From patchwork Sun Nov 24 20:11:25 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
X-Patchwork-Id: 1200025
X-Patchwork-Delegate: xypron.glpk@gmx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (no SPF record) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="c1AIlyFS"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 47LpHh3G8Sz9sPZ
	for <incoming@patchwork.ozlabs.org>;
	Mon, 25 Nov 2019 11:46:08 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 1D00FC21E15; Mon, 25 Nov 2019 00:45:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_MSPIKE_H2,T_DKIM_INVALID,T_FRT_BELOW2 autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 80C85C21D9A;
	Mon, 25 Nov 2019 00:44:48 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 65232C21C4A; Sun, 24 Nov 2019 20:11:29 +0000 (UTC)
Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com
	[209.85.221.68])
	by lists.denx.de (Postfix) with ESMTPS id 1A301C21BE5
	for <u-boot@lists.denx.de>; Sun, 24 Nov 2019 20:11:29 +0000 (UTC)
Received: by mail-wr1-f68.google.com with SMTP id w9so15052886wrr.0
	for <u-boot@lists.denx.de>; Sun, 24 Nov 2019 12:11:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=w1M7MVZ0/85TDY74dok48qwHP6AoquwJUSw0MJAoLPg=;
	b=c1AIlyFSHLztu4Nj9cQyz755mizUJrHpFf/kKQO1yYZPTxbfcAizrxriFNvd9qr6ka
	eItT0gaZTObE4nTWoRcm6f1sjekUFwX9Nl2Ko8Rc1qyYMWC/t4FXeSjI0jXCmK6JL8J3
	819ANgmGY4RRP5ny8HqBhwRu15ZP0Yva2frrLsv5AqPNOG5VEiiKefRyvtzgJ83kuOx+
	25gi18gOy+hfjIU5m/DxEcqqOcfepYa+TV/qj62NGuPSdg2q7TrOuDwX/m3Ius4NXsrf
	/rfTgGm2AYu72btmUNmuq2/aOr+b/f+VJiJvq2eDvfQDrVOaGo6X32RSUyiGlRFNsMMp
	vzFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=w1M7MVZ0/85TDY74dok48qwHP6AoquwJUSw0MJAoLPg=;
	b=JX/8mFYtQ3DATKYGqzLEJI5+ag7C+5/EtUQBV0v/nKXAlqGWsgT020IIit4J25WYou
	kP+ZjR8jpD+FyVxEZpjzcYpNILFnf64Td0qJag5dRlYBWOzslz/Vn2n4ZkPNtuC9rYXe
	Z1JnQolRe3EfXkCzO/EEZGatGfIQeibh3UlkwoZ88T2XUpoTJSedRm7qgX5RovshQVvi
	8eBHaZ2KS47KGY6t8DgUhva0OCNLvzjYUtqh0PLymWtpccHijX6tlhZb7FMtl3+fARPw
	tBJt5Lo0E8DS/ZrvujlbPLg3l+c6ACL3xGXkq1PnCNpJJay/mfW4pjzAX1BJPbOKORIe
	1ncw==
X-Gm-Message-State: APjAAAVhb7m5/0wz7kDxwvJe7XiXR7ukOpGFqS6pBg5VR5TJeqVbnTWD
	GRymhBZUQ0iJ5+PpVGNdQag4ndT/
X-Google-Smtp-Source: 
 APXvYqxwdpf8jCiOwmJcOf4MZKl0du3hBee5sw9pLEovLTvYvx0EI5jbKvbe2aP/s3E5IKUcAsrn2Q==
X-Received: by 2002:adf:e506:: with SMTP id j6mr28584137wrm.19.1574626288415;
	Sun, 24 Nov 2019 12:11:28 -0800 (PST)
Received: from localhost.localdomain ([79.116.233.68])
	by smtp.gmail.com with ESMTPSA id
	c15sm7440128wrx.78.2019.11.24.12.11.27
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Sun, 24 Nov 2019 12:11:28 -0800 (PST)
From: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
To: u-boot@lists.denx.de
Date: Sun, 24 Nov 2019 22:11:25 +0200
Message-Id: 
 <806423f3d95c24ea2b03ffbda2d203f6be28e3d9.1574623031.git.cristian.ciocaltea@gmail.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <cover.1574623031.git.cristian.ciocaltea@gmail.com>
References: <cover.1574623031.git.cristian.ciocaltea@gmail.com>
X-Mailman-Approved-At: Mon, 25 Nov 2019 00:44:45 +0000
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Alexander Graf <agraf@csgraf.de>, cristian.ciocaltea@gmail.com
Subject: [U-Boot] [PATCH 1/2] image: Add IH_OS_EFI for EFI chain-load boot
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("EFI/BOOT/bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
---
 common/image-fit.c | 3 ++-
 common/image.c     | 1 +
 include/image.h    | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index 5c63c769de..19e313bf41 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1925,7 +1925,8 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 		image_type == IH_TYPE_FPGA ||
 		fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
 		fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
-		fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
+		fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
+		fit_image_check_os(fit, noffset, IH_OS_EFI);
 
 	/*
 	 * If either of the checks fail, we should report an error, but
diff --git a/common/image.c b/common/image.c
index f17fa40c49..2e0e2b0e7f 100644
--- a/common/image.c
+++ b/common/image.c
@@ -134,6 +134,7 @@ static const table_entry_t uimage_os[] = {
 	{	IH_OS_OPENRTOS,	"openrtos",	"OpenRTOS",		},
 #endif
 	{	IH_OS_OPENSBI,	"opensbi",	"RISC-V OpenSBI",	},
+	{	IH_OS_EFI,	"efi",		"EFI Firmware" },
 
 	{	-1,		"",		"",			},
 };
diff --git a/include/image.h b/include/image.h
index f4d2aaf53e..4a280b78e7 100644
--- a/include/image.h
+++ b/include/image.h
@@ -157,6 +157,7 @@ enum {
 	IH_OS_ARM_TRUSTED_FIRMWARE,     /* ARM Trusted Firmware */
 	IH_OS_TEE,			/* Trusted Execution Environment */
 	IH_OS_OPENSBI,			/* RISC-V OpenSBI */
+	IH_OS_EFI,			/* EFI Firmware (e.g. GRUB2) */
 
 	IH_OS_COUNT,
 };