Merge tag 'u-boot-rockchip-20200501' of https://gitlab.denx.de/u-boot/custodians...

[oweals/u-boot.git] / lib / efi_loader / efi_setup.c

diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 87db51cbb74fa58c67fd5462e22ce67ca4b55afd..1b648c84673aa1eba9f08a078d3d7a43a947011b 100644 (file)
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -6,12 +6,22 @@
  */
 
 #include <common.h>
+#include <bootm.h>
 #include <efi_loader.h>
 
 #define OBJ_LIST_NOT_INITIALIZED 1
 
 static efi_status_t efi_obj_list_initialized = OBJ_LIST_NOT_INITIALIZED;
 
+/*
+ * Allow unaligned memory access.
+ *
+ * This routine is overridden by architectures providing this feature.
+ */
+void __weak allow_unaligned(void)
+{
+}
+
 /**
  * efi_init_platform_lang() - define supported languages
  *
@@ -72,6 +82,39 @@ out:
        return ret;
 }
 
+#ifdef CONFIG_EFI_SECURE_BOOT
+/**
+ * efi_init_secure_boot - initialize secure boot state
+ *
+ * Return:     EFI_SUCCESS on success, status code (negative) on error
+ */
+static efi_status_t efi_init_secure_boot(void)
+{
+       efi_guid_t signature_types[] = {
+               EFI_CERT_SHA256_GUID,
+               EFI_CERT_X509_GUID,
+       };
+       efi_status_t ret;
+
+       /* TODO: read-only */
+       ret = EFI_CALL(efi_set_variable(L"SignatureSupport",
+                                       &efi_global_variable_guid,
+                                       EFI_VARIABLE_BOOTSERVICE_ACCESS
+                                        | EFI_VARIABLE_RUNTIME_ACCESS,
+                                       sizeof(signature_types),
+                                       &signature_types));
+       if (ret != EFI_SUCCESS)
+               printf("EFI: cannot initialize SignatureSupport variable\n");
+
+       return ret;
+}
+#else
+static efi_status_t efi_init_secure_boot(void)
+{
+       return EFI_SUCCESS;
+}
+#endif /* CONFIG_EFI_SECURE_BOOT */
+
 /**
  * efi_init_obj_list() - Initialize and populate EFI object list
  *
@@ -86,6 +129,17 @@ efi_status_t efi_init_obj_list(void)
        if (efi_obj_list_initialized != OBJ_LIST_NOT_INITIALIZED)
                return efi_obj_list_initialized;
 
+       /* Allow unaligned memory access */
+       allow_unaligned();
+
+       /* On ARM switch from EL3 or secure mode to EL2 or non-secure mode */
+       switch_to_non_secure_mode();
+
+       /* Initialize variable services */
+       ret = efi_init_variables();
+       if (ret != EFI_SUCCESS)
+               goto out;
+
        /* Define supported languages */
        ret = efi_init_platform_lang();
        if (ret != EFI_SUCCESS)
@@ -106,6 +160,16 @@ efi_status_t efi_init_obj_list(void)
        if (ret != EFI_SUCCESS)
                goto out;
 
+       /* Secure boot */
+       ret = efi_init_secure_boot();
+       if (ret != EFI_SUCCESS)
+               goto out;
+
+       /* Indicate supported runtime services */
+       ret = efi_init_runtime_supported();
+       if (ret != EFI_SUCCESS)
+               goto out;
+
        /* Initialize root node */
        ret = efi_root_node_register();
        if (ret != EFI_SUCCESS)
@@ -129,6 +193,11 @@ efi_status_t efi_init_obj_list(void)
        if (ret != EFI_SUCCESS)
                goto out;
 #endif
+#ifdef CONFIG_EFI_LOAD_FILE2_INITRD
+       ret = efi_initrd_register();
+       if (ret != EFI_SUCCESS)
+               goto out;
+#endif
 #ifdef CONFIG_NET
        ret = efi_net_register();
        if (ret != EFI_SUCCESS)