[PATCH v2 1/4] image: Add IH_OS_EFI for EFI chain-load boot

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Dec 10 19:29:48 CET 2019


On 12/10/19 9:56 AM, Cristian Ciocaltea wrote:
> Add a new OS type to be used for chain-loading an EFI compatible
> firmware or boot loader like GRUB2, possibly in a verified boot
> scenario.
>
> Bellow is sample ITS file that generates a FIT image supporting
> secure boot. Please note the presence of 'os = "efi";' line, which
> identifies the currently introduced OS type:
>
> / {
>      #address-cells = <1>;
>
>      images {
>          efi-grub {
>              description = "GRUB EFI";
>              data = /incbin/("EFI/BOOT/bootarm.efi");

According to UEFI Spec 2.8 the default file name for 32 bit ARM is
BOOTARM.EFI. But GRUB calls the file grubarm.efi.

So shouldn't we use grubarm.efi here as filename?

You use EFI/BOOT as directory name. I think this path does not add
benefit to the example. The other *.its files also come without any
specific path.

Best regards

Heinrich

>              type = "kernel_noload";
>              arch = "arm";
>              os = "efi";
>              compression = "none";
>              load = <0x0>;
>              entry = <0x0>;
>              hash-1 {
>                  algo = "sha256";
>              };
>          };
>      };
>
>      configurations {
>          default = "config-grub";
>          config-grub {
>              kernel = "efi-grub";
>              signature-1 {
>                  algo = "sha256,rsa2048";
>                  sign-images = "kernel";
>              };
>          };
>      };
> };
>
> Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea at gmail.com>
> ---
>   common/image-fit.c | 3 ++-
>   common/image.c     | 1 +
>   include/image.h    | 1 +
>   3 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/common/image-fit.c b/common/image-fit.c
> index 5c63c769de..19e313bf41 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -1925,7 +1925,8 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
>   		image_type == IH_TYPE_FPGA ||
>   		fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
>   		fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
> -		fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
> +		fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
> +		fit_image_check_os(fit, noffset, IH_OS_EFI);
>
>   	/*
>   	 * If either of the checks fail, we should report an error, but
> diff --git a/common/image.c b/common/image.c
> index f17fa40c49..2e0e2b0e7f 100644
> --- a/common/image.c
> +++ b/common/image.c
> @@ -134,6 +134,7 @@ static const table_entry_t uimage_os[] = {
>   	{	IH_OS_OPENRTOS,	"openrtos",	"OpenRTOS",		},
>   #endif
>   	{	IH_OS_OPENSBI,	"opensbi",	"RISC-V OpenSBI",	},
> +	{	IH_OS_EFI,	"efi",		"EFI Firmware" },
>
>   	{	-1,		"",		"",			},
>   };
> diff --git a/include/image.h b/include/image.h
> index f4d2aaf53e..4a280b78e7 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -157,6 +157,7 @@ enum {
>   	IH_OS_ARM_TRUSTED_FIRMWARE,     /* ARM Trusted Firmware */
>   	IH_OS_TEE,			/* Trusted Execution Environment */
>   	IH_OS_OPENSBI,			/* RISC-V OpenSBI */
> +	IH_OS_EFI,			/* EFI Firmware (e.g. GRUB2) */
>
>   	IH_OS_COUNT,
>   };
>



More information about the U-Boot mailing list