[U-Boot] [PATCH 0/2] Add support for booting EFI FIT images

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Dec 8 01:25:27 CET 2019


On 11/28/19 8:20 AM, Heinrich Schuchardt wrote:
> On 11/27/19 8:45 PM, Cristian Ciocaltea wrote:
>> On Tue, Nov 26, 2019 at 07:31:39PM +0100, Heinrich Schuchardt wrote:
>>> On 11/24/19 9:11 PM, Cristian Ciocaltea wrote:
>>>> Currently the only way to run an EFI binary like GRUB2 is via the
>>>> 'bootefi' command, which cannot be used in a verified boot scenario.
>>>>
>>>> The obvious solution to this limitation is to add support for
>>>> booting FIT images containing those EFI binaries.
>>>>
>>>> The implementation relies on a new image type - IH_OS_EFI - which
>>>> can be created by using 'os = "efi"' inside an ITS file:
>>>>
>>>> / {
>>>>       #address-cells = <1>;
>>>>
>>>>       images {
>>>>           efi-grub {
>>>>               description = "GRUB EFI";
>>>>               data = /incbin/("EFI/BOOT/bootarm.efi");
>>>>               type = "kernel_noload";
>>>>               arch = "arm";
>>>>               os = "efi";
>>>>               compression = "none";
>>>>               load = <0x0>;
>>>>               entry = <0x0>;
>>>>               hash-1 {
>>>>                   algo = "sha256";
>>>>               };
>>>>           };
>>>>       };
>>>>
>>>>       configurations {
>>>>           default = "config-grub";
>>>>           config-grub {
>>>>               kernel = "efi-grub";
>>>>               signature-1 {
>>>>                   algo = "sha256,rsa2048";
>>>>                   sign-images = "kernel";
>>>>               };
>>>>           };
>>>>       };
>>>> };
>>>>
>>>> The bootm command has been extended to handle the IH_OS_EFI images.
>>>> To enable this feature, a new configuration option has been added:
>>>> BOOTM_EFI
>>>>
>>>> I tested the solution using the 'qemu_arm' board:
>>>>
>>>> => load scsi 0:1 ${kernel_addr_r} efi-image.fit
>>>> => bootm ${kernel_addr_r}#config-grub
>>>
>>> Thanks a lot for the patch series which makes good sense to me.
>>>
>>> I think we should pass addresses and not strings to cmd/bootefi.c. This
>>> will need a bit of refactoring as already addressed in a comment to
>>> patch 2/2.
>>>
>>> Additionally the documentation in doc/uefi/u-boot_on_efi.rst and
>>> doc/uImage.FIT/howto.txt should be updated.
>>>
>>> I cc the contributors given by
>>> scripts/get_maintainer.pl -f common/bootm_os.c
>>>
>>> Best regards
>>>
>>> Heinrich
>>>
>>
>> Thanks for the feedback, Heinrich!
>>
>> Instead of creating new function(s), I think we could simply extend
>>    int do_bootefi_image(const char *image_opt)
>> with a new parameter to hold the fdt address and move here the call
>> to 'efi_install_fdt()', which is now performed by 'do_bootefi()'.
>
> efi_install_fdt() has to be called for the 'bootefi bootmgr' command too
> so the refactoring is a bit more complicated. I have started on that.
>
> The first step is to change efi_install_fdt() to expect the argument as
> address instead of a string.
>
> https://github.com/xypron/u-boot-patches/blob/efi-next/0001-efi_loader-pass-address-to-efi_install_fdt.patch
>
>
> fdt_addr==NULL indicates no device tree supplied by user.
>
> Best regards
>
> Heinrich
>
>>
>> However, I'm not sure about changing the data types, i.e. from
>> 'char *' to ulong, for the following reasons:
>> 1. image_opt may have a different meaning in addition to efi address
>> 2. fdt address may not be provided, so we need somehow to detect an >> invalid value
>>
>> Kind regards,
>> Cristian
>>

Hello Christian,

patch series
efi_loader: prepare for FIT images
https://lists.denx.de/pipermail/u-boot/2019-December/393192.html
is now available. It offers these functions:

/* Install device tree */
efi_status_t efi_install_fdt(uintptr_t fdt_addr);
/* Run loaded UEFI image */
efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);

Could you, please, rebase your patches on this patch series.

Please, call efi_install_fdt with EFI_FDT_USE_INTERNAL if no device tree
is supplied by the FIT image.

The patch series is also available in branch efi-2020-04 at
https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git

Best regards

Heinrich


More information about the U-Boot mailing list