[U-Boot] [PATCH 0/2] Add support for booting EFI FIT images

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Nov 26 18:31:39 UTC 2019 

On 11/24/19 9:11 PM, Cristian Ciocaltea wrote:
> Currently the only way to run an EFI binary like GRUB2 is via the
> 'bootefi' command, which cannot be used in a verified boot scenario.
>
> The obvious solution to this limitation is to add support for
> booting FIT images containing those EFI binaries.
>
> The implementation relies on a new image type - IH_OS_EFI - which
> can be created by using 'os = "efi"' inside an ITS file:
>
> / {
>      #address-cells = <1>;
>
>      images {
>          efi-grub {
>              description = "GRUB EFI";
>              data = /incbin/("EFI/BOOT/bootarm.efi");
>              type = "kernel_noload";
>              arch = "arm";
>              os = "efi";
>              compression = "none";
>              load = <0x0>;
>              entry = <0x0>;
>              hash-1 {
>                  algo = "sha256";
>              };
>          };
>      };
>
>      configurations {
>          default = "config-grub";
>          config-grub {
>              kernel = "efi-grub";
>              signature-1 {
>                  algo = "sha256,rsa2048";
>                  sign-images = "kernel";
>              };
>          };
>      };
> };
>
> The bootm command has been extended to handle the IH_OS_EFI images.
> To enable this feature, a new configuration option has been added:
> BOOTM_EFI
>
> I tested the solution using the 'qemu_arm' board:
>
> => load scsi 0:1 ${kernel_addr_r} efi-image.fit
> => bootm ${kernel_addr_r}#config-grub

Thanks a lot for the patch series which makes good sense to me.

I think we should pass addresses and not strings to cmd/bootefi.c. This
will need a bit of refactoring as already addressed in a comment to
patch 2/2.

Additionally the documentation in doc/uefi/u-boot_on_efi.rst and
doc/uImage.FIT/howto.txt should be updated.

I cc the contributors given by
scripts/get_maintainer.pl -f common/bootm_os.c

Best regards

Heinrich

>
>
> Cristian Ciocaltea (2):
>    image: Add IH_OS_EFI for EFI chain-load boot
>    bootm: Add a bootm command for type IH_OS_EFI
>
>   cmd/Kconfig        |  9 ++++++++-
>   cmd/bootefi.c      |  2 +-
>   common/bootm_os.c  | 44 ++++++++++++++++++++++++++++++++++++++++++++
>   common/image-fit.c |  3 ++-
>   common/image.c     |  1 +
>   include/bootm.h    |  2 ++
>   include/image.h    |  1 +
>   7 files changed, 59 insertions(+), 3 deletions(-)
>

More information about the U-Boot mailing list