// SPDX-License-Identifier: GPL-2.0-only #define pr_fmt(fmt) … #include <linux/init.h> #include <linux/kernel.h> #include <linux/string.h> #include <linux/time.h> #include <linux/types.h> #include <linux/efi.h> #include <linux/slab.h> #include <linux/memblock.h> #include <linux/acpi.h> #include <linux/dmi.h> #include <asm/e820/api.h> #include <asm/efi.h> #include <asm/uv/uv.h> #include <asm/cpu_device_id.h> #include <asm/realmode.h> #include <asm/reboot.h> #define EFI_MIN_RESERVE … #define EFI_DUMMY_GUID … #define QUARK_CSH_SIGNATURE … #define QUARK_SECURITY_HEADER_SIZE … /* * Header prepended to the standard EFI capsule on Quark systems the are based * on Intel firmware BSP. * @csh_signature: Unique identifier to sanity check signed module * presence ("_CSH"). * @version: Current version of CSH used. Should be one for Quark A0. * @modulesize: Size of the entire module including the module header * and payload. * @security_version_number_index: Index of SVN to use for validation of signed * module. * @security_version_number: Used to prevent against roll back of modules. * @rsvd_module_id: Currently unused for Clanton (Quark). * @rsvd_module_vendor: Vendor Identifier. For Intel products value is * 0x00008086. * @rsvd_date: BCD representation of build date as yyyymmdd, where * yyyy=4 digit year, mm=1-12, dd=1-31. * @headersize: Total length of the header including including any * padding optionally added by the signing tool. * @hash_algo: What Hash is used in the module signing. * @cryp_algo: What Crypto is used in the module signing. * @keysize: Total length of the key data including including any * padding optionally added by the signing tool. * @signaturesize: Total length of the signature including including any * padding optionally added by the signing tool. * @rsvd_next_header: 32-bit pointer to the next Secure Boot Module in the * chain, if there is a next header. * @rsvd: Reserved, padding structure to required size. * * See also QuartSecurityHeader_t in * Quark_EDKII_v1.2.1.1/QuarkPlatformPkg/Include/QuarkBootRom.h * from https://downloadcenter.intel.com/download/23197/Intel-Quark-SoC-X1000-Board-Support-Package-BSP */ struct quark_security_header { … }; static const efi_char16_t efi_dummy_name[] = …; static bool efi_no_storage_paranoia; /* * Some firmware implementations refuse to boot if there's insufficient * space in the variable store. The implementation of garbage collection * in some FW versions causes stale (deleted) variables to take up space * longer than intended and space is only freed once the store becomes * almost completely full. * * Enabling this option disables the space checks in * efi_query_variable_store() and forces garbage collection. * * Only enable this option if deleting EFI variables does not free up * space in your variable store, e.g. if despite deleting variables * you're unable to create new ones. */ static int __init setup_storage_paranoia(char *arg) { … } early_param(…); /* * Deleting the dummy variable which kicks off garbage collection */ void efi_delete_dummy_variable(void) { … } u64 efivar_reserved_space(void) { … } EXPORT_SYMBOL_GPL(…); /* * In the nonblocking case we do not attempt to perform garbage * collection if we do not have enough free space. Rather, we do the * bare minimum check and give up immediately if the available space * is below EFI_MIN_RESERVE. * * This function is intended to be small and simple because it is * invoked from crash handler paths. */ static efi_status_t query_variable_store_nonblocking(u32 attributes, unsigned long size) { … } /* * Some firmware implementations refuse to boot if there's insufficient space * in the variable store. Ensure that we never use more than a safe limit. * * Return EFI_SUCCESS if it is safe to write 'size' bytes to the variable * store. */ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size, bool nonblocking) { … } EXPORT_SYMBOL_GPL(…); /* * The UEFI specification makes it clear that the operating system is * free to do whatever it wants with boot services code after * ExitBootServices() has been called. Ignoring this recommendation a * significant bunch of EFI implementations continue calling into boot * services code (SetVirtualAddressMap). In order to work around such * buggy implementations we reserve boot services region during EFI * init and make sure it stays executable. Then, after * SetVirtualAddressMap(), it is discarded. * * However, some boot services regions contain data that is required * by drivers, so we need to track which memory ranges can never be * freed. This is done by tagging those regions with the * EFI_MEMORY_RUNTIME attribute. * * Any driver that wants to mark a region as reserved must use * efi_mem_reserve() which will insert a new EFI memory descriptor * into efi.memmap (splitting existing regions if necessary) and tag * it with EFI_MEMORY_RUNTIME. */ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size) { … } /* * Helper function for efi_reserve_boot_services() to figure out if we * can free regions in efi_free_boot_services(). * * Use this function to ensure we do not free regions owned by somebody * else. We must only reserve (and then free) regions: * * - Not within any part of the kernel * - Not the BIOS reserved area (E820_TYPE_RESERVED, E820_TYPE_NVS, etc) */ static __init bool can_free_region(u64 start, u64 size) { … } void __init efi_reserve_boot_services(void) { … } /* * Apart from having VA mappings for EFI boot services code/data regions, * (duplicate) 1:1 mappings were also created as a quirk for buggy firmware. So, * unmap both 1:1 and VA mappings. */ static void __init efi_unmap_pages(efi_memory_desc_t *md) { … } void __init efi_free_boot_services(void) { … } /* * A number of config table entries get remapped to virtual addresses * after entering EFI virtual mode. However, the kexec kernel requires * their physical addresses therefore we pass them via setup_data and * correct those entries to their respective physical addresses here. * * Currently only handles smbios which is necessary for some firmware * implementation. */ int __init efi_reuse_config(u64 tables, int nr_tables) { … } void __init efi_apply_memmap_quirks(void) { … } /* * For most modern platforms the preferred method of powering off is via * ACPI. However, there are some that are known to require the use of * EFI runtime services and for which ACPI does not work at all. * * Using EFI is a last resort, to be used only if no other option * exists. */ bool efi_reboot_required(void) { … } bool efi_poweroff_required(void) { … } #ifdef CONFIG_EFI_CAPSULE_QUIRK_QUARK_CSH static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff, size_t hdr_bytes) { struct quark_security_header *csh = *pkbuff; /* Only process data block that is larger than the security header */ if (hdr_bytes < sizeof(struct quark_security_header)) return 0; if (csh->csh_signature != QUARK_CSH_SIGNATURE || csh->headersize != QUARK_SECURITY_HEADER_SIZE) return 1; /* Only process data block if EFI header is included */ if (hdr_bytes < QUARK_SECURITY_HEADER_SIZE + sizeof(efi_capsule_header_t)) return 0; pr_debug("Quark security header detected\n"); if (csh->rsvd_next_header != 0) { pr_err("multiple Quark security headers not supported\n"); return -EINVAL; } *pkbuff += csh->headersize; cap_info->total_size = csh->headersize; /* * Update the first page pointer to skip over the CSH header. */ cap_info->phys[0] += csh->headersize; /* * cap_info->capsule should point at a virtual mapping of the entire * capsule, starting at the capsule header. Our image has the Quark * security header prepended, so we cannot rely on the default vmap() * mapping created by the generic capsule code. * Given that the Quark firmware does not appear to care about the * virtual mapping, let's just point cap_info->capsule at our copy * of the capsule header. */ cap_info->capsule = &cap_info->header; return 1; } static const struct x86_cpu_id efi_capsule_quirk_ids[] = { X86_MATCH_VENDOR_FAM_MODEL(INTEL, 5, INTEL_FAM5_QUARK_X1000, &qrk_capsule_setup_info), { } }; int efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, size_t hdr_bytes) { int (*quirk_handler)(struct capsule_info *, void **, size_t); const struct x86_cpu_id *id; int ret; if (hdr_bytes < sizeof(efi_capsule_header_t)) return 0; cap_info->total_size = 0; id = x86_match_cpu(efi_capsule_quirk_ids); if (id) { /* * The quirk handler is supposed to return * - a value > 0 if the setup should continue, after advancing * kbuff as needed * - 0 if not enough hdr_bytes are available yet * - a negative error code otherwise */ quirk_handler = (typeof(quirk_handler))id->driver_data; ret = quirk_handler(cap_info, &kbuff, hdr_bytes); if (ret <= 0) return ret; } memcpy(&cap_info->header, kbuff, sizeof(cap_info->header)); cap_info->total_size += cap_info->header.imagesize; return __efi_capsule_setup_info(cap_info); } #endif /* * If any access by any efi runtime service causes a page fault, then, * 1. If it's efi_reset_system(), reboot through BIOS. * 2. If any other efi runtime service, then * a. Return error status to the efi caller process. * b. Disable EFI Runtime Services forever and * c. Freeze efi_rts_wq and schedule new process. * * @return: Returns, if the page fault is not handled. This function * will never return if the page fault is handled successfully. */ void efi_crash_gracefully_on_page_fault(unsigned long phys_addr) { … }
Codebase Browser
linux