1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2020, Linaro Limited
6 #define LOG_CATEGORY LOGC_EFI
16 #include <efi_load_initrd.h>
17 #include <efi_loader.h>
18 #include <efi_variable.h>
19 #include <linux/libfdt.h>
20 #include <linux/list.h>
22 #if defined(CONFIG_CMD_EFIDEBUG) || defined(CONFIG_EFI_LOAD_FILE2_INITRD)
23 /* GUID used by Linux to identify the LoadFile2 protocol with the initrd */
24 const efi_guid_t efi_lf2_initrd_guid = EFI_INITRD_MEDIA_GUID;
28 * efi_create_current_boot_var() - Return Boot#### name were #### is replaced by
29 * the value of BootCurrent
31 * @var_name: variable name
32 * @var_name_size: size of var_name
36 static efi_status_t efi_create_current_boot_var(u16 var_name[],
39 efi_uintn_t boot_current_size;
44 boot_current_size = sizeof(boot_current);
45 ret = efi_get_variable_int(u"BootCurrent",
46 &efi_global_variable_guid, NULL,
47 &boot_current_size, &boot_current, NULL);
48 if (ret != EFI_SUCCESS)
51 pos = efi_create_indexed_name(var_name, var_name_size, "Boot",
54 ret = EFI_OUT_OF_RESOURCES;
63 * efi_get_dp_from_boot() - Retrieve and return a device path from an EFI
65 * A boot option may contain an array of device paths.
66 * We use a VenMedia() with a specific GUID to identify
67 * the usage of the array members. This function is
68 * used to extract a specific device path
70 * @guid: vendor GUID of the VenMedia() device path node identifying the
73 * Return: device path or NULL. Caller must free the returned value
75 struct efi_device_path *efi_get_dp_from_boot(const efi_guid_t guid)
77 struct efi_load_option lo;
83 ret = efi_create_current_boot_var(var_name, sizeof(var_name));
84 if (ret != EFI_SUCCESS)
87 var_value = efi_get_var(var_name, &efi_global_variable_guid, &size);
91 ret = efi_deserialize_load_option(&lo, var_value, &size);
92 if (ret != EFI_SUCCESS)
95 return efi_dp_from_lo(&lo, &guid);
102 const struct guid_to_hash_map {
108 EFI_CERT_X509_SHA256_GUID,
113 EFI_CERT_SHA256_GUID,
118 EFI_CERT_X509_SHA384_GUID,
123 EFI_CERT_X509_SHA512_GUID,
129 #define MAX_GUID_TO_HASH_COUNT ARRAY_SIZE(guid_to_hash)
131 /** guid_to_sha_str - return the sha string e.g "sha256" for a given guid
132 * used on EFI security databases
134 * @guid: guid to check
136 * Return: len or 0 if no match is found
138 const char *guid_to_sha_str(const efi_guid_t *guid)
142 for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) {
143 if (!guidcmp(guid, &guid_to_hash[i].guid))
144 return guid_to_hash[i].algo;
150 /** algo_to_len - return the sha size in bytes for a given string
152 * @algo: string indicating hashing algorithm to check
154 * Return: length of hash in bytes or 0 if no match is found
156 int algo_to_len(const char *algo)
160 for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) {
161 if (!strcmp(algo, guid_to_hash[i].algo))
162 return guid_to_hash[i].bits / 8;
168 /** efi_link_dev - link the efi_handle_t and udevice
170 * @handle: efi handle to associate with udevice
171 * @dev: udevice to associate with efi handle
173 * Return: 0 on success, negative on failure
175 int efi_link_dev(efi_handle_t handle, struct udevice *dev)
178 return dev_tag_set_ptr(dev, DM_TAG_EFI, handle);
182 * efi_unlink_dev() - unlink udevice and handle
184 * @handle: EFI handle to unlink
186 * Return: 0 on success, negative on failure
188 int efi_unlink_dev(efi_handle_t handle)
192 ret = dev_tag_del(handle->dev, DM_TAG_EFI);
200 static int u16_tohex(u16 c)
202 if (c >= '0' && c <= '9')
204 if (c >= 'A' && c <= 'F')
207 /* not hexadecimal */
211 bool efi_varname_is_load_option(u16 *var_name16, int *index)
215 if (memcmp(var_name16, u"Boot", 8))
218 for (id = 0, i = 0; i < 4; i++) {
219 digit = u16_tohex(var_name16[4 + i]);
222 id = (id << 4) + digit;
224 if (i == 4 && !var_name16[8]) {
234 * efi_next_variable_name() - get next variable name
236 * This function is a wrapper of efi_get_next_variable_name_int().
237 * If efi_get_next_variable_name_int() returns EFI_BUFFER_TOO_SMALL,
238 * @size and @buf are updated by new buffer size and realloced buffer.
240 * @size: pointer to the buffer size
241 * @buf: pointer to the buffer
242 * @guid: pointer to the guid
243 * Return: status code
245 efi_status_t efi_next_variable_name(efi_uintn_t *size, u16 **buf, efi_guid_t *guid)
249 efi_uintn_t buf_size = *size;
251 ret = efi_get_next_variable_name_int(&buf_size, *buf, guid);
252 if (ret == EFI_NOT_FOUND)
254 if (ret == EFI_BUFFER_TOO_SMALL) {
255 p = realloc(*buf, buf_size);
257 return EFI_OUT_OF_RESOURCES;
261 ret = efi_get_next_variable_name_int(&buf_size, *buf, guid);
268 * efi_search_bootorder() - search the boot option index in BootOrder
270 * @bootorder: pointer to the BootOrder variable
271 * @num: number of BootOrder entry
272 * @target: target boot option index to search
273 * @index: pointer to store the index of BootOrder variable
274 * Return: true if exists, false otherwise
276 bool efi_search_bootorder(u16 *bootorder, efi_uintn_t num, u32 target, u32 *index)
280 for (i = 0; i < num; i++) {
281 if (target == bootorder[i]) {
293 * efi_env_set_load_options() - set load options from environment variable
295 * @handle: the image handle
296 * @env_var: name of the environment variable
297 * @load_options: pointer to load options (output)
298 * Return: status code
300 efi_status_t efi_env_set_load_options(efi_handle_t handle,
304 const char *env = env_get(env_var);
309 *load_options = NULL;
312 size = sizeof(u16) * (utf8_utf16_strlen(env) + 1);
313 pos = calloc(size, 1);
315 return EFI_OUT_OF_RESOURCES;
317 utf8_utf16_strcpy(&pos, env);
318 ret = efi_set_load_options(handle, size, *load_options);
319 if (ret != EFI_SUCCESS) {
321 *load_options = NULL;
327 * copy_fdt() - Copy the device tree to a new location available to EFI
329 * The FDT is copied to a suitable location within the EFI memory map.
330 * Additional 12 KiB are added to the space in case the device tree needs to be
331 * expanded later with fdt_open_into().
333 * @fdtp: On entry a pointer to the flattened device tree.
334 * On exit a pointer to the copy of the flattened device tree.
336 * Return: status code
338 static efi_status_t copy_fdt(void **fdtp)
340 unsigned long fdt_ram_start = -1L, fdt_pages;
341 efi_status_t ret = 0;
347 for (i = 0; i < CONFIG_NR_DRAM_BANKS; i++) {
348 u64 ram_start = gd->bd->bi_dram[i].start;
349 u64 ram_size = gd->bd->bi_dram[i].size;
354 if (ram_start < fdt_ram_start)
355 fdt_ram_start = ram_start;
359 * Give us at least 12 KiB of breathing room in case the device tree
360 * needs to be expanded later.
363 fdt_pages = efi_size_in_pages(fdt_totalsize(fdt) + 0x3000);
364 fdt_size = fdt_pages << EFI_PAGE_SHIFT;
366 ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
367 EFI_ACPI_RECLAIM_MEMORY, fdt_pages,
369 if (ret != EFI_SUCCESS) {
370 log_err("ERROR: Failed to reserve space for FDT\n");
373 new_fdt = (void *)(uintptr_t)new_fdt_addr;
374 memcpy(new_fdt, fdt, fdt_totalsize(fdt));
375 fdt_set_totalsize(new_fdt, fdt_size);
377 *fdtp = (void *)(uintptr_t)new_fdt_addr;
383 * get_config_table() - get configuration table
385 * @guid: GUID of the configuration table
386 * Return: pointer to configuration table or NULL
388 static void *get_config_table(const efi_guid_t *guid)
392 for (i = 0; i < systab.nr_tables; i++) {
393 if (!guidcmp(guid, &systab.tables[i].guid))
394 return systab.tables[i].table;
400 * efi_install_fdt() - install device tree
402 * If fdt is not EFI_FDT_USE_INTERNAL, the device tree located at that memory
403 * address will be installed as configuration table, otherwise the device
404 * tree located at the address indicated by environment variable fdt_addr or as
405 * fallback fdtcontroladdr will be used.
407 * On architectures using ACPI tables device trees shall not be installed as
408 * configuration table.
410 * @fdt: address of device tree or EFI_FDT_USE_INTERNAL to use
411 * the hardware device tree as indicated by environment variable
412 * fdt_addr or as fallback the internal device tree as indicated by
413 * the environment variable fdtcontroladdr
414 * Return: status code
416 efi_status_t efi_install_fdt(void *fdt)
418 struct bootm_headers img = { 0 };
422 * The EBBR spec requires that we have either an FDT or an ACPI table
425 if (CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE) && fdt)
426 log_warning("WARNING: Can't have ACPI table and device tree - ignoring DT.\n");
428 if (fdt == EFI_FDT_USE_INTERNAL) {
432 /* Look for device tree that is already installed */
433 if (get_config_table(&efi_guid_fdt))
435 /* Check if there is a hardware device tree */
436 fdt_opt = env_get("fdt_addr");
437 /* Use our own device tree as fallback */
439 fdt_opt = env_get("fdtcontroladdr");
441 log_err("ERROR: need device tree\n");
442 return EFI_NOT_FOUND;
445 fdt_addr = hextoul(fdt_opt, NULL);
447 log_err("ERROR: invalid $fdt_addr or $fdtcontroladdr\n");
448 return EFI_LOAD_ERROR;
450 fdt = map_sysmem(fdt_addr, 0);
453 /* Install device tree */
454 if (fdt_check_header(fdt)) {
455 log_err("ERROR: invalid device tree\n");
456 return EFI_LOAD_ERROR;
459 /* Create memory reservations as indicated by the device tree */
460 efi_carve_out_dt_rsv(fdt);
462 if (CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE))
465 /* Prepare device tree for payload */
466 ret = copy_fdt(&fdt);
468 log_err("ERROR: out of memory\n");
469 return EFI_OUT_OF_RESOURCES;
472 if (image_setup_libfdt(&img, fdt, NULL)) {
473 log_err("ERROR: failed to process device tree\n");
474 return EFI_LOAD_ERROR;
477 efi_try_purge_kaslr_seed(fdt);
479 if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
480 ret = efi_tcg2_measure_dtb(fdt);
481 if (ret == EFI_SECURITY_VIOLATION) {
482 log_err("ERROR: failed to measure DTB\n");
487 /* Install device tree as UEFI table */
488 ret = efi_install_configuration_table(&efi_guid_fdt, fdt);
489 if (ret != EFI_SUCCESS) {
490 log_err("ERROR: failed to install device tree\n");
498 * do_bootefi_exec() - execute EFI binary
500 * The image indicated by @handle is started. When it returns the allocated
501 * memory for the @load_options is freed.
503 * @handle: handle of loaded image
504 * @load_options: load options
505 * Return: status code
507 * Load the EFI binary into a newly assigned memory unwinding the relocation
508 * information, install the loaded image protocol, and call the binary.
510 efi_status_t do_bootefi_exec(efi_handle_t handle, void *load_options)
513 efi_uintn_t exit_data_size = 0;
514 u16 *exit_data = NULL;
515 struct efi_event *evt;
517 /* On ARM switch from EL3 or secure mode to EL2 or non-secure mode */
518 switch_to_non_secure_mode();
521 * The UEFI standard requires that the watchdog timer is set to five
522 * minutes when invoking an EFI boot option.
524 * Unified Extensible Firmware Interface (UEFI), version 2.7 Errata A
525 * 7.5. Miscellaneous Boot Services - EFI_BOOT_SERVICES.SetWatchdogTimer
527 ret = efi_set_watchdog(300);
528 if (ret != EFI_SUCCESS) {
529 log_err("ERROR: Failed to set watchdog timer\n");
533 /* Call our payload! */
534 ret = EFI_CALL(efi_start_image(handle, &exit_data_size, &exit_data));
535 if (ret != EFI_SUCCESS) {
536 log_err("## Application failed, r = %lu\n",
537 ret & ~EFI_ERROR_MASK);
539 log_err("## %ls\n", exit_data);
540 efi_free_pool(exit_data);
549 if (IS_ENABLED(CONFIG_EFI_LOAD_FILE2_INITRD)) {
550 if (efi_initrd_deregister() != EFI_SUCCESS)
551 log_err("Failed to remove loadfile2 for initrd\n");
554 /* Notify EFI_EVENT_GROUP_RETURN_TO_EFIBOOTMGR event group. */
555 list_for_each_entry(evt, &efi_events, link) {
558 &efi_guid_event_group_return_to_efibootmgr)) {
559 efi_signal_event(evt);
560 EFI_CALL(systab.boottime->close_event(evt));
565 /* Control is returned to U-Boot, disable EFI watchdog */