On Sun, Dec 08, 2019 at 01:25:27AM +0100, Heinrich Schuchardt wrote:
> On 11/28/19 8:20 AM, Heinrich Schuchardt wrote:
> > On 11/27/19 8:45 PM, Cristian Ciocaltea wrote:
> > > On Tue, Nov 26, 2019 at 07:31:39PM +0100, Heinrich Schuchardt wrote:
> > > > On 11/24/19 9:11 PM, Cristian Ciocaltea wrote:
> > > > > Currently the only way to run an EFI binary like GRUB2 is via the
> > > > > 'bootefi' command, which cannot be used in a verified boot scenario.
> > > > >
> > > > > The obvious solution to this limitation is to add support for
> > > > > booting FIT images containing those EFI binaries.
> > > > >
> > > > > The implementation relies on a new image type - IH_OS_EFI - which
> > > > > can be created by using 'os = "efi"' inside an ITS file:
> > > > >
> > > > > / {
> > > > > #address-cells = <1>;
> > > > >
> > > > > images {
> > > > > efi-grub {
> > > > > description = "GRUB EFI";
> > > > > data = /incbin/("EFI/BOOT/bootarm.efi");
> > > > > type = "kernel_noload";
> > > > > arch = "arm";
> > > > > os = "efi";
> > > > > compression = "none";
> > > > > load = <0x0>;
> > > > > entry = <0x0>;
> > > > > hash-1 {
> > > > > algo = "sha256";
> > > > > };
> > > > > };
> > > > > };
> > > > >
> > > > > configurations {
> > > > > default = "config-grub";
> > > > > config-grub {
> > > > > kernel = "efi-grub";
> > > > > signature-1 {
> > > > > algo = "sha256,rsa2048";
> > > > > sign-images = "kernel";
> > > > > };
> > > > > };
> > > > > };
> > > > > };
> > > > >
> > > > > The bootm command has been extended to handle the IH_OS_EFI images.
> > > > > To enable this feature, a new configuration option has been added:
> > > > > BOOTM_EFI
> > > > >
> > > > > I tested the solution using the 'qemu_arm' board:
> > > > >
> > > > > => load scsi 0:1 ${kernel_addr_r} efi-image.fit
> > > > > => bootm ${kernel_addr_r}#config-grub
> > > >
> > > > Thanks a lot for the patch series which makes good sense to me.
> > > >
> > > > I think we should pass addresses and not strings to cmd/bootefi.c. This
> > > > will need a bit of refactoring as already addressed in a comment to
> > > > patch 2/2.
> > > >
> > > > Additionally the documentation in doc/uefi/u-boot_on_efi.rst and
> > > > doc/uImage.FIT/howto.txt should be updated.
> > > >
> > > > I cc the contributors given by
> > > > scripts/get_maintainer.pl -f common/bootm_os.c
> > > >
> > > > Best regards
> > > >
> > > > Heinrich
> > > >
> > >
> > > Thanks for the feedback, Heinrich!
> > >
> > > Instead of creating new function(s), I think we could simply extend
> > > int do_bootefi_image(const char *image_opt)
> > > with a new parameter to hold the fdt address and move here the call
> > > to 'efi_install_fdt()', which is now performed by 'do_bootefi()'.
> >
> > efi_install_fdt() has to be called for the 'bootefi bootmgr' command too
> > so the refactoring is a bit more complicated. I have started on that.
> >
> > The first step is to change efi_install_fdt() to expect the argument as
> > address instead of a string.
> >
> > https://github.com/xypron/u-boot-patches/blob/efi-next/0001-efi_loader-pass-address-to-efi_install_fdt.patch
> >
> >
> > fdt_addr==NULL indicates no device tree supplied by user.
> >
> > Best regards
> >
> > Heinrich
> >
> > >
> > > However, I'm not sure about changing the data types, i.e. from
> > > 'char *' to ulong, for the following reasons:
> > > 1. image_opt may have a different meaning in addition to efi address
> > > 2. fdt address may not be provided, so we need somehow to detect an >>
> > > invalid value
> > >
> > > Kind regards,
> > > Cristian
> > >
>
> Hello Christian,
>
> patch series
> efi_loader: prepare for FIT images
> https://lists.denx.de/pipermail/u-boot/2019-December/393192.html
> is now available. It offers these functions:
>
> /* Install device tree */
> efi_status_t efi_install_fdt(uintptr_t fdt_addr);
> /* Run loaded UEFI image */
> efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);
>
> Could you, please, rebase your patches on this patch series.
>
> Please, call efi_install_fdt with EFI_FDT_USE_INTERNAL if no device tree
> is supplied by the FIT image.
>
> The patch series is also available in branch efi-2020-04 at
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
>
> Best regards
>
> Heinrich
Hello Heinrich,
Thanks for the patch series!
I will send the updated patches by latest tomorrow EOD.
You also mentioned updating the documentation in
doc/uefi/u-boot_on_efi.rst and doc/uImage.FIT/howto.txt.
I've checked those documents and their content is quite generic,
not particularly related to this work. The former describes
how to build and run u-boot as an EFI application/payload, while
the later shows how to build and use FIT images.
If you agree, I could instead add a new ITS file in uImage.FIT folder
and describe there the new functionality.
Kind regards,
Cristian
