The random uuid values (enabled via CONFIG_RANDOM_UUID=y) on our
platform are always the same. Below is consistent on each cold boot:
=> ### interrupt autoboot
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d117f98e-6f2c-d04b-a5b2-331a19f91cb2
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=ad5ec4b6-2d9f-8544-9417-fe3bd1c9b1b3
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=cceb0b18-39cb-d547-9db7-03b405fa77d4
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=d4981a2b-0478-544e-9607-7fd3c651068d
=> env default -a; gpt write mmc 1 $partitions; print uuid_gpt_misc
...
uuid_gpt_misc=6d6c9a36-e919-264d-a9ee-bd00379686c7
While the uuids do change on every 'gpt write' command, the values
appear to be taken from the same pool, in the same order.
Assuming U-Boot with RANDOM_UUID=y is deployed on a large number of
devices, all those devices would essentially expose the same UUID,
breaking the assumption of system/RFS/application designers who rely
on UUID as being globally unique (e.g. a database using UUID as key
would alias/mix up entries/records due to duplicated UUID).
The root cause seems to be simply _not_ seeding PRNG before generating
a random value. It turns out this belongs to an established class of
PRNG-specific problems, commonly known as "unseeded randomness", for
which I am able to find below bugs/CVE/CWE:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0285
("CVE-2015-0285 openssl: handshake with unseeded PRNG")
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019
("CVE-2015-9019 libxslt: math.random() in xslt uses unseeded
randomness")
- https://cwe.mitre.org/data/definitions/336.html
("CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)")
The first revision [1] of this patch updated the seed based on the
output of get_timer(), similar to [4].
There are two problems with this approach:
- get_timer() has a poor _ms_ resolution
- when gen_rand_uuid() is called in a loop, get_timer() returns the
same result, leading to the same seed being passed to srand(),
leading to the same uuid being generated for several partitions
with different names
The above drawbacks have been addressed in the second version [2].
In its third revision (current), the patch reworded the description
and summary line to emphasize it is a *fix* rather than an improvement.
Testing [3] consisted of running 'gpt write mmc 1 $partitions' in a
loop on R-Car3 for several minutes, collecting 8844 randomly generated
UUIDS. Two consecutive cold boots are concatenated in the log.
As a result, all uuid values are unique (scripted check).
Thanks to Roman, who reported the issue and provided support in fixing.
[1] https://patchwork.ozlabs.org/patch/1091802/
[2] https://patchwork.ozlabs.org/patch/1092945/
[3] https://gist.github.com/erosca/2820be9d554f76b982edd48474d0e7ca
[4] commit da384a9d7628 ("net: rename and refactor eth_rand_ethaddr() function")
Reported-by: Roman Stratiienko <roman.stratiienko@globallogic.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In case of a failure exit data may be passed to Exit() which in turn is
returned by StartImage().
Let the `bootefi` command print the exit data string in case of an error.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The field boot OptionalData in structure _EFI_LOAD_OPTIONS is for binary
data.
When we use `efidebug boot add` we should convert the 5th argument from
UTF-8 to UTF-16 before putting it into the BootXXXX variable.
When printing boot variables with `efidebug boot dump` we should support
the OptionalData being arbitrary binary data. So let's dump the data as
hexadecimal values.
Here is an example session protocol:
=> efidebug boot add 00a1 label1 scsi 0:1 doit1 'my option'
=> efidebug boot add 00a2 label2 scsi 0:1 doit2
=> efidebug boot dump
Boot00A0:
attributes: A-- (0x00000001)
label: label1
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit1
data:
00000000: 6d 00 79 00 20 00 6f 00 70 00 74 00 69 00 6f 00 m.y. .o.p.t.i.o.
00000010: 6e 00 00 00 n...
Boot00A1:
attributes: A-- (0x00000001)
label: label2
file_path: .../HD(1,MBR,0xeac4e18b,0x800,0x3fffe)/doit2
data:
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables should be installed using well-defined API.
Currently we don't support much, but the value of OsIndicationsSupported
will be updated once some features are added in the future.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add comments. Rename a variable.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI spec requires that freeing of pages fails if the number of pages
to be freed is 'invalid'. Check that it is not zero.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
CreateEvent() and CreateEventEx() should check that a notify function is
provided for either of EVT_NOTIFY_SIGNAL or EVT_NOTIFY_WAIT.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fixes for tracing with sandbox
Refactoring for boot_get_fdt()
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAlzAfvkACgkQfxc6PpAI
reYu9AgAjaFmydXjE8DxkSB3rR7DHZFTs1erVKAAL2v+Tdf7LDmz+j6u1M3v55WY
6r54f/gZ1UX5TEmQgEAKLa7QvvRO/lNvSGQnLHhZhv2IVWo7uWCKAUPdQ6XVZnUK
zO5v+ucs9Ne4HxQJHMC509HUIIBbydiRvUm8W0SeBZy4kEyJDuub4L+rpARkXNks
IZfKuY+VS4FK73D4M9PIhoXSubZgVS4AEcapakU1DvEz0kjsN4wr4idGrp3lutPC
455imz83JBq2+mx1oxclOGedkIDzTCq+nWQAwSftMehrJpGrp7RLNo0v4QZZUf4V
LIXRqObIYse9yQLkYPpeBdePMc8/tQ==
=0NJ2
-----END PGP SIGNATURE-----
Merge tag 'pull-24apr19' of git://git.denx.de/u-boot-dm
Various minor sandbox iumprovements
Fixes for tracing with sandbox
Refactoring for boot_get_fdt()
This patch series reworks the implementation of the `bootefi` command to
remove code duplication by using the LoadImage() boot service to load
binaries.
Missing short texts for UEFI protocols are added for display by the
`efidebug dh` command.
Missing parameter checks for AllocatePages() and CreateDeviceNode() are
implemented.
The constants for protocol GUIDs are changed to match the names in the UEFI
specification.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAly/PhwACgkQxIHbvCwF
GsRlbA/+JeegsUbV0fYFvdTi4JNPRlKqkzwyo2DoWN76M2MPb+l6d4quxhOdAOaf
3MpnCHb2z0567b7Ma5+KmAFYEBNJZrxAHthmtRnYhAbJMpE1ei6HzwJ29p+IYQKB
usc6eOH7ybb99v0KtxLRr1CMpvxK6zud5Zxcyym5nzoAaNP4AplaQDUM1mfYOHox
sRbEuoNpPkn50ejUtldb0Oh63vJ/bBBLojwQyGnGtBcRDf5bFehHzw5spD0oHPJv
7E1kze2679kOEsjPa39rFhh/8YaUd+giJW137V2cyFeEyw6ydNKXuWo9Zg0ahLOy
e+ddRjDCbi0edHbOjL6hdNTgGzdcKwy9bHqYJEacP+OLczmzimNQaALCDUzXcH1C
lGLHrhbMpV+Do4mFIFdIqPyW+rfRDsz9Sp84Y02M6TBzCK3XPmPXDRVpiTcWmfbb
ixD4HSQjvPDcmm98iJQIZrfcasnWbBInITqcGDDTIRg0snrYUsIoUNmQPpBDsuwD
O1hPV8iOpFA/a/8GLJpIgta34YIPZzjlaU38c5+qV7Tsx0ODsdpTVx8JCWeJPeK+
uhOXTWMlokgH//2ypHzIS9cUEBkoA6I9r4/fWpIjZe3iuxtV8ct2P5dHYcmrRFjY
lF1WpX3gNeWCgPbGa3Yg/crtpVW+M6hDEgknOPqTAOTjx/g7jpg=
=caQ+
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc1-3' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc1 (3)
This patch series reworks the implementation of the `bootefi` command to
remove code duplication by using the LoadImage() boot service to load
binaries.
Missing short texts for UEFI protocols are added for display by the
`efidebug dh` command.
Missing parameter checks for AllocatePages() and CreateDeviceNode() are
implemented.
The constants for protocol GUIDs are changed to match the names in the UEFI
specification.
According to Android image format [1], kernel image resides at 1 page
offset from the boot image address. Grab the magic number from there
and allow U-Boot to handle LZ4-compressed KNL binaries instead of
hardcoding compression type to IH_COMP_NONE. Other compression types,
if needed, can be added later.
Tested on H3ULCB-KF using the image detailed in [2].
[1] Excerpt from include/android_image.h
+-----------------+
| boot header | 1 page
+-----------------+
| kernel | n pages
+-----------------+
| ramdisk | m pages
+-----------------+
| second stage | o pages
+-----------------+
[2] => iminfo 4c000000
## Checking Image at 4c000000 ...
Android image found
kernel size: 85b9d1
kernel address: 48080000
ramdisk size: 54ddbc
ramdisk addrress: 4a180000
second size: 0
second address: 48000800
tags address: 48000100
page size: 800
os_version: 1200012a (ver: 0.9.0, level: 2018.10)
name:
cmdline: buildvariant=userdebug
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
The fdt_setprop_u32() function does everything that we need, so we
really only use the function as a convenience wrapper, in which case it
can simply be a static inline function.
Signed-off-by: Thierry Reding <treding@nvidia.com>
This converts the following to Kconfig:
CONFIG_TRACE_BUFFER_SIZE
CONFIG_TRACE_EARLY_SIZE
CONFIG_TRACE_EARLY
CONFIG_TRACE_EARLY_ADDR
Signed-off-by: Simon Glass <sjg@chromium.org>
At present many functions in this file return -1. Update them to return a
valid error code. Also tidy up the 'return' statements at the same time,
since these should have a blank line before them.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function may be called from tracing code, since that code needs to
read the timer and this often requires calling do_div(), which calls
__div64_32(). If this function is instrumented it causes an infinite loop,
since emitting a trace record requests the time, which in turn emits a
trace record, etc.
Update the prototype to prevent instrumentation code being added.
Signed-off-by: Simon Glass <sjg@chromium.org>
These functions still use uint32_t and uint64_t but checkpatch now
requests that the kernel types be used instead. Update them as well as a
few resulting checkpatch errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
When creating a device path node ensure that the size of the allocated
memory at lest matches the size of the node header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both. Let us enforce this condition in the
`bootefi` command.
If the bootefi command is called without a device tree parameter use a
previously device tree or fall back to the internal device tree.
The fdt unit test should not be run on boards with an ACPI table.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EBBR specification prescribes that we should have either an ACPI table
or a device tree but not both.
So do not run the device tree unit test on boards with an ACPI table.
Hence there is no need any longer to make it 'on request' only.
Do not pass $fdtcontroladdr to `bootefi selftest`.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the current implementation, bootefi command and EFI boot manager
don't use load_image API, instead, use more primitive and internal
functions. This will introduce duplicated code and potentially
unknown bugs as well as inconsistent behaviours.
With this patch, do_efibootmgr() and do_boot_efi() are completely
overhauled and re-implemented using load_image API.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use efi_root as parent handle for the loaded image.
LoadImage() should be called with BootPolicy = true by the boot manager.
Avoid duplicate free_pool().
Eliminate variable memdp which is not needed after anymore due to
"efi_loader: correctly split device path of loaded image".
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When the LoadImage() service is called for an image that is already loaded
to memory the file path may be NULL or it will contain both a device path
as well as a media path. We should not assume that there is no media path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should consistently use the same name for protocol GUIDs as defined in
the UEFI specification. Not adhering to this rule has led to duplicate
definitions for the EFI_LOADED_IMAGE_PROTOCOL_GUID.
Adjust misnamed protocol GUIDs.
Adjust the text for the graphics output protocol in the output of the
`efidebug dh` command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch.
The root node handle will be used as a dummy parent handle when invoking
an EFI image from bootefi/bootmgr command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Rebased.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This is a preparatory patch.
efi_dp_split_file_path() is used to create device_path and file_path
from file_path for efi_setup_loaded_image().
In a special case, however, of HARDWARE_DEVICE/MEMORY, it doesn't
work expectedly since this path doesn't contain any FILE_PATH sub-type.
This patch makes a workaround.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Adjust the logic such that for all paths that do no end on a media file
path we return NULL as file_path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In the aarch64 crash dump information about the loaded EFI images is added.
In README.uefi the development target is for the UEFI subsystem is
described as "Embedded Base Boot Requirements (EBBR) Specification"
compliance.
Several bug fixes are supplied.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAlyyzHEACgkQxIHbvCwF
GsS+9Q/9HahVvxHFljI8ymxznml7AlFCrxWwcVo5HhftbGuQIgF3NMXRlsxmsSPM
Z+Cc3EFni4EWWWe9yDMLqXV4NCd6bnfWYWP4UvbqAKCfeX8jScRyMypPnxZ3rNrg
oe/8zDT9qXQnEah4sB+AQhar2VRTS1p97wKDObt3mj9c2g5pGL1zdejS/4SfnCd0
a1BymV7p7fpykDjW8S0GQM56QAkbB9CJ4Q7nlPCDlspqJlQB318lWs46FfUn2Aue
DNLm0uscrMZtEr/aAdT+r/96GIq4AVkexy7b5MZ0v/NDNAtmIqO1ORUmLSNSDfcM
/cbtxq53VbeztMzMoYDdU0zNR//N4dL3GbSRKJulksvxeIExCp3dRV7gfTOwWq7J
Lg/b43WJI1f2vgXDgEPddTO3E3SPjCGQcnCNOcVNNfTkyrtVaCmRYh69lV2BpKKF
oQCYQyzS8yYLxj16YXixK9seyQYxh/vPYVT78ed5A8B1dmyxSQMnEJjY93jngj1g
k5DRH9nnx12aeEqkhsWvVdHT0OBNj/+oZlzT3KGDcxhrDeZXAgqxAO1oPG85Wqnx
kPeadyVD0T5Dd8fpMqF+tToB+GCbvyUVJsVlNqDSC7NslJ3AbxBKNDuEsMJlXgwL
Yh4/lusg/YXzZ4ACWHgUnckZDVZGNj+58QRgEU+3mZinMjDS38E=
=QdJl
-----END PGP SIGNATURE-----
Merge tag 'efi-2019-07-rc1-2' of git://git.denx.de/u-boot-efi
Pull request for UEFI sub-system for v2019.07-rc1 (2)
In the aarch64 crash dump information about the loaded EFI images is added.
In README.uefi the development target is for the UEFI subsystem is
described as "Embedded Base Boot Requirements (EBBR) Specification"
compliance.
Several bug fixes are supplied.
In a previous patch the memory type used for the FDT has been changed to
boot services data. We have to adjust the test.
Correct an incorrect comment. The tested services are boot services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
By using InstallMultipleProtocolInterfaces() the coding for installing
protocol interfaces on the root node can be simplified.
Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Export function efi_install_multiple_protocol_interfaces() so that we can
call it in others parts of the UEFI subsystem.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At boottime physical and virtual addresses must match. Add a corresponding
check to the memory unit test.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Handle virtual address in efi_mem_carve_out() function
when a new region is created to avoid issue in EFI memory map.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
At boottime physical and virtual addressed have to be the same.
This allowed to simplify the proposed logic.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Check the value of block_dev before to use this pointer.
This patch solves problem for the command "load" when ubifs
is previously mounted: in this case the function
blk_get_device_part_str("ubi 0") don't return error but return
block_dev = NULL and then data abort.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI variables PlatformLang and PlatformLangCodes specify the current
firmware language and the list of all available languages.
Currently their values are hard coded. With the patch a new configuration
variable EFI_PLATFORM_LANG_CODES is provided.
When initializing the UEFI subsystem this configuration variable is used to
initialize PlatformLangCodes. The value of variable PlatformLang is read.
If it is not set, the first language specified in EFI_PLATFORM_LANG_CODES
is used to initialize PlatformLang.
Suggested-by: Takahiro Akashi <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The first functions of the UEFI sub-system are invoked before reaching the
U-Boot shell, e.g. efi_set_bootdev(), efi_dp_from_name(),
efi_dp_from_file(). We should be able to print out device paths for
debugging purposes here.
When printing device paths via printf("%pD\n", dp) this invokes functions
defined as EFIAPI. So efi_save_gd() must be called beforehand.
So let's move the efi_save_gd() call to function initr_reloc_global_data(()
in board_r.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The statement '#define LOG_CATEGORY LOGL_ERR' makes not sense. LOGL_ERR is
not a LOG_CATEGORY. Remove the statement.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We should not install the HII protocols on every loaded image. It is
sufficient to install them once on the root node.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The x86 code and DT uses "spi-flash" to detect a flash node, switch to
"jedec,spi-nor" in the DTS files and in fdtdec by switching the
GENERIC_SPI_FLASH value to to jedec,spi-nor.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This eliminates the need for intermediate helper functions and allow the
macros to return a value so that it can be used subsequently.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Hide the declaration of the "fd" variable When not building a DEBUG
configuration, to avoid the variable being unused.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Runtime tests are provided as a test_fdtdec command implementation. Add
a Kconfig symbol that allows this command to be built so that the tests
can be used.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The fdtdec_get_carveout() and fdtdec_set_carveout() function can be used
to read a carveout from a given node or add a carveout to a given node
using the standard device tree bindings (involving reserved-memory nodes
and the memory-region property).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
This function can be used to add subnodes in the /reserved-memory node.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
The new fdt_generate_phandle() function can be used to generate a new,
unused phandle given a specific device tree blob. The implementation is
somewhat naive in that it simply walks the entire device tree to find
the highest phandle value and then returns a phandle value one higher
than that. A more clever implementation might try to find holes in the
current set of phandle values and fill them. But this implementation is
relatively simple and works reliably.
Also add a test that validates that phandles generated by this new API
are indeed unique.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When phys_addr_t printf specifier support was first introduced in commit
1eebd14b7902 ("vsprintf: Add modifier for phys_addr_t"), it was enabled
only if CONFIG_CMD_NET was selected. Since physical addresses are not
unique to networking support it doesn't make sense to conditionally add
it in those cases only. Move support for it outside of the CMD_NET guard
so that the specifier is always supported.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>