() - join device-paths for load option
105 *
106 * @dp: in: binary device-path, out: joined device-path
107 * @dp_size: size of joined device-path
108 * @initrd_dp: initrd device-path or NULL
109 * @fdt_dp: device-tree device-path or NULL
110 * Return: status_code
111 */
112efi_status_t efi_load_option_dp_join(struct efi_device_path **dp,
113 size_t *dp_size,
114 struct efi_device_path *initrd_dp,
115 struct efi_device_path *fdt_dp)
116{
117 if (!dp)
118 return EFI_INVALID_PARAMETER;
119
120 *dp_size = efi_dp_size(*dp);
121
122 if (initrd_dp) {
123 struct efi_device_path *tmp_dp = *dp;
124
125 *dp = efi_dp_concat(tmp_dp, initrd_dp, *dp_size);
126 efi_free_pool(tmp_dp);
127 if (!*dp)
128 return EFI_OUT_OF_RESOURCES;
129 *dp_size += efi_dp_size(initrd_dp) + sizeof(END);
130 }
131
132 if (fdt_dp) {
133 struct efi_device_path *tmp_dp = *dp;
134
135 *dp = efi_dp_concat(tmp_dp, fdt_dp, *dp_size);
136 efi_free_pool(tmp_dp);
Heinrich Schuchardt9b4e1f52024-07-24 15:26:04 +0200137 if (!*dp)
Heinrich Schuchardtf7529f72024-04-26 16:13:11 +0200138 return EFI_OUT_OF_RESOURCES;
139 *dp_size += efi_dp_size(fdt_dp) + sizeof(END);
140 }
141
142 *dp_size += sizeof(END);
143
144 return EFI_SUCCESS;
145}
146
Ilias Apalodimas34db9b12022-05-06 15:36:00 +0300147const struct guid_to_hash_map {
148 efi_guid_t guid;
149 const char algo[32];
150 u32 bits;
151} guid_to_hash[] = {
152 {
153 EFI_CERT_X509_SHA256_GUID,
154 "sha256",
155 SHA256_SUM_LEN * 8,
156 },
157 {
158 EFI_CERT_SHA256_GUID,
159 "sha256",
160 SHA256_SUM_LEN * 8,
161 },
162 {
163 EFI_CERT_X509_SHA384_GUID,
164 "sha384",
165 SHA384_SUM_LEN * 8,
166 },
167 {
168 EFI_CERT_X509_SHA512_GUID,
169 "sha512",
170 SHA512_SUM_LEN * 8,
171 },
172};
173
174#define MAX_GUID_TO_HASH_COUNT ARRAY_SIZE(guid_to_hash)
175
176/** guid_to_sha_str - return the sha string e.g "sha256" for a given guid
177 * used on EFI security databases
178 *
179 * @guid: guid to check
180 *
181 * Return: len or 0 if no match is found
182 */
183const char *guid_to_sha_str(const efi_guid_t *guid)
184{
185 size_t i;
186
187 for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) {
188 if (!guidcmp(guid, &guid_to_hash[i].guid))
189 return guid_to_hash[i].algo;
190 }
191
192 return NULL;
193}
194
195/** algo_to_len - return the sha size in bytes for a given string
196 *
197 * @algo: string indicating hashing algorithm to check
198 *
199 * Return: length of hash in bytes or 0 if no match is found
200 */
201int algo_to_len(const char *algo)
202{
203 size_t i;
204
205 for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) {
206 if (!strcmp(algo, guid_to_hash[i].algo))
207 return guid_to_hash[i].bits / 8;
208 }
209
210 return 0;
211}
Masahisa Kojimac9611082022-07-22 11:39:10 +0900212
213/** efi_link_dev - link the efi_handle_t and udevice
214 *
215 * @handle: efi handle to associate with udevice
216 * @dev: udevice to associate with efi handle
217 *
218 * Return: 0 on success, negative on failure
219 */
220int efi_link_dev(efi_handle_t handle, struct udevice *dev)
221{
222 handle->dev = dev;
223 return dev_tag_set_ptr(dev, DM_TAG_EFI, handle);
224}
Heinrich Schuchardt34f34622022-10-03 09:47:51 +0200225
226/**
227 * efi_unlink_dev() - unlink udevice and handle
228 *
229 * @handle: EFI handle to unlink
230 *
231 * Return: 0 on success, negative on failure
232 */
233int efi_unlink_dev(efi_handle_t handle)
234{
235 int ret;
236
237 ret = dev_tag_del(handle->dev, DM_TAG_EFI);
238 if (ret)
239 return ret;
240 handle->dev = NULL;
241
242 return 0;
243}
Masahisa Kojima2f407f02022-12-02 13:59:35 +0900244
245static int u16_tohex(u16 c)
246{
247 if (c >= '0' && c <= '9')
248 return c - '0';
249 if (c >= 'A' && c <= 'F')
250 return c - 'A' + 10;
251
252 /* not hexadecimal */
253 return -1;
254}
255
256bool efi_varname_is_load_option(u16 *var_name16, int *index)
257{
258 int id, i, digit;
259
260 if (memcmp(var_name16, u"Boot", 8))
261 return false;
262
263 for (id = 0, i = 0; i < 4; i++) {
264 digit = u16_tohex(var_name16[4 + i]);
265 if (digit < 0)
266 break;
267 id = (id << 4) + digit;
268 }
269 if (i == 4 && !var_name16[8]) {
270 if (index)
271 *index = id;
272 return true;
273 }
274
275 return false;
276}
Masahisa Kojima7ec3c6f2022-12-19 11:33:12 +0900277
278/**
279 * efi_next_variable_name() - get next variable name
280 *
281 * This function is a wrapper of efi_get_next_variable_name_int().
282 * If efi_get_next_variable_name_int() returns EFI_BUFFER_TOO_SMALL,
283 * @size and @buf are updated by new buffer size and realloced buffer.
284 *
285 * @size: pointer to the buffer size
286 * @buf: pointer to the buffer
287 * @guid: pointer to the guid
288 * Return: status code
289 */
290efi_status_t efi_next_variable_name(efi_uintn_t *size, u16 **buf, efi_guid_t *guid)
291{
292 u16 *p;
293 efi_status_t ret;
294 efi_uintn_t buf_size = *size;
295
296 ret = efi_get_next_variable_name_int(&buf_size, *buf, guid);
297 if (ret == EFI_NOT_FOUND)
298 return ret;
299 if (ret == EFI_BUFFER_TOO_SMALL) {
300 p = realloc(*buf, buf_size);
301 if (!p)
302 return EFI_OUT_OF_RESOURCES;
303
304 *buf = p;
305 *size = buf_size;
306 ret = efi_get_next_variable_name_int(&buf_size, *buf, guid);
307 }
308
309 return ret;
310}
Raymond Mao70a76c52023-06-19 14:22:58 -0700311
312/**
313 * efi_search_bootorder() - search the boot option index in BootOrder
314 *
315 * @bootorder: pointer to the BootOrder variable
316 * @num: number of BootOrder entry
317 * @target: target boot option index to search
318 * @index: pointer to store the index of BootOrder variable
319 * Return: true if exists, false otherwise
320 */
321bool efi_search_bootorder(u16 *bootorder, efi_uintn_t num, u32 target, u32 *index)
322{
323 u32 i;
324
325 for (i = 0; i < num; i++) {
326 if (target == bootorder[i]) {
327 if (index)
328 *index = i;
329
330 return true;
331 }
332 }
333
334 return false;
335}
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900336
337/**
338 * efi_env_set_load_options() - set load options from environment variable
339 *
340 * @handle: the image handle
341 * @env_var: name of the environment variable
342 * @load_options: pointer to load options (output)
343 * Return: status code
344 */
345efi_status_t efi_env_set_load_options(efi_handle_t handle,
346 const char *env_var,
347 u16 **load_options)
348{
349 const char *env = env_get(env_var);
350 size_t size;
351 u16 *pos;
352 efi_status_t ret;
353
354 *load_options = NULL;
355 if (!env)
356 return EFI_SUCCESS;
357 size = sizeof(u16) * (utf8_utf16_strlen(env) + 1);
358 pos = calloc(size, 1);
359 if (!pos)
360 return EFI_OUT_OF_RESOURCES;
361 *load_options = pos;
362 utf8_utf16_strcpy(&pos, env);
363 ret = efi_set_load_options(handle, size, *load_options);
364 if (ret != EFI_SUCCESS) {
365 free(*load_options);
366 *load_options = NULL;
367 }
368 return ret;
369}
370
371/**
372 * copy_fdt() - Copy the device tree to a new location available to EFI
373 *
374 * The FDT is copied to a suitable location within the EFI memory map.
375 * Additional 12 KiB are added to the space in case the device tree needs to be
376 * expanded later with fdt_open_into().
377 *
378 * @fdtp: On entry a pointer to the flattened device tree.
379 * On exit a pointer to the copy of the flattened device tree.
380 * FDT start
381 * Return: status code
382 */
383static efi_status_t copy_fdt(void **fdtp)
384{
385 unsigned long fdt_ram_start = -1L, fdt_pages;
386 efi_status_t ret = 0;
387 void *fdt, *new_fdt;
388 u64 new_fdt_addr;
389 uint fdt_size;
390 int i;
391
392 for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
393 u64 ram_start = gd->bd->bi_dram[i].start;
394 u64 ram_size = gd->bd->bi_dram[i].size;
395
396 if (!ram_size)
397 continue;
398
399 if (ram_start < fdt_ram_start)
400 fdt_ram_start = ram_start;
401 }
402
403 /*
404 * Give us at least 12 KiB of breathing room in case the device tree
405 * needs to be expanded later.
406 */
407 fdt = *fdtp;
408 fdt_pages = efi_size_in_pages(fdt_totalsize(fdt) + 0x3000);
409 fdt_size = fdt_pages << EFI_PAGE_SHIFT;
410
411 ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
412 EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
413 &new_fdt_addr);
414 if (ret != EFI_SUCCESS) {
415 log_err("ERROR: Failed to reserve space for FDT\n");
416 goto done;
417 }
418 new_fdt = (void *)(uintptr_t)new_fdt_addr;
419 memcpy(new_fdt, fdt, fdt_totalsize(fdt));
420 fdt_set_totalsize(new_fdt, fdt_size);
421
422 *fdtp = (void *)(uintptr_t)new_fdt_addr;
423done:
424 return ret;
425}
426
427/**
Heinrich Schuchardt0a4a2f32024-01-26 08:54:30 +0100428 * efi_get_configuration_table() - get configuration table
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900429 *
430 * @guid: GUID of the configuration table
431 * Return: pointer to configuration table or NULL
432 */
Heinrich Schuchardt0a4a2f32024-01-26 08:54:30 +0100433void *efi_get_configuration_table(const efi_guid_t *guid)
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900434{
435 size_t i;
436
437 for (i = 0; i < systab.nr_tables; i++) {
438 if (!guidcmp(guid, &systab.tables[i].guid))
439 return systab.tables[i].table;
440 }
441 return NULL;
442}
443
444/**
445 * efi_install_fdt() - install device tree
446 *
447 * If fdt is not EFI_FDT_USE_INTERNAL, the device tree located at that memory
448 * address will be installed as configuration table, otherwise the device
449 * tree located at the address indicated by environment variable fdt_addr or as
450 * fallback fdtcontroladdr will be used.
451 *
452 * On architectures using ACPI tables device trees shall not be installed as
453 * configuration table.
454 *
455 * @fdt: address of device tree or EFI_FDT_USE_INTERNAL to use
456 * the hardware device tree as indicated by environment variable
457 * fdt_addr or as fallback the internal device tree as indicated by
458 * the environment variable fdtcontroladdr
459 * Return: status code
460 */
461efi_status_t efi_install_fdt(void *fdt)
462{
463 struct bootm_headers img = { 0 };
464 efi_status_t ret;
465
466 /*
467 * The EBBR spec requires that we have either an FDT or an ACPI table
468 * but not both.
469 */
470 if (CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE) && fdt)
471 log_warning("WARNING: Can't have ACPI table and device tree - ignoring DT.\n");
472
473 if (fdt == EFI_FDT_USE_INTERNAL) {
474 const char *fdt_opt;
475 uintptr_t fdt_addr;
476
477 /* Look for device tree that is already installed */
Heinrich Schuchardt0a4a2f32024-01-26 08:54:30 +0100478 if (efi_get_configuration_table(&efi_guid_fdt))
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900479 return EFI_SUCCESS;
480 /* Check if there is a hardware device tree */
481 fdt_opt = env_get("fdt_addr");
482 /* Use our own device tree as fallback */
483 if (!fdt_opt) {
484 fdt_opt = env_get("fdtcontroladdr");
485 if (!fdt_opt) {
486 log_err("ERROR: need device tree\n");
487 return EFI_NOT_FOUND;
488 }
489 }
490 fdt_addr = hextoul(fdt_opt, NULL);
491 if (!fdt_addr) {
492 log_err("ERROR: invalid $fdt_addr or $fdtcontroladdr\n");
493 return EFI_LOAD_ERROR;
494 }
495 fdt = map_sysmem(fdt_addr, 0);
496 }
497
498 /* Install device tree */
499 if (fdt_check_header(fdt)) {
500 log_err("ERROR: invalid device tree\n");
501 return EFI_LOAD_ERROR;
502 }
503
Mark Kettenis98c598c2024-02-16 00:25:34 +0100504 if (CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE)) {
505 /* Create memory reservations as indicated by the device tree */
506 efi_carve_out_dt_rsv(fdt);
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900507 return EFI_SUCCESS;
Mark Kettenis98c598c2024-02-16 00:25:34 +0100508 }
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900509
510 /* Prepare device tree for payload */
511 ret = copy_fdt(&fdt);
512 if (ret) {
513 log_err("ERROR: out of memory\n");
514 return EFI_OUT_OF_RESOURCES;
515 }
516
Sughosh Ganu291bf9c2024-08-26 17:29:18 +0530517 if (image_setup_libfdt(&img, fdt, false)) {
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900518 log_err("ERROR: failed to process device tree\n");
519 return EFI_LOAD_ERROR;
520 }
521
Mark Kettenis98c598c2024-02-16 00:25:34 +0100522 /* Create memory reservations as indicated by the device tree */
523 efi_carve_out_dt_rsv(fdt);
524
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900525 efi_try_purge_kaslr_seed(fdt);
526
527 if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
528 ret = efi_tcg2_measure_dtb(fdt);
529 if (ret == EFI_SECURITY_VIOLATION) {
530 log_err("ERROR: failed to measure DTB\n");
531 return ret;
532 }
533 }
534
535 /* Install device tree as UEFI table */
536 ret = efi_install_configuration_table(&efi_guid_fdt, fdt);
537 if (ret != EFI_SUCCESS) {
538 log_err("ERROR: failed to install device tree\n");
539 return ret;
540 }
541
542 return EFI_SUCCESS;
543}
544
545/**
546 * do_bootefi_exec() - execute EFI binary
547 *
548 * The image indicated by @handle is started. When it returns the allocated
549 * memory for the @load_options is freed.
550 *
551 * @handle: handle of loaded image
552 * @load_options: load options
553 * Return: status code
554 *
555 * Load the EFI binary into a newly assigned memory unwinding the relocation
556 * information, install the loaded image protocol, and call the binary.
557 */
558efi_status_t do_bootefi_exec(efi_handle_t handle, void *load_options)
559{
560 efi_status_t ret;
561 efi_uintn_t exit_data_size = 0;
562 u16 *exit_data = NULL;
563 struct efi_event *evt;
564
565 /* On ARM switch from EL3 or secure mode to EL2 or non-secure mode */
566 switch_to_non_secure_mode();
567
568 /*
569 * The UEFI standard requires that the watchdog timer is set to five
570 * minutes when invoking an EFI boot option.
571 *
572 * Unified Extensible Firmware Interface (UEFI), version 2.7 Errata A
573 * 7.5. Miscellaneous Boot Services - EFI_BOOT_SERVICES.SetWatchdogTimer
574 */
575 ret = efi_set_watchdog(300);
576 if (ret != EFI_SUCCESS) {
577 log_err("ERROR: Failed to set watchdog timer\n");
578 goto out;
579 }
580
581 /* Call our payload! */
582 ret = EFI_CALL(efi_start_image(handle, &exit_data_size, &exit_data));
583 if (ret != EFI_SUCCESS) {
584 log_err("## Application failed, r = %lu\n",
585 ret & ~EFI_ERROR_MASK);
586 if (exit_data) {
587 log_err("## %ls\n", exit_data);
588 efi_free_pool(exit_data);
589 }
590 }
591
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900592out:
593 free(load_options);
594
AKASHI Takahiro9b08b9a2024-01-17 13:39:41 +0900595 /* Notify EFI_EVENT_GROUP_RETURN_TO_EFIBOOTMGR event group. */
596 list_for_each_entry(evt, &efi_events, link) {
597 if (evt->group &&
598 !guidcmp(evt->group,
599 &efi_guid_event_group_return_to_efibootmgr)) {
600 efi_signal_event(evt);
601 EFI_CALL(systab.boottime->close_event(evt));
602 break;
603 }
604 }
605
606 /* Control is returned to U-Boot, disable EFI watchdog */
607 efi_set_watchdog(0);
608
609 return ret;
610}