[U-Boot] [PATCH 0/2] Add support for booting EFI FIT images

[Cristian Ciocaltea <cristian.ciocaltea@gmail.com>]

On Sun, Dec 08, 2019 at 01:25:27AM +0100, Heinrich Schuchardt wrote:
> On 11/28/19 8:20 AM, Heinrich Schuchardt wrote:
> > On 11/27/19 8:45 PM, Cristian Ciocaltea wrote:
> > > On Tue, Nov 26, 2019 at 07:31:39PM +0100, Heinrich Schuchardt wrote:
> > > > On 11/24/19 9:11 PM, Cristian Ciocaltea wrote:
> > > > > Currently the only way to run an EFI binary like GRUB2 is via the
> > > > > 'bootefi' command, which cannot be used in a verified boot scenario.
> > > > > 
> > > > > The obvious solution to this limitation is to add support for
> > > > > booting FIT images containing those EFI binaries.
> > > > > 
> > > > > The implementation relies on a new image type - IH_OS_EFI - which
> > > > > can be created by using 'os = "efi"' inside an ITS file:
> > > > > 
> > > > > / {
> > > > >       #address-cells = <1>;
> > > > > 
> > > > >       images {
> > > > >           efi-grub {
> > > > >               description = "GRUB EFI";
> > > > >               data = /incbin/("EFI/BOOT/bootarm.efi");
> > > > >               type = "kernel_noload";
> > > > >               arch = "arm";
> > > > >               os = "efi";
> > > > >               compression = "none";
> > > > >               load = <0x0>;
> > > > >               entry = <0x0>;
> > > > >               hash-1 {
> > > > >                   algo = "sha256";
> > > > >               };
> > > > >           };
> > > > >       };
> > > > > 
> > > > >       configurations {
> > > > >           default = "config-grub";
> > > > >           config-grub {
> > > > >               kernel = "efi-grub";
> > > > >               signature-1 {
> > > > >                   algo = "sha256,rsa2048";
> > > > >                   sign-images = "kernel";
> > > > >               };
> > > > >           };
> > > > >       };
> > > > > };
> > > > > 
> > > > > The bootm command has been extended to handle the IH_OS_EFI images.
> > > > > To enable this feature, a new configuration option has been added:
> > > > > BOOTM_EFI
> > > > > 
> > > > > I tested the solution using the 'qemu_arm' board:
> > > > > 
> > > > > => load scsi 0:1 ${kernel_addr_r} efi-image.fit
> > > > > => bootm ${kernel_addr_r}#config-grub
> > > > 
> > > > Thanks a lot for the patch series which makes good sense to me.
> > > > 
> > > > I think we should pass addresses and not strings to cmd/bootefi.c. This
> > > > will need a bit of refactoring as already addressed in a comment to
> > > > patch 2/2.
> > > > 
> > > > Additionally the documentation in doc/uefi/u-boot_on_efi.rst and
> > > > doc/uImage.FIT/howto.txt should be updated.
> > > > 
> > > > I cc the contributors given by
> > > > scripts/get_maintainer.pl -f common/bootm_os.c
> > > > 
> > > > Best regards
> > > > 
> > > > Heinrich
> > > > 
> > > 
> > > Thanks for the feedback, Heinrich!
> > > 
> > > Instead of creating new function(s), I think we could simply extend
> > >    int do_bootefi_image(const char *image_opt)
> > > with a new parameter to hold the fdt address and move here the call
> > > to 'efi_install_fdt()', which is now performed by 'do_bootefi()'.
> > 
> > efi_install_fdt() has to be called for the 'bootefi bootmgr' command too
> > so the refactoring is a bit more complicated. I have started on that.
> > 
> > The first step is to change efi_install_fdt() to expect the argument as
> > address instead of a string.
> > 
> > https://github.com/xypron/u-boot-patches/blob/efi-next/0001-efi_loader-pass-address-to-efi_install_fdt.patch
> > 
> > 
> > fdt_addr==NULL indicates no device tree supplied by user.
> > 
> > Best regards
> > 
> > Heinrich
> > 
> > > 
> > > However, I'm not sure about changing the data types, i.e. from
> > > 'char *' to ulong, for the following reasons:
> > > 1. image_opt may have a different meaning in addition to efi address
> > > 2. fdt address may not be provided, so we need somehow to detect an >> invalid value
> > > 
> > > Kind regards,
> > > Cristian
> > > 
> 
> Hello Christian,
> 
> patch series
> efi_loader: prepare for FIT images
> https://lists.denx.de/pipermail/u-boot/2019-December/393192.html
> is now available. It offers these functions:
> 
> /* Install device tree */
> efi_status_t efi_install_fdt(uintptr_t fdt_addr);
> /* Run loaded UEFI image */
> efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);
> 
> Could you, please, rebase your patches on this patch series.
> 
> Please, call efi_install_fdt with EFI_FDT_USE_INTERNAL if no device tree
> is supplied by the FIT image.
> 
> The patch series is also available in branch efi-2020-04 at
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
> 
> Best regards
> 
> Heinrich

Hello Heinrich,

Thanks for the patch series!
I will send the updated patches by latest tomorrow EOD.

You also mentioned updating the documentation in 
doc/uefi/u-boot_on_efi.rst and doc/uImage.FIT/howto.txt.

I've checked those documents and their content is quite generic,
not particularly related to this work. The former describes
how to build and run u-boot as an EFI application/payload, while
the later shows how to build and use FIT images.

If you agree, I could instead add a new ITS file in uImage.FIT folder
and describe there the new functionality.

Kind regards,
Cristian