[PATCH v3 0/5] Add support for booting EFI FIT images

[Cristian Ciocaltea <cristian.ciocaltea@gmail.com>]

Currently the only way to run an EFI binary like GRUB2 is via the
'bootefi' command, which cannot be used in a verified boot scenario.

The obvious solution to this limitation is to add support for
booting FIT images containing those EFI binaries.

The implementation relies on a new image type - IH_OS_EFI - which
can be created by using 'os = "efi"' inside an ITS file:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

The bootm command has been extended to handle the IH_OS_EFI images.
To enable this feature, a new configuration option has been added:
BOOTM_EFI

I tested the solution using the 'qemu_arm' board:

=> load scsi 0:1 ${kernel_addr_r} efi-image.fit
=> bootm ${kernel_addr_r}#config-grub

Changes in v3:
* Rebase patches on Heinrich Schuchardt's patch series v3:
   efi_loader: prepare for FIT images
   https://lists.denx.de/pipermail/u-boot/2019-December/393677.html
   This fixes implicitly the sandbox issue 'phys_to_virt: Cannot map
   sandbox address' since efi_install_fdt() is now expecting a pointer
   to addressable memory instead of a physical address.
* Get rid of 'EFI/BOOT/' prefix used in ITS samples
* Add a python test to verify the implementation in sandbox environment

Changes in v2:
* Rebase patches on Heinrich Schuchardt's patch series:
   efi_loader: prepare for FIT images
   https://lists.denx.de/pipermail/u-boot/2019-December/393192.html
* Add sample configuration: doc/uImage.FIT/uefi.its
* Update uefi documentation: doc/uefi/uefi.rst

Cristian Ciocaltea (5):
  image: Add IH_OS_EFI for EFI chain-load boot
  bootm: Add a bootm command for type IH_OS_EFI
  doc: Add sample uefi.its image description file
  doc: uefi.rst: Document launching UEFI binaries from FIT images
  test/py: Create a test for launching UEFI binaries from FIT images

 cmd/Kconfig                   |   7 +
 common/bootm_os.c             |  56 ++++++++
 common/image-fit.c            |   3 +-
 common/image.c                |   1 +
 doc/uImage.FIT/uefi.its       |  67 ++++++++++
 doc/uefi/uefi.rst             |  34 +++++
 include/image.h               |   1 +
 test/py/tests/test_efi_fit.py | 233 ++++++++++++++++++++++++++++++++++
 8 files changed, 401 insertions(+), 1 deletion(-)
 create mode 100644 doc/uImage.FIT/uefi.its
 create mode 100644 test/py/tests/test_efi_fit.py

-- 
2.17.1