All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2 1/4] image: Add IH_OS_EFI for EFI chain-load boot
Date: Wed, 11 Dec 2019 11:59:52 +0200	[thread overview]
Message-ID: <20191211095952.GB1210@BV030612LT> (raw)
In-Reply-To: <CALeDE9NgBEJg+MB-0QMJkL6ruaeCJos2+SsK5nLVw=EW=98uAg@mail.gmail.com>

On Tue, Dec 10, 2019 at 10:49:09PM +0000, Peter Robinson wrote:
> On Tue, Dec 10, 2019 at 6:30 PM Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> >
> > On 12/10/19 9:56 AM, Cristian Ciocaltea wrote:
> > > Add a new OS type to be used for chain-loading an EFI compatible
> > > firmware or boot loader like GRUB2, possibly in a verified boot
> > > scenario.
> > >
> > > Bellow is sample ITS file that generates a FIT image supporting
> > > secure boot. Please note the presence of 'os = "efi";' line, which
> > > identifies the currently introduced OS type:
> > >
> > > / {
> > >      #address-cells = <1>;
> > >
> > >      images {
> > >          efi-grub {
> > >              description = "GRUB EFI";
> > >              data = /incbin/("EFI/BOOT/bootarm.efi");
> >
> > According to UEFI Spec 2.8 the default file name for 32 bit ARM is
> > BOOTARM.EFI. But GRUB calls the file grubarm.efi.
> 
> In Linux the boot<arch>.efi file is provided by shim [1] and used for
> secure boot etc, I believe the default is also the fall back boot
> method. I'm unaware of shim currently being built for armv7.
> 
> [1] https://github.com/rhboot/shim/
> 
> > So shouldn't we use grubarm.efi here as filename?

My build platform relies on buildroot and that is the default path
where the GRUB EFI binary is deployed. I don't know the reasons behind,
but most probably they are related to portability/compatibility,
as Peter already pointed out.

> > You use EFI/BOOT as directory name. I think this path does not add
> > benefit to the example. The other *.its files also come without any
> > specific path.

Totally agree, I will remove the directory path.

> > Best regards
> >
> > Heinrich
> >
> > >              type = "kernel_noload";
> > >              arch = "arm";
> > >              os = "efi";
> > >              compression = "none";
> > >              load = <0x0>;
> > >              entry = <0x0>;
> > >              hash-1 {
> > >                  algo = "sha256";
> > >              };
> > >          };
> > >      };
> > >
> > >      configurations {
> > >          default = "config-grub";
> > >          config-grub {
> > >              kernel = "efi-grub";
> > >              signature-1 {
> > >                  algo = "sha256,rsa2048";
> > >                  sign-images = "kernel";
> > >              };
> > >          };
> > >      };
> > > };
> > >
> > > Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
> > > ---
> > >   common/image-fit.c | 3 ++-
> > >   common/image.c     | 1 +
> > >   include/image.h    | 1 +
> > >   3 files changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/common/image-fit.c b/common/image-fit.c
> > > index 5c63c769de..19e313bf41 100644
> > > --- a/common/image-fit.c
> > > +++ b/common/image-fit.c
> > > @@ -1925,7 +1925,8 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
> > >               image_type == IH_TYPE_FPGA ||
> > >               fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
> > >               fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
> > > -             fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
> > > +             fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
> > > +             fit_image_check_os(fit, noffset, IH_OS_EFI);
> > >
> > >       /*
> > >        * If either of the checks fail, we should report an error, but
> > > diff --git a/common/image.c b/common/image.c
> > > index f17fa40c49..2e0e2b0e7f 100644
> > > --- a/common/image.c
> > > +++ b/common/image.c
> > > @@ -134,6 +134,7 @@ static const table_entry_t uimage_os[] = {
> > >       {       IH_OS_OPENRTOS, "openrtos",     "OpenRTOS",             },
> > >   #endif
> > >       {       IH_OS_OPENSBI,  "opensbi",      "RISC-V OpenSBI",       },
> > > +     {       IH_OS_EFI,      "efi",          "EFI Firmware" },
> > >
> > >       {       -1,             "",             "",                     },
> > >   };
> > > diff --git a/include/image.h b/include/image.h
> > > index f4d2aaf53e..4a280b78e7 100644
> > > --- a/include/image.h
> > > +++ b/include/image.h
> > > @@ -157,6 +157,7 @@ enum {
> > >       IH_OS_ARM_TRUSTED_FIRMWARE,     /* ARM Trusted Firmware */
> > >       IH_OS_TEE,                      /* Trusted Execution Environment */
> > >       IH_OS_OPENSBI,                  /* RISC-V OpenSBI */
> > > +     IH_OS_EFI,                      /* EFI Firmware (e.g. GRUB2) */
> > >
> > >       IH_OS_COUNT,
> > >   };
> > >
> >

  reply	other threads:[~2019-12-11  9:59 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-10  8:56 [PATCH v2 0/4] Add support for booting EFI FIT images Cristian Ciocaltea
2019-12-10  8:56 ` [PATCH v2 1/4] image: Add IH_OS_EFI for EFI chain-load boot Cristian Ciocaltea
2019-12-10 18:29   ` Heinrich Schuchardt
2019-12-10 22:49     ` Peter Robinson
2019-12-11  9:59       ` Cristian Ciocaltea [this message]
2019-12-10  8:56 ` [PATCH v2 2/4] bootm: Add a bootm command for type IH_OS_EFI Cristian Ciocaltea
2019-12-10 19:32   ` Heinrich Schuchardt
2019-12-11  8:54     ` Cristian Ciocaltea
2019-12-11  9:57       ` Heinrich Schuchardt
2019-12-11 15:10         ` Cristian Ciocaltea
2019-12-11 18:38           ` Heinrich Schuchardt
2019-12-11 10:13       ` Heinrich Schuchardt
2019-12-11 11:36         ` Cristian Ciocaltea
2019-12-11 11:50           ` Heinrich Schuchardt
2019-12-10  8:56 ` [PATCH v2 3/4] doc: Add sample uefi.its image description file Cristian Ciocaltea
2019-12-11 10:02   ` Heinrich Schuchardt
2019-12-10  8:56 ` [PATCH v2 4/4] doc: uefi.rst: Document launching UEFI binaries from FIT images Cristian Ciocaltea
2019-12-10 18:18   ` Heinrich Schuchardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191211095952.GB1210@BV030612LT \
    --to=cristian.ciocaltea@gmail.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.