diff options
| author | Simon Rettberg | 2026-01-28 12:53:53 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2026-01-28 12:53:53 +0100 |
| commit | 8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch) | |
| tree | a8b359e59196be5b2e3862bed189107f4bc9975f /src/include/ipxe | |
| parent | Merge branch 'master' into openslx (diff) | |
| parent | [prefix] Make unlzma.S compatible with 386 class CPUs (diff) | |
| download | ipxe-openslx.tar.gz ipxe-openslx.tar.xz ipxe-openslx.zip | |
Merge branch 'master' into openslxopenslx
Diffstat (limited to 'src/include/ipxe')
412 files changed, 9428 insertions, 1805 deletions
diff --git a/src/include/ipxe/acpi.h b/src/include/ipxe/acpi.h index c34681238..c423aa584 100644 --- a/src/include/ipxe/acpi.h +++ b/src/include/ipxe/acpi.h @@ -8,17 +8,40 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> #include <ipxe/refcnt.h> #include <ipxe/list.h> #include <ipxe/interface.h> -#include <ipxe/uaccess.h> #include <ipxe/tables.h> #include <ipxe/api.h> #include <config/general.h> +/** An ACPI generic address structure */ +struct acpi_address { + /** Address space type */ + uint8_t type; + /** Register bit width */ + uint8_t width; + /** Register bit offset */ + uint8_t offset; + /** Access size */ + uint8_t access; + /** Address */ + uint64_t address; +} __attribute__ (( packed )); + +/** A memory address space type */ +#define ACPI_ADDRESS_TYPE_MEM 0x00 + +/** An I/O address space type */ +#define ACPI_ADDRESS_TYPE_IO 0x01 + +/** A bus number address space type */ +#define ACPI_ADDRESS_TYPE_BUS 0x02 + /** An ACPI small resource descriptor header */ struct acpi_small_resource { /** Tag byte */ @@ -75,12 +98,6 @@ struct acpi_qword_address_space_resource { uint64_t len; } __attribute__ (( packed )); -/** A memory address space type */ -#define ACPI_ADDRESS_TYPE_MEM 0x00 - -/** A bus number address space type */ -#define ACPI_ADDRESS_TYPE_BUS 0x02 - /** An ACPI resource descriptor */ union acpi_resource { /** Tag byte */ @@ -355,7 +372,8 @@ struct acpi_model { #define PROVIDE_ACPI_INLINE( _subsys, _api_func ) \ PROVIDE_SINGLE_API_INLINE ( ACPI_PREFIX_ ## _subsys, _api_func ) -extern userptr_t acpi_find_via_rsdt ( uint32_t signature, unsigned int index ); +extern const struct acpi_header * acpi_find_via_rsdt ( uint32_t signature, + unsigned int index ); /* Include all architecture-independent ACPI API headers */ #include <ipxe/null_acpi.h> @@ -368,31 +386,36 @@ extern userptr_t acpi_find_via_rsdt ( uint32_t signature, unsigned int index ); /** * Locate ACPI root system description table * - * @ret rsdt ACPI root system description table, or UNULL + * @ret rsdt ACPI root system description table, or NULL */ -userptr_t acpi_find_rsdt ( void ); +const struct acpi_rsdt * acpi_find_rsdt ( void ); /** * Locate ACPI table * * @v signature Requested table signature * @v index Requested index of table with this signature - * @ret table Table, or UNULL if not found + * @ret table Table, or NULL if not found */ -userptr_t acpi_find ( uint32_t signature, unsigned int index ); +const struct acpi_header * acpi_find ( uint32_t signature, + unsigned int index ); extern struct acpi_descriptor * acpi_describe ( struct interface *interface ); #define acpi_describe_TYPE( object_type ) \ typeof ( struct acpi_descriptor * ( object_type ) ) -extern userptr_t ( * acpi_finder ) ( uint32_t signature, unsigned int index ); +extern const struct acpi_header * ( * acpi_finder ) ( uint32_t signature, + unsigned int index ); extern void acpi_fix_checksum ( struct acpi_header *acpi ); -extern userptr_t acpi_table ( uint32_t signature, unsigned int index ); +extern const struct acpi_header * acpi_table ( uint32_t signature, + unsigned int index ); extern int acpi_extract ( uint32_t signature, void *data, - int ( * extract ) ( userptr_t zsdt, size_t len, - size_t offset, void *data ) ); + int ( * extract ) ( const struct acpi_header *zsdt, + size_t len, size_t offset, + void *data ) ); +extern void * acpi_ioremap ( struct acpi_address *address, size_t len ); extern void acpi_add ( struct acpi_descriptor *desc ); extern void acpi_del ( struct acpi_descriptor *desc ); extern int acpi_install ( int ( * install ) ( struct acpi_header *acpi ) ); diff --git a/src/include/ipxe/acpimac.h b/src/include/ipxe/acpimac.h index de673eb28..074165a92 100644 --- a/src/include/ipxe/acpimac.h +++ b/src/include/ipxe/acpimac.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int acpi_mac ( uint8_t *hw_addr ); diff --git a/src/include/ipxe/aes.h b/src/include/ipxe/aes.h index 8731de6ba..1c0024ccb 100644 --- a/src/include/ipxe/aes.h +++ b/src/include/ipxe/aes.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/crypto.h> diff --git a/src/include/ipxe/ansicol.h b/src/include/ipxe/ansicol.h index 2b54ecaca..9c34d596b 100644 --- a/src/include/ipxe/ansicol.h +++ b/src/include/ipxe/ansicol.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <curses.h> /* For COLOR_RED etc. */ diff --git a/src/include/ipxe/ansiesc.h b/src/include/ipxe/ansiesc.h index 80bc83308..280f51066 100644 --- a/src/include/ipxe/ansiesc.h +++ b/src/include/ipxe/ansiesc.h @@ -27,6 +27,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct ansiesc_context; diff --git a/src/include/ipxe/aoe.h b/src/include/ipxe/aoe.h index 14d11c5cb..c548f42a2 100644 --- a/src/include/ipxe/aoe.h +++ b/src/include/ipxe/aoe.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/list.h> diff --git a/src/include/ipxe/api.h b/src/include/ipxe/api.h index d05d3b07a..ab61f4f14 100644 --- a/src/include/ipxe/api.h +++ b/src/include/ipxe/api.h @@ -12,6 +12,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** @defgroup Single-implementation APIs * diff --git a/src/include/ipxe/arp.h b/src/include/ipxe/arp.h index 5822fa095..c70ea7eff 100644 --- a/src/include/ipxe/arp.h +++ b/src/include/ipxe/arp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> #include <ipxe/netdevice.h> @@ -45,16 +46,14 @@ extern struct neighbour_discovery arp_discovery; * @v net_protocol Network-layer protocol * @v net_dest Destination network-layer address * @v net_source Source network-layer address - * @v ll_source Source link-layer address * @ret rc Return status code */ static inline int arp_tx ( struct io_buffer *iobuf, struct net_device *netdev, struct net_protocol *net_protocol, - const void *net_dest, const void *net_source, - const void *ll_source ) { + const void *net_dest, const void *net_source ) { return neighbour_tx ( iobuf, netdev, net_protocol, net_dest, - &arp_discovery, net_source, ll_source ); + &arp_discovery, net_source ); } extern int arp_tx_request ( struct net_device *netdev, diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index ac7ea5604..c5dcccb99 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdint.h> @@ -127,6 +128,42 @@ struct asn1_builder_header { #define ASN1_OID_TRIPLE( value ) \ ( 0x80 | ( ( (value) >> 14 ) & 0x7f ) ), ASN1_OID_DOUBLE ( (value) ) +/** ASN.1 OID for ecPublicKey (1.2.840.10045.2.1) */ +#define ASN1_OID_ECPUBLICKEY \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 2 ), \ + ASN1_OID_SINGLE ( 1 ) + +/** ASN.1 OID for prime256v1 (1.2.840.10045.3.1.7) */ +#define ASN1_OID_PRIME256V1 \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 3 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 7 ) + +/** ASN.1 OID for ecdsa-with-SHA224 (1.2.840.10045.4.3.1) */ +#define ASN1_OID_ECDSA_WITH_SHA224 \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 1 ) + +/** ASN.1 OID for ecdsa-with-SHA256 (1.2.840.10045.4.3.2) */ +#define ASN1_OID_ECDSA_WITH_SHA256 \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 2 ) + +/** ASN.1 OID for ecdsa-with-SHA384 (1.2.840.10045.4.3.3) */ +#define ASN1_OID_ECDSA_WITH_SHA384 \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 ) + +/** ASN.1 OID for ecdsa-with-SHA512 (1.2.840.10045.4.3.4) */ +#define ASN1_OID_ECDSA_WITH_SHA512 \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_DOUBLE ( 10045 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ) + /** ASN.1 OID for rsaEncryption (1.2.840.113549.1.1.1) */ #define ASN1_OID_RSAENCRYPTION \ ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ @@ -192,6 +229,53 @@ struct asn1_builder_header { ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 101 ), \ ASN1_OID_SINGLE ( 110 ) +/** ASN.1 OID for secp384r1 (1.3.132.0.34) */ +#define ASN1_OID_SECP384R1 \ + ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_DOUBLE ( 132 ), \ + ASN1_OID_SINGLE ( 0 ), ASN1_OID_SINGLE ( 34 ) + +/** ASN.1 OID for id-aes128-cbc (2.16.840.1.101.3.4.1.2) */ +#define ASN1_OID_AES128_CBC \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 2 ) + +/** ASN.1 OID for id-aes128-gcm (2.16.840.1.101.3.4.1.6) */ +#define ASN1_OID_AES128_GCM \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 6 ) + +/** ASN.1 OID for id-aes192-cbc (2.16.840.1.101.3.4.1.22) */ +#define ASN1_OID_AES192_CBC \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 22 ) + +/** ASN.1 OID for id-aes192-gcm (2.16.840.1.101.3.4.1.26) */ +#define ASN1_OID_AES192_GCM \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 26 ) + +/** ASN.1 OID for id-aes256-cbc (2.16.840.1.101.3.4.1.42) */ +#define ASN1_OID_AES256_CBC \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 42 ) + +/** ASN.1 OID for id-aes256-gcm (2.16.840.1.101.3.4.1.46) */ +#define ASN1_OID_AES256_GCM \ + ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 46 ) + /** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */ #define ASN1_OID_SHA256 \ ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ @@ -261,12 +345,25 @@ struct asn1_builder_header { ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 ) -/** ASN.1 OID for pkcs-signedData (1.2.840.113549.1.7.2) */ +/** ASN.1 OID for id-signedData (1.2.840.113549.1.7.2) */ #define ASN1_OID_SIGNEDDATA \ ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \ ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 2 ) +/** ASN.1 OID for id-envelopedData (1.2.840.113549.1.7.3) */ +#define ASN1_OID_ENVELOPEDDATA \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \ + ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 3 ) + +/** ASN.1 OID for id-authEnvelopedData (1.2.840.113549.1.9.16.1.23) */ +#define ASN1_OID_AUTHENVELOPEDDATA \ + ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \ + ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \ + ASN1_OID_SINGLE ( 9 ), ASN1_OID_SINGLE ( 16 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 23 ) + /** ASN.1 OID for id-pe-authorityInfoAccess (1.3.6.1.5.5.7.1.1) */ #define ASN1_OID_AUTHORITYINFOACCESS \ ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \ @@ -317,8 +414,19 @@ struct asn1_algorithm { struct pubkey_algorithm *pubkey; /** Digest algorithm (if applicable) */ struct digest_algorithm *digest; + /** Cipher algorithm (if applicable) */ + struct cipher_algorithm *cipher; /** Elliptic curve (if applicable) */ struct elliptic_curve *curve; + /** + * Parse algorithm parameters (optional) + * + * @v algorithm Algorithm + * @v param Parameters to parse (and potentially modify) + * @ret rc Return status code + */ + int ( * parse ) ( struct asn1_algorithm *algorithm, + struct asn1_cursor *params ); }; /** ASN.1 OID-identified algorithms */ @@ -349,16 +457,7 @@ extern struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm; extern struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm; extern struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm; extern struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm; - -/** An ASN.1 bit string */ -struct asn1_bit_string { - /** Data */ - const void *data; - /** Length */ - size_t len; - /** Unused bits at end of data */ - unsigned int unused; -} __attribute__ (( packed )); +extern struct asn1_algorithm ecpubkey_algorithm __asn1_algorithm; /** * Invalidate ASN.1 object cursor @@ -404,8 +503,6 @@ asn1_built ( struct asn1_builder *builder ) { return &u->cursor; } -extern int asn1_start ( struct asn1_cursor *cursor, unsigned int type, - size_t extra ); extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ); extern int asn1_skip_if_exists ( struct asn1_cursor *cursor, unsigned int type ); @@ -414,24 +511,35 @@ extern int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type ); extern int asn1_enter_any ( struct asn1_cursor *cursor ); extern int asn1_skip_any ( struct asn1_cursor *cursor ); extern int asn1_shrink_any ( struct asn1_cursor *cursor ); +extern int asn1_enter_bits ( struct asn1_cursor *cursor, + unsigned int *unused ); +extern int asn1_enter_unsigned ( struct asn1_cursor *cursor ); extern int asn1_boolean ( const struct asn1_cursor *cursor ); extern int asn1_integer ( const struct asn1_cursor *cursor, int *value ); -extern int asn1_bit_string ( const struct asn1_cursor *cursor, - struct asn1_bit_string *bits ); -extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor, - struct asn1_bit_string *bits ); extern int asn1_compare ( const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2 ); extern int asn1_algorithm ( const struct asn1_cursor *cursor, - struct asn1_algorithm **algorithm ); + struct asn1_algorithm **algorithm, + struct asn1_cursor *params ); extern int asn1_pubkey_algorithm ( const struct asn1_cursor *cursor, struct asn1_algorithm **algorithm ); extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor, struct asn1_algorithm **algorithm ); +extern int asn1_cipher_algorithm ( const struct asn1_cursor *cursor, + struct asn1_algorithm **algorithm, + struct asn1_cursor *params ); extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor, struct asn1_algorithm **algorithm ); +extern int asn1_curve_algorithm ( const struct asn1_cursor *cursor, + struct asn1_algorithm *wrapper, + struct asn1_algorithm **algorithm ); extern int asn1_check_algorithm ( const struct asn1_cursor *cursor, - struct asn1_algorithm *expected ); + struct asn1_algorithm *expected, + struct asn1_cursor *params ); +extern int asn1_parse_cbc ( struct asn1_algorithm *algorithm, + struct asn1_cursor *params ); +extern int asn1_parse_gcm ( struct asn1_algorithm *algorithm, + struct asn1_cursor *params ); extern int asn1_generalized_time ( const struct asn1_cursor *cursor, time_t *time ); extern int asn1_grow ( struct asn1_builder *builder, size_t extra ); diff --git a/src/include/ipxe/ata.h b/src/include/ipxe/ata.h index a10cfafcc..eea086c13 100644 --- a/src/include/ipxe/ata.h +++ b/src/include/ipxe/ata.h @@ -2,7 +2,6 @@ #define _IPXE_ATA_H #include <stdint.h> -#include <ipxe/uaccess.h> #include <ipxe/interface.h> /** @file @@ -12,6 +11,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** * An ATA Logical Block Address @@ -173,7 +173,7 @@ struct ata_cmd { * If non-NULL, this buffer must be ata_command::cb::count * sectors in size. */ - userptr_t data_out; + void *data_out; /** Data-out buffer length * * Must be zero if @c data_out is NULL @@ -184,7 +184,7 @@ struct ata_cmd { * If non-NULL, this buffer must be ata_command::cb::count * sectors in size. */ - userptr_t data_in; + void *data_in; /** Data-in buffer length * * Must be zero if @c data_in is NULL diff --git a/src/include/ipxe/base16.h b/src/include/ipxe/base16.h index c9e430e7e..b2cf42eb4 100644 --- a/src/include/ipxe/base16.h +++ b/src/include/ipxe/base16.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <string.h> diff --git a/src/include/ipxe/base64.h b/src/include/ipxe/base64.h index 0c70d8382..f93039901 100644 --- a/src/include/ipxe/base64.h +++ b/src/include/ipxe/base64.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <string.h> diff --git a/src/include/ipxe/bigint.h b/src/include/ipxe/bigint.h index 3dc344dff..9c31f4540 100644 --- a/src/include/ipxe/bigint.h +++ b/src/include/ipxe/bigint.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <assert.h> @@ -28,8 +29,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * @ret size Number of elements */ #define bigint_required_size( len ) \ - ( ( (len) + sizeof ( bigint_element_t ) - 1 ) / \ - sizeof ( bigint_element_t ) ) + ( (len) ? ( ( (len) + sizeof ( bigint_element_t ) - 1 ) / \ + sizeof ( bigint_element_t ) ) : 1 ) /** * Determine number of elements in big-integer type @@ -41,6 +42,17 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); ( sizeof ( *(bigint) ) / sizeof ( (bigint)->element[0] ) ) /** + * Transcribe big integer (for debugging) + * + * @v value Big integer to be transcribed + * @ret string Big integer in string form (may be abbreviated) + */ +#define bigint_ntoa( value ) ( { \ + unsigned int size = bigint_size (value); \ + bigint_ntoa_raw ( (value)->element, size ); \ + } ) + +/** * Initialise big integer * * @v value Big integer to initialise @@ -70,43 +82,47 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @v addend Big integer to add * @v value Big integer to be added to + * @ret carry Carry out */ -#define bigint_add( addend, value ) do { \ +#define bigint_add( addend, value ) ( { \ unsigned int size = bigint_size (addend); \ bigint_add_raw ( (addend)->element, (value)->element, size ); \ - } while ( 0 ) + } ) /** * Subtract big integers * * @v subtrahend Big integer to subtract * @v value Big integer to be subtracted from + * @ret borrow Borrow out */ -#define bigint_subtract( subtrahend, value ) do { \ +#define bigint_subtract( subtrahend, value ) ( { \ unsigned int size = bigint_size (subtrahend); \ bigint_subtract_raw ( (subtrahend)->element, (value)->element, \ size ); \ - } while ( 0 ) + } ) /** - * Rotate big integer left + * Shift big integer left * * @v value Big integer + * @ret out Bit shifted out */ -#define bigint_rol( value ) do { \ +#define bigint_shl( value ) ( { \ unsigned int size = bigint_size (value); \ - bigint_rol_raw ( (value)->element, size ); \ - } while ( 0 ) + bigint_shl_raw ( (value)->element, size ); \ + } ) /** - * Rotate big integer right + * Shift big integer right * * @v value Big integer + * @ret out Bit shifted out */ -#define bigint_ror( value ) do { \ +#define bigint_shr( value ) ( { \ unsigned int size = bigint_size (value); \ - bigint_ror_raw ( (value)->element, size ); \ - } while ( 0 ) + bigint_shr_raw ( (value)->element, size ); \ + } ) /** * Test if big integer is equal to zero @@ -132,6 +148,28 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); size ); } ) /** + * Set bit in big integer + * + * @v value Big integer + * @v bit Bit to set + */ +#define bigint_set_bit( value, bit ) do { \ + unsigned int size = bigint_size (value); \ + bigint_set_bit_raw ( (value)->element, size, bit ); \ + } while ( 0 ) + +/** + * Clear bit in big integer + * + * @v value Big integer + * @v bit Bit to set + */ +#define bigint_clear_bit( value, bit ) do { \ + unsigned int size = bigint_size (value); \ + bigint_clear_bit_raw ( (value)->element, size, bit ); \ + } while ( 0 ) + +/** * Test if bit is set in big integer * * @v value Big integer @@ -143,6 +181,16 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); bigint_bit_is_set_raw ( (value)->element, size, bit ); } ) /** + * Test if most significant bit is set in big integer + * + * @v value Big integer + * @ret is_set Most significant bit is set + */ +#define bigint_msb_is_set( value ) ( { \ + unsigned int size = bigint_size (value); \ + bigint_msb_is_set_raw ( (value)->element, size ); } ) + +/** * Find highest bit set in big integer * * @v value Big integer @@ -218,35 +266,74 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); } while ( 0 ) /** - * Perform modular multiplication of big integers + * Reduce big integer R^2 modulo N * - * @v multiplicand Big integer to be multiplied - * @v multiplier Big integer to be multiplied * @v modulus Big integer modulus * @v result Big integer to hold result - * @v tmp Temporary working space */ -#define bigint_mod_multiply( multiplicand, multiplier, modulus, \ - result, tmp ) do { \ - unsigned int size = bigint_size (multiplicand); \ - bigint_mod_multiply_raw ( (multiplicand)->element, \ - (multiplier)->element, \ - (modulus)->element, \ - (result)->element, size, tmp ); \ +#define bigint_reduce( modulus, result ) do { \ + unsigned int size = bigint_size (modulus); \ + bigint_reduce_raw ( (modulus)->element, (result)->element, \ + size ); \ } while ( 0 ) /** - * Calculate temporary working space required for moduluar multiplication + * Compute inverse of odd big integer modulo any power of two * - * @v modulus Big integer modulus - * @ret len Length of temporary working space + * @v invertend Odd big integer to be inverted + * @v inverse Big integer to hold result */ -#define bigint_mod_multiply_tmp_len( modulus ) ( { \ +#define bigint_mod_invert( invertend, inverse ) do { \ + unsigned int size = bigint_size ( inverse ); \ + bigint_mod_invert_raw ( (invertend)->element, \ + (inverse)->element, size ); \ + } while ( 0 ) + +/** + * Perform relaxed Montgomery reduction (REDC) of a big integer + * + * @v modulus Big integer odd modulus + * @v value Big integer to be reduced + * @v result Big integer to hold result + * @ret carry Carry out + */ +#define bigint_montgomery_relaxed( modulus, value, result ) ( { \ unsigned int size = bigint_size (modulus); \ - sizeof ( struct { \ - bigint_t ( size * 2 ) temp_result; \ - bigint_t ( size * 2 ) temp_modulus; \ - } ); } ) + bigint_montgomery_relaxed_raw ( (modulus)->element, \ + (value)->element, \ + (result)->element, size ); \ + } ) + +/** + * Perform classic Montgomery reduction (REDC) of a big integer + * + * @v modulus Big integer odd modulus + * @v value Big integer to be reduced + * @v result Big integer to hold result + */ +#define bigint_montgomery( modulus, value, result ) do { \ + unsigned int size = bigint_size (modulus); \ + bigint_montgomery_raw ( (modulus)->element, (value)->element, \ + (result)->element, size ); \ + } while ( 0 ) + +/** + * Perform generalised exponentiation via a Montgomery ladder + * + * @v result Big integer result (initialised to identity element) + * @v multiple Big integer multiple (initialised to generator) + * @v exponent Big integer exponent + * @v op Montgomery ladder commutative operation + * @v ctx Operation context (if needed) + * @v tmp Temporary working space (if needed) + */ +#define bigint_ladder( result, multiple, exponent, op, ctx, tmp ) do { \ + unsigned int size = bigint_size (result); \ + unsigned int exponent_size = bigint_size (exponent); \ + bigint_ladder_raw ( (result)->element, (multiple)->element, \ + size, (exponent)->element, exponent_size, \ + (op), (ctx), (tmp) ); \ + } while ( 0 ) /** * Perform modular exponentiation of big integers @@ -269,32 +356,114 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * Calculate temporary working space required for moduluar exponentiation * * @v modulus Big integer modulus - * @v exponent Big integer exponent * @ret len Length of temporary working space */ -#define bigint_mod_exp_tmp_len( modulus, exponent ) ( { \ +#define bigint_mod_exp_tmp_len( modulus ) ( { \ unsigned int size = bigint_size (modulus); \ - unsigned int exponent_size = bigint_size (exponent); \ - size_t mod_multiply_len = \ - bigint_mod_multiply_tmp_len (modulus); \ sizeof ( struct { \ - bigint_t ( size ) temp_base; \ - bigint_t ( exponent_size ) temp_exponent; \ - uint8_t mod_multiply[mod_multiply_len]; \ + bigint_t ( size ) temp[4]; \ } ); } ) #include <bits/bigint.h> +/** + * A big integer Montgomery ladder commutative operation + * + * @v operand Element 0 of first input operand (may overlap result) + * @v result Element 0 of second input operand and result + * @v size Number of elements in operands and result + * @v ctx Operation context (if needed) + * @v tmp Temporary working space (if needed) + */ +typedef void ( bigint_ladder_op_t ) ( const bigint_element_t *operand0, + bigint_element_t *result0, + unsigned int size, const void *ctx, + void *tmp ); + +/** + * Set bit in big integer + * + * @v value0 Element 0 of big integer + * @v size Number of elements + * @v bit Bit to set + */ +static inline __attribute__ (( always_inline )) void +bigint_set_bit_raw ( bigint_element_t *value0, unsigned int size, + unsigned int bit ) { + bigint_t ( size ) __attribute__ (( may_alias )) *value = + ( ( void * ) value0 ); + unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) ); + unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) ); + + value->element[index] |= ( 1UL << subindex ); +} + +/** + * Clear bit in big integer + * + * @v value0 Element 0 of big integer + * @v size Number of elements + * @v bit Bit to clear + */ +static inline __attribute__ (( always_inline )) void +bigint_clear_bit_raw ( bigint_element_t *value0, unsigned int size, + unsigned int bit ) { + bigint_t ( size ) __attribute__ (( may_alias )) *value = + ( ( void * ) value0 ); + unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) ); + unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) ); + + value->element[index] &= ~( 1UL << subindex ); +} + +/** + * Test if bit is set in big integer + * + * @v value0 Element 0 of big integer + * @v size Number of elements + * @v bit Bit to test + * @ret is_set Bit is set + */ +static inline __attribute__ (( always_inline )) int +bigint_bit_is_set_raw ( const bigint_element_t *value0, unsigned int size, + unsigned int bit ) { + const bigint_t ( size ) __attribute__ (( may_alias )) *value = + ( ( const void * ) value0 ); + unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) ); + unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) ); + + return ( !! ( value->element[index] & ( 1UL << subindex ) ) ); +} + +/** + * Test if most significant bit is set in big integer + * + * @v value0 Element 0 of big integer + * @v size Number of elements + * @ret is_set Most significant bit is set + */ +static inline __attribute__ (( always_inline )) int +bigint_msb_is_set_raw ( const bigint_element_t *value0, unsigned int size ) { + const bigint_t ( size ) __attribute__ (( may_alias )) *value = + ( ( const void * ) value0 ); + unsigned int index = ( size - 1 ); + unsigned int subindex = ( ( 8 * sizeof ( value->element[0] ) ) - 1 ); + + return ( !! ( value->element[index] & ( 1UL << subindex ) ) ); +} + +const char * bigint_ntoa_raw ( const bigint_element_t *value0, + unsigned int size ); void bigint_init_raw ( bigint_element_t *value0, unsigned int size, const void *data, size_t len ); void bigint_done_raw ( const bigint_element_t *value0, unsigned int size, void *out, size_t len ); -void bigint_add_raw ( const bigint_element_t *addend0, - bigint_element_t *value0, unsigned int size ); -void bigint_subtract_raw ( const bigint_element_t *subtrahend0, - bigint_element_t *value0, unsigned int size ); -void bigint_rol_raw ( bigint_element_t *value0, unsigned int size ); -void bigint_ror_raw ( bigint_element_t *value0, unsigned int size ); +int bigint_add_raw ( const bigint_element_t *addend0, + bigint_element_t *value0, unsigned int size ); +int bigint_subtract_raw ( const bigint_element_t *subtrahend0, + bigint_element_t *value0, unsigned int size ); +int bigint_shl_raw ( bigint_element_t *value0, unsigned int size ); +int bigint_shr_raw ( bigint_element_t *value0, unsigned int size ); int bigint_is_zero_raw ( const bigint_element_t *value0, unsigned int size ); int bigint_is_geq_raw ( const bigint_element_t *value0, const bigint_element_t *reference0, @@ -311,16 +480,34 @@ void bigint_shrink_raw ( const bigint_element_t *source0, unsigned int dest_size ); void bigint_swap_raw ( bigint_element_t *first0, bigint_element_t *second0, unsigned int size, int swap ); +void bigint_multiply_one ( const bigint_element_t multiplicand, + const bigint_element_t multiplier, + bigint_element_t *result, + bigint_element_t *carry ); void bigint_multiply_raw ( const bigint_element_t *multiplicand0, unsigned int multiplicand_size, const bigint_element_t *multiplier0, unsigned int multiplier_size, bigint_element_t *result0 ); -void bigint_mod_multiply_raw ( const bigint_element_t *multiplicand0, - const bigint_element_t *multiplier0, - const bigint_element_t *modulus0, - bigint_element_t *result0, - unsigned int size, void *tmp ); +void bigint_reduce_raw ( const bigint_element_t *modulus0, + bigint_element_t *result0, unsigned int size ); +void bigint_mod_invert_raw ( const bigint_element_t *invertend0, + bigint_element_t *inverse0, unsigned int size ); +int bigint_montgomery_relaxed_raw ( const bigint_element_t *modulus0, + bigint_element_t *value0, + bigint_element_t *result0, + unsigned int size ); +void bigint_montgomery_raw ( const bigint_element_t *modulus0, + bigint_element_t *value0, + bigint_element_t *result0, unsigned int size ); +void bigint_ladder_raw ( bigint_element_t *result0, + bigint_element_t *multiple0, unsigned int size, + const bigint_element_t *exponent0, + unsigned int exponent_size, bigint_ladder_op_t *op, + const void *ctx, void *tmp ); +void bigint_mod_exp_ladder ( const bigint_element_t *multiplier0, + bigint_element_t *result0, unsigned int size, + const void *ctx, void *tmp ); void bigint_mod_exp_raw ( const bigint_element_t *base0, const bigint_element_t *modulus0, const bigint_element_t *exponent0, diff --git a/src/include/ipxe/bitmap.h b/src/include/ipxe/bitmap.h index 38aca694b..7533d1bf9 100644 --- a/src/include/ipxe/bitmap.h +++ b/src/include/ipxe/bitmap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stddef.h> diff --git a/src/include/ipxe/bitops.h b/src/include/ipxe/bitops.h index 7366cd9f1..59a4fb442 100644 --- a/src/include/ipxe/bitops.h +++ b/src/include/ipxe/bitops.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <bits/bitops.h> diff --git a/src/include/ipxe/blockdev.h b/src/include/ipxe/blockdev.h index 418c43004..7e4d48ce4 100644 --- a/src/include/ipxe/blockdev.h +++ b/src/include/ipxe/blockdev.h @@ -9,9 +9,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> -#include <ipxe/uaccess.h> #include <ipxe/interface.h> /** Block device capacity */ @@ -25,20 +25,20 @@ struct block_device_capacity { }; extern int block_read ( struct interface *control, struct interface *data, - uint64_t lba, unsigned int count, - userptr_t buffer, size_t len ); + uint64_t lba, unsigned int count, void *buffer, + size_t len ); #define block_read_TYPE( object_type ) \ typeof ( int ( object_type, struct interface *data, \ uint64_t lba, unsigned int count, \ - userptr_t buffer, size_t len ) ) + void *buffer, size_t len ) ) extern int block_write ( struct interface *control, struct interface *data, - uint64_t lba, unsigned int count, - userptr_t buffer, size_t len ); + uint64_t lba, unsigned int count, void *buffer, + size_t len ); #define block_write_TYPE( object_type ) \ typeof ( int ( object_type, struct interface *data, \ uint64_t lba, unsigned int count, \ - userptr_t buffer, size_t len ) ) + void *buffer, size_t len ) ) extern int block_read_capacity ( struct interface *control, struct interface *data ); diff --git a/src/include/ipxe/blocktrans.h b/src/include/ipxe/blocktrans.h index fee71b96c..66a7e353c 100644 --- a/src/include/ipxe/blocktrans.h +++ b/src/include/ipxe/blocktrans.h @@ -8,12 +8,12 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> #include <ipxe/interface.h> #include <ipxe/xferbuf.h> -#include <ipxe/uaccess.h> /** A block device translator */ struct block_translator { @@ -26,13 +26,11 @@ struct block_translator { /** Data transfer buffer */ struct xfer_buffer xferbuf; - /** Data buffer */ - userptr_t buffer; /** Block size */ size_t blksize; }; -extern int block_translate ( struct interface *block, - userptr_t buffer, size_t size ); +extern int block_translate ( struct interface *block, void *buffer, + size_t size ); #endif /* _IPXE_BLOCKTRANS_H */ diff --git a/src/include/ipxe/bofm.h b/src/include/ipxe/bofm.h index bc994ea8b..a09c770d2 100644 --- a/src/include/ipxe/bofm.h +++ b/src/include/ipxe/bofm.h @@ -328,6 +328,9 @@ struct bofm_operations { #define __bofm_driver #endif +/** Declare a BOFM test driver */ +#define __bofm_test_driver __table_entry ( BOFM_DRIVERS, 02 ) + /** * Initialise BOFM device * @@ -345,7 +348,7 @@ bofm_init ( struct bofm_device *bofm, struct pci_device *pci, extern int bofm_register ( struct bofm_device *bofm ); extern void bofm_unregister ( struct bofm_device *bofm ); extern int bofm_find_driver ( struct pci_device *pci ); -extern int bofm ( userptr_t bofmtab, struct pci_device *pci ); +extern int bofm ( void *bofmtab, struct pci_device *pci ); extern void bofm_test ( struct pci_device *pci ); #endif /* _IPXE_BOFM_H */ diff --git a/src/include/ipxe/cachedhcp.h b/src/include/ipxe/cachedhcp.h index 8ebee3b7b..100e5e098 100644 --- a/src/include/ipxe/cachedhcp.h +++ b/src/include/ipxe/cachedhcp.h @@ -8,9 +8,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> -#include <ipxe/uaccess.h> struct net_device; struct cached_dhcp_packet; @@ -20,7 +20,7 @@ extern struct cached_dhcp_packet cached_proxydhcp; extern struct cached_dhcp_packet cached_pxebs; extern int cachedhcp_record ( struct cached_dhcp_packet *cache, - unsigned int vlan, userptr_t data, + unsigned int vlan, const void *data, size_t max_len ); extern void cachedhcp_recycle ( struct net_device *netdev ); diff --git a/src/include/ipxe/cbc.h b/src/include/ipxe/cbc.h index f02e51937..154fc5666 100644 --- a/src/include/ipxe/cbc.h +++ b/src/include/ipxe/cbc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/crypto.h> diff --git a/src/include/ipxe/cdc.h b/src/include/ipxe/cdc.h index b8b4a59d9..a61fe61ea 100644 --- a/src/include/ipxe/cdc.h +++ b/src/include/ipxe/cdc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/usb.h> diff --git a/src/include/ipxe/certstore.h b/src/include/ipxe/certstore.h index ce96666cf..293f6dec7 100644 --- a/src/include/ipxe/certstore.h +++ b/src/include/ipxe/certstore.h @@ -8,15 +8,12 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); -#include <ipxe/asn1.h> #include <ipxe/x509.h> -#include <ipxe/privkey.h> extern struct x509_chain certstore; -extern struct x509_certificate * certstore_find ( struct asn1_cursor *raw ); -extern struct x509_certificate * certstore_find_key ( struct private_key *key ); extern void certstore_add ( struct x509_certificate *cert ); extern void certstore_del ( struct x509_certificate *cert ); diff --git a/src/include/ipxe/chap.h b/src/include/ipxe/chap.h index 7c693e29d..965143095 100644 --- a/src/include/ipxe/chap.h +++ b/src/include/ipxe/chap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/md5.h> diff --git a/src/include/ipxe/cms.h b/src/include/ipxe/cms.h index 7adf724b2..d2e426c5c 100644 --- a/src/include/ipxe/cms.h +++ b/src/include/ipxe/cms.h @@ -8,69 +8,124 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <time.h> #include <ipxe/asn1.h> #include <ipxe/crypto.h> #include <ipxe/x509.h> #include <ipxe/refcnt.h> -#include <ipxe/uaccess.h> -/** CMS signer information */ -struct cms_signer_info { - /** List of signer information blocks */ - struct list_head list; +struct image; +struct cms_message; + +/** A CMS message type */ +struct cms_type { + /** Name */ + const char *name; + /** Object identifier */ + struct asn1_cursor oid; + /** Parse content + * + * @v cms CMS message + * @v raw ASN.1 cursor + * @ret rc Return status code + */ + int ( * parse ) ( struct cms_message *cms, + const struct asn1_cursor *raw ); +}; +/** CMS participant information */ +struct cms_participant { + /** List of participant information blocks */ + struct list_head list; /** Certificate chain */ struct x509_chain *chain; - /** Digest algorithm */ + /** Digest algorithm (for signature messages) */ struct digest_algorithm *digest; /** Public-key algorithm */ struct pubkey_algorithm *pubkey; - /** Signature */ - void *signature; - /** Length of signature */ - size_t signature_len; + /** Signature or key value */ + struct asn1_cursor value; }; -/** A CMS signature */ -struct cms_signature { +/** A CMS message */ +struct cms_message { /** Reference count */ struct refcnt refcnt; - /** List of all certificates */ + /** Raw ASN.1 data */ + struct asn1_cursor *raw; + /** Message type */ + struct cms_type *type; + + /** List of all certificates (for signature messages) */ struct x509_chain *certificates; - /** List of signer information blocks */ - struct list_head info; + /** List of participant information blocks */ + struct list_head participants; + + /** Cipher algorithm */ + struct cipher_algorithm *cipher; + /** Cipher initialization vector */ + struct asn1_cursor iv; + /** Cipher authentication tag */ + struct asn1_cursor mac; }; /** - * Get reference to CMS signature + * Get reference to CMS message * - * @v sig CMS signature - * @ret sig CMS signature + * @v cms CMS message + * @ret cms CMS message */ -static inline __attribute__ (( always_inline )) struct cms_signature * -cms_get ( struct cms_signature *sig ) { - ref_get ( &sig->refcnt ); - return sig; +static inline __attribute__ (( always_inline )) struct cms_message * +cms_get ( struct cms_message *cms ) { + ref_get ( &cms->refcnt ); + return cms; } /** - * Drop reference to CMS signature + * Drop reference to CMS message * - * @v sig CMS signature + * @v cms CMS message */ static inline __attribute__ (( always_inline )) void -cms_put ( struct cms_signature *sig ) { - ref_put ( &sig->refcnt ); +cms_put ( struct cms_message *cms ) { + ref_put ( &cms->refcnt ); +} + +/** + * Check if CMS message is a signature message + * + * @v cms CMS message + * @ret is_signature Message is a signature message + */ +static inline __attribute__ (( always_inline )) int +cms_is_signature ( struct cms_message *cms ) { + + /* CMS signatures include an optional CertificateSet */ + return ( cms->certificates != NULL ); +} + +/** + * Check if CMS message is an encrypted message + * + * @v cms CMS message + * @ret is_encrypted Message is an encrypted message + */ +static inline __attribute__ (( always_inline )) int +cms_is_encrypted ( struct cms_message *cms ) { + + /* CMS encrypted messages have a cipher algorithm */ + return ( cms->cipher != NULL ); } -extern int cms_signature ( const void *data, size_t len, - struct cms_signature **sig ); -extern int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len, +extern int cms_message ( struct image *image, struct cms_message **cms ); +extern int cms_verify ( struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root ); +extern int cms_decrypt ( struct cms_message *cms, struct image *image, + const char *name, struct private_key *private_key ); #endif /* _IPXE_CMS_H */ diff --git a/src/include/ipxe/command.h b/src/include/ipxe/command.h index a208e7d8f..cbd5fb665 100644 --- a/src/include/ipxe/command.h +++ b/src/include/ipxe/command.h @@ -2,6 +2,7 @@ #define _IPXE_COMMAND_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> @@ -21,7 +22,12 @@ struct command { #define COMMANDS __table ( struct command, "commands" ) -#define __command __table_entry ( COMMANDS, 01 ) +#define __command( name ) __table_entry ( COMMANDS, _C2 ( 01., name ) ) + +#define COMMAND( name, exec ) \ + struct command name ## _command __command ( name ) = { \ + #name, exec \ + } extern char * concat_args ( char **args ); diff --git a/src/include/ipxe/console.h b/src/include/ipxe/console.h index ca8093a73..8c446827d 100644 --- a/src/include/ipxe/console.h +++ b/src/include/ipxe/console.h @@ -17,6 +17,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct pixel_buffer; diff --git a/src/include/ipxe/cpio.h b/src/include/ipxe/cpio.h index 9c5e22d5a..f1752ab0a 100644 --- a/src/include/ipxe/cpio.h +++ b/src/include/ipxe/cpio.h @@ -8,7 +8,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); +#include <stdint.h> #include <ipxe/image.h> /** A CPIO archive header @@ -50,12 +52,15 @@ struct cpio_header { /** CPIO magic */ #define CPIO_MAGIC "070701" +/** CPIO type for regular files */ +#define CPIO_MODE_FILE 0100000 + +/** CPIO type for directories */ +#define CPIO_MODE_DIR 0040000 + /** CPIO header length alignment */ #define CPIO_ALIGN 4 -/** Alignment for CPIO archives within an initrd */ -#define INITRD_ALIGN 4096 - /** * Get CPIO image name * @@ -67,8 +72,20 @@ cpio_name ( struct image *image ) { return image->cmdline; } -extern void cpio_set_field ( char *field, unsigned long value ); -extern size_t cpio_name_len ( struct image *image ); -extern size_t cpio_header ( struct image *image, struct cpio_header *cpio ); +/** + * Get CPIO header zero-padding length + * + * @v len Length of CPIO header (including name, excluding NUL) + * @ret pad_len Padding length + */ +static inline __attribute__ (( always_inline )) size_t +cpio_pad_len ( size_t len ) { + + /* Pad by at least one byte (for name's terminating NUL) */ + return ( CPIO_ALIGN - ( len % CPIO_ALIGN ) ); +} + +extern size_t cpio_header ( struct image *image, unsigned int index, + struct cpio_header *cpio ); #endif /* _IPXE_CPIO_H */ diff --git a/src/include/ipxe/crc32.h b/src/include/ipxe/crc32.h index 30d2fe66c..7fe7ec88e 100644 --- a/src/include/ipxe/crc32.h +++ b/src/include/ipxe/crc32.h @@ -2,6 +2,7 @@ #define _IPXE_CRC32_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/crypto.h b/src/include/ipxe/crypto.h index a6f437655..f458d7f30 100644 --- a/src/include/ipxe/crypto.h +++ b/src/include/ipxe/crypto.h @@ -8,10 +8,12 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stddef.h> #include <assert.h> +#include <ipxe/asn1.h> /** A message digest algorithm */ struct digest_algorithm { @@ -120,96 +122,97 @@ struct cipher_algorithm { struct pubkey_algorithm { /** Algorithm name */ const char *name; - /** Context size */ - size_t ctxsize; - /** Initialise algorithm - * - * @v ctx Context - * @v key Key - * @v key_len Length of key - * @ret rc Return status code - */ - int ( * init ) ( void *ctx, const void *key, size_t key_len ); - /** Calculate maximum output length - * - * @v ctx Context - * @ret max_len Maximum output length - */ - size_t ( * max_len ) ( void *ctx ); /** Encrypt * - * @v ctx Context + * @v key Key * @v plaintext Plaintext - * @v plaintext_len Length of plaintext * @v ciphertext Ciphertext - * @ret ciphertext_len Length of ciphertext, or negative error + * @ret rc Return status code */ - int ( * encrypt ) ( void *ctx, const void *data, size_t len, - void *out ); + int ( * encrypt ) ( const struct asn1_cursor *key, + const struct asn1_cursor *plaintext, + struct asn1_builder *ciphertext ); /** Decrypt * - * @v ctx Context + * @v key Key * @v ciphertext Ciphertext - * @v ciphertext_len Ciphertext length * @v plaintext Plaintext - * @ret plaintext_len Plaintext length, or negative error + * @ret rc Return status code */ - int ( * decrypt ) ( void *ctx, const void *data, size_t len, - void *out ); + int ( * decrypt ) ( const struct asn1_cursor *key, + const struct asn1_cursor *ciphertext, + struct asn1_builder *plaintext ); /** Sign digest value * - * @v ctx Context + * @v key Key * @v digest Digest algorithm * @v value Digest value * @v signature Signature - * @ret signature_len Signature length, or negative error + * @ret rc Return status code */ - int ( * sign ) ( void *ctx, struct digest_algorithm *digest, - const void *value, void *signature ); + int ( * sign ) ( const struct asn1_cursor *key, + struct digest_algorithm *digest, const void *value, + struct asn1_builder *builder ); /** Verify signed digest value * - * @v ctx Context + * @v key Key * @v digest Digest algorithm * @v value Digest value * @v signature Signature - * @v signature_len Signature length * @ret rc Return status code */ - int ( * verify ) ( void *ctx, struct digest_algorithm *digest, - const void *value, const void *signature, - size_t signature_len ); - /** Finalise algorithm - * - * @v ctx Context - */ - void ( * final ) ( void *ctx ); + int ( * verify ) ( const struct asn1_cursor *key, + struct digest_algorithm *digest, const void *value, + const struct asn1_cursor *signature ); /** Check that public key matches private key * * @v private_key Private key - * @v private_key_len Private key length * @v public_key Public key - * @v public_key_len Public key length * @ret rc Return status code */ - int ( * match ) ( const void *private_key, size_t private_key_len, - const void *public_key, size_t public_key_len ); + int ( * match ) ( const struct asn1_cursor *private_key, + const struct asn1_cursor *public_key ); }; /** An elliptic curve */ struct elliptic_curve { /** Curve name */ const char *name; - /** Key size */ + /** Point (and public key) size */ + size_t pointsize; + /** Scalar (and private key) size */ size_t keysize; + /** Generator base point */ + const void *base; + /** Order of the generator (if prime) */ + const void *order; + /** Check if this is the point at infinity + * + * @v point Curve point + * @ret is_infinity This is the point at infinity + * + * The point at infinity cannot be represented in affine + * coordinates. Each curve must choose a representation of + * the point at infinity (e.g. all zeroes). + */ + int ( * is_infinity ) ( const void *point ); /** Multiply scalar by curve point * - * @v base Base point (or NULL to use generator) + * @v base Base point * @v scalar Scalar multiple * @v result Result point to fill in * @ret rc Return status code */ int ( * multiply ) ( const void *base, const void *scalar, void *result ); + /** Add curve points (as a one-off operation) + * + * @v addend Curve point to add + * @v augend Curve point to add + * @v result Curve point to hold result + * @ret rc Return status code + */ + int ( * add ) ( const void *addend, const void *augend, void *result ); }; static inline __attribute__ (( always_inline )) void @@ -281,53 +284,43 @@ is_auth_cipher ( struct cipher_algorithm *cipher ) { } static inline __attribute__ (( always_inline )) int -pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx, - const void *key, size_t key_len ) { - return pubkey->init ( ctx, key, key_len ); -} - -static inline __attribute__ (( always_inline )) size_t -pubkey_max_len ( struct pubkey_algorithm *pubkey, void *ctx ) { - return pubkey->max_len ( ctx ); +pubkey_encrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, + const struct asn1_cursor *plaintext, + struct asn1_builder *ciphertext ) { + return pubkey->encrypt ( key, plaintext, ciphertext ); } static inline __attribute__ (( always_inline )) int -pubkey_encrypt ( struct pubkey_algorithm *pubkey, void *ctx, - const void *data, size_t len, void *out ) { - return pubkey->encrypt ( ctx, data, len, out ); +pubkey_decrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, + const struct asn1_cursor *ciphertext, + struct asn1_builder *plaintext ) { + return pubkey->decrypt ( key, ciphertext, plaintext ); } static inline __attribute__ (( always_inline )) int -pubkey_decrypt ( struct pubkey_algorithm *pubkey, void *ctx, - const void *data, size_t len, void *out ) { - return pubkey->decrypt ( ctx, data, len, out ); -} - -static inline __attribute__ (( always_inline )) int -pubkey_sign ( struct pubkey_algorithm *pubkey, void *ctx, +pubkey_sign ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, - void *signature ) { - return pubkey->sign ( ctx, digest, value, signature ); + struct asn1_builder *signature ) { + return pubkey->sign ( key, digest, value, signature ); } static inline __attribute__ (( always_inline )) int -pubkey_verify ( struct pubkey_algorithm *pubkey, void *ctx, +pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, - const void *signature, size_t signature_len ) { - return pubkey->verify ( ctx, digest, value, signature, signature_len ); + const struct asn1_cursor *signature ) { + return pubkey->verify ( key, digest, value, signature ); } -static inline __attribute__ (( always_inline )) void -pubkey_final ( struct pubkey_algorithm *pubkey, void *ctx ) { - pubkey->final ( ctx ); +static inline __attribute__ (( always_inline )) int +pubkey_match ( struct pubkey_algorithm *pubkey, + const struct asn1_cursor *private_key, + const struct asn1_cursor *public_key ) { + return pubkey->match ( private_key, public_key ); } static inline __attribute__ (( always_inline )) int -pubkey_match ( struct pubkey_algorithm *pubkey, - const void *private_key, size_t private_key_len, - const void *public_key, size_t public_key_len ) { - return pubkey->match ( private_key, private_key_len, public_key, - public_key_len ); +elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) { + return curve->is_infinity ( point ); } static inline __attribute__ (( always_inline )) int @@ -336,6 +329,12 @@ elliptic_multiply ( struct elliptic_curve *curve, return curve->multiply ( base, scalar, result ); } +static inline __attribute__ (( always_inline )) int +elliptic_add ( struct elliptic_curve *curve, const void *addend, + const void *augend, void *result ) { + return curve->add ( addend, augend, result ); +} + extern void digest_null_init ( void *ctx ); extern void digest_null_update ( void *ctx, const void *src, size_t len ); extern void digest_null_final ( void *ctx, void *out ); @@ -348,17 +347,20 @@ extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst, size_t len ); extern void cipher_null_auth ( void *ctx, void *auth ); -extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len ); -extern size_t pubkey_null_max_len ( void *ctx ); -extern int pubkey_null_encrypt ( void *ctx, const void *plaintext, - size_t plaintext_len, void *ciphertext ); -extern int pubkey_null_decrypt ( void *ctx, const void *ciphertext, - size_t ciphertext_len, void *plaintext ); -extern int pubkey_null_sign ( void *ctx, struct digest_algorithm *digest, - const void *value, void *signature ); -extern int pubkey_null_verify ( void *ctx, struct digest_algorithm *digest, - const void *value, const void *signature , - size_t signature_len ); +extern int pubkey_null_encrypt ( const struct asn1_cursor *key, + const struct asn1_cursor *plaintext, + struct asn1_builder *ciphertext ); +extern int pubkey_null_decrypt ( const struct asn1_cursor *key, + const struct asn1_cursor *ciphertext, + struct asn1_builder *plaintext ); +extern int pubkey_null_sign ( const struct asn1_cursor *key, + struct digest_algorithm *digest, + const void *value, + struct asn1_builder *signature ); +extern int pubkey_null_verify ( const struct asn1_cursor *key, + struct digest_algorithm *digest, + const void *value, + const struct asn1_cursor *signature ); extern struct digest_algorithm digest_null; extern struct cipher_algorithm cipher_null; diff --git a/src/include/ipxe/deflate.h b/src/include/ipxe/deflate.h index b751aa9a3..7e5ae01b9 100644 --- a/src/include/ipxe/deflate.h +++ b/src/include/ipxe/deflate.h @@ -8,10 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <string.h> -#include <ipxe/uaccess.h> /** Compression formats */ enum deflate_format { @@ -163,6 +163,11 @@ struct deflate { /** Format */ enum deflate_format format; + /** Current input data pointer */ + const uint8_t *in; + /** End of input data pointer */ + const uint8_t *end; + /** Accumulator */ uint32_t accumulator; /** Bit-reversed accumulator @@ -240,7 +245,7 @@ struct deflate { /** A chunk of data */ struct deflate_chunk { /** Data */ - userptr_t data; + void *data; /** Current offset */ size_t offset; /** Length of data */ @@ -256,7 +261,7 @@ struct deflate_chunk { * @v len Length */ static inline __attribute__ (( always_inline )) void -deflate_chunk_init ( struct deflate_chunk *chunk, userptr_t data, +deflate_chunk_init ( struct deflate_chunk *chunk, void *data, size_t offset, size_t len ) { chunk->data = data; @@ -277,7 +282,7 @@ static inline int deflate_finished ( struct deflate *deflate ) { extern void deflate_init ( struct deflate *deflate, enum deflate_format format ); extern int deflate_inflate ( struct deflate *deflate, - struct deflate_chunk *in, + const void *data, size_t len, struct deflate_chunk *out ); #endif /* _IPXE_DEFLATE_H */ diff --git a/src/include/ipxe/der.h b/src/include/ipxe/der.h index c63bd9751..17e96405e 100644 --- a/src/include/ipxe/der.h +++ b/src/include/ipxe/der.h @@ -8,9 +8,15 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); +#include <stdint.h> +#include <ipxe/asn1.h> #include <ipxe/image.h> +extern int der_asn1 ( const void *data, size_t len, size_t offset, + struct asn1_cursor **cursor ); + extern struct image_type der_image_type __image_type ( PROBE_NORMAL ); #endif /* _IPXE_DER_H */ diff --git a/src/include/ipxe/device.h b/src/include/ipxe/device.h index d4ba001b0..ca12d2c07 100644 --- a/src/include/ipxe/device.h +++ b/src/include/ipxe/device.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> #include <ipxe/tables.h> @@ -69,6 +70,9 @@ struct device_description { /** USB bus type */ #define BUS_TYPE_USB 10 +/** Devicetree bus type */ +#define BUS_TYPE_DT 11 + /** A hardware device */ struct device { /** Name */ diff --git a/src/include/ipxe/devtree.h b/src/include/ipxe/devtree.h new file mode 100644 index 000000000..2bf473a3b --- /dev/null +++ b/src/include/ipxe/devtree.h @@ -0,0 +1,97 @@ +#ifndef _IPXE_DEVTREE_H +#define _IPXE_DEVTREE_H + +/** @file + * + * Devicetree bus + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/device.h> +#include <ipxe/dma.h> +#include <ipxe/fdt.h> + +/** A devicetree device */ +struct dt_device { + /** Device name */ + const char *name; + /** Generic device */ + struct device dev; + /** DMA device */ + struct dma_device dma; + /** Driver for this device */ + struct dt_driver *driver; + /** Driver-private data */ + void *priv; +}; + +/** A devicetree driver */ +struct dt_driver { + /** Driver name */ + const char *name; + /** Compatible programming model identifiers */ + const char **ids; + /** Number of compatible programming model identifiers */ + unsigned int id_count; + /** + * Probe device + * + * @v dt Devicetree device + * @v offset Starting node offset + * @ret rc Return status code + */ + int ( * probe ) ( struct dt_device *dt, unsigned int offset ); + /** + * Remove device + * + * @v dt Devicetree device + */ + void ( * remove ) ( struct dt_device *dt ); +}; + +/** Devicetree driver table */ +#define DT_DRIVERS __table ( struct dt_driver, "dt_drivers" ) + +/** Declare a devicetree driver */ +#define __dt_driver __table_entry ( DT_DRIVERS, 01 ) + +/** + * Set devicetree driver-private data + * + * @v dt Devicetree device + * @v priv Private data + */ +static inline void dt_set_drvdata ( struct dt_device *dt, void *priv ) { + dt->priv = priv; +} + +/** + * Get devicetree driver-private data + * + * @v dt Devicetree device + * @ret priv Private data + */ +static inline void * dt_get_drvdata ( struct dt_device *dt ) { + return dt->priv; +} + +/** + * Get devicetree parent device + * + * @v dt Devicetree device + * @ret parent Parent devicetree device + */ +static inline struct dt_device * dt_parent ( struct dt_device *dt ) { + return container_of ( dt->dev.parent, struct dt_device, dev ); +} + +extern void * dt_ioremap ( struct dt_device *dt, unsigned int offset, + unsigned int index, size_t len ); +extern int dt_probe_node ( struct device *parent, unsigned int offset ); +extern void dt_remove_node ( struct device *parent ); +extern int dt_probe_children ( struct dt_device *parent, unsigned int offset ); +extern void dt_remove_children ( struct dt_device *parent ); + +#endif /* _IPXE_DEVTREE_H */ diff --git a/src/include/ipxe/dhcp.h b/src/include/ipxe/dhcp.h index 51349efd9..bdbe3b741 100644 --- a/src/include/ipxe/dhcp.h +++ b/src/include/ipxe/dhcp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stdarg.h> @@ -17,7 +18,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/tables.h> #include <ipxe/uuid.h> #include <ipxe/netdevice.h> -#include <ipxe/uaccess.h> struct interface; struct dhcp_options; @@ -345,6 +345,9 @@ struct dhcp_client_uuid { /** DNS domain search list */ #define DHCP_DOMAIN_SEARCH 119 +/** Classless static routes */ +#define DHCP_STATIC_ROUTES 121 + /** Etherboot-specific encapsulated options * * This encapsulated options field is used to contain all options diff --git a/src/include/ipxe/dhcparch.h b/src/include/ipxe/dhcparch.h index 89ecfb31e..ff611331c 100644 --- a/src/include/ipxe/dhcparch.h +++ b/src/include/ipxe/dhcparch.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* Include platform-specific client architecture definitions */ #define PLATFORM_DHCPARCH(_platform) <ipxe/_platform/dhcparch.h> diff --git a/src/include/ipxe/dhcpopts.h b/src/include/ipxe/dhcpopts.h index 707fda4a8..9fe7bb110 100644 --- a/src/include/ipxe/dhcpopts.h +++ b/src/include/ipxe/dhcpopts.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/dhcppkt.h b/src/include/ipxe/dhcppkt.h index 86075960a..7d0153107 100644 --- a/src/include/ipxe/dhcppkt.h +++ b/src/include/ipxe/dhcppkt.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/dhcp.h> #include <ipxe/dhcpopts.h> diff --git a/src/include/ipxe/dhcpv6.h b/src/include/ipxe/dhcpv6.h index 6e70f7e63..45b36724a 100644 --- a/src/include/ipxe/dhcpv6.h +++ b/src/include/ipxe/dhcpv6.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/in.h> @@ -276,6 +277,6 @@ static inline void ipv6_all_dhcp_relay_and_servers ( struct in6_addr *addr ) { } extern int start_dhcpv6 ( struct interface *job, struct net_device *netdev, - int stateful ); + struct in6_addr *router, int stateful ); #endif /* _IPXE_DHCPV6_H */ diff --git a/src/include/ipxe/dhe.h b/src/include/ipxe/dhe.h index 3cd24a880..f89e7bd02 100644 --- a/src/include/ipxe/dhe.h +++ b/src/include/ipxe/dhe.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/dma.h b/src/include/ipxe/dma.h index 385e4baf7..e6e7a4793 100644 --- a/src/include/ipxe/dma.h +++ b/src/include/ipxe/dma.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/api.h> @@ -68,14 +69,16 @@ struct dma_operations { * @ret rc Return status code */ int ( * map ) ( struct dma_device *dma, struct dma_mapping *map, - physaddr_t addr, size_t len, int flags ); + void *addr, size_t len, int flags ); /** * Unmap buffer * * @v dma DMA device * @v map DMA mapping + * @v len Used length */ - void ( * unmap ) ( struct dma_device *dma, struct dma_mapping *map ); + void ( * unmap ) ( struct dma_device *dma, struct dma_mapping *map, + size_t len ); /** * Allocate and map DMA-coherent buffer * @@ -106,9 +109,9 @@ struct dma_operations { * @v align Physical alignment * @ret addr Buffer address, or NULL on error */ - userptr_t ( * umalloc ) ( struct dma_device *dma, - struct dma_mapping *map, - size_t len, size_t align ); + void * ( * umalloc ) ( struct dma_device *dma, + struct dma_mapping *map, + size_t len, size_t align ); /** * Unmap and free DMA-coherent buffer from external (user) memory * @@ -118,7 +121,7 @@ struct dma_operations { * @v len Length of buffer */ void ( * ufree ) ( struct dma_device *dma, struct dma_mapping *map, - userptr_t addr, size_t len ); + void *addr, size_t len ); /** * Set addressable space mask * @@ -178,8 +181,7 @@ struct dma_operations { */ static inline __always_inline int DMAAPI_INLINE ( flat, dma_map ) ( struct dma_device *dma, - struct dma_mapping *map, - physaddr_t addr __unused, + struct dma_mapping *map, void *addr __unused, size_t len __unused, int flags __unused ) { /* Increment mapping count (for debugging) */ @@ -195,9 +197,11 @@ DMAAPI_INLINE ( flat, dma_map ) ( struct dma_device *dma, * Unmap buffer * * @v map DMA mapping + * @v len Used length */ static inline __always_inline void -DMAAPI_INLINE ( flat, dma_unmap ) ( struct dma_mapping *map ) { +DMAAPI_INLINE ( flat, dma_unmap ) ( struct dma_mapping *map, + size_t len __unused ) { /* Decrement mapping count (for debugging) */ if ( DBG_LOG ) { @@ -265,11 +269,11 @@ DMAAPI_INLINE ( flat, dma_free ) ( struct dma_mapping *map, * @v align Physical alignment * @ret addr Buffer address, or NULL on error */ -static inline __always_inline userptr_t +static inline __always_inline void * DMAAPI_INLINE ( flat, dma_umalloc ) ( struct dma_device *dma, struct dma_mapping *map, size_t len, size_t align __unused ) { - userptr_t addr; + void *addr; /* Allocate buffer */ addr = umalloc ( len ); @@ -292,7 +296,7 @@ DMAAPI_INLINE ( flat, dma_umalloc ) ( struct dma_device *dma, */ static inline __always_inline void DMAAPI_INLINE ( flat, dma_ufree ) ( struct dma_mapping *map, - userptr_t addr, size_t len __unused ) { + void *addr, size_t len __unused ) { /* Free buffer */ ufree ( addr ); @@ -319,34 +323,36 @@ DMAAPI_INLINE ( flat, dma_set_mask ) ( struct dma_device *dma __unused, } /** - * Get DMA address from physical address + * Get DMA address from virtual address * * @v map DMA mapping - * @v addr Physical address within the mapped region + * @v addr Address within the mapped region * @ret addr Device-side DMA address */ static inline __always_inline physaddr_t -DMAAPI_INLINE ( flat, dma_phys ) ( struct dma_mapping *map __unused, - physaddr_t addr ) { +DMAAPI_INLINE ( flat, dma ) ( struct dma_mapping *map __unused, void *addr ) { /* Use physical address as device address */ - return addr; + return virt_to_phys ( addr ); } /** - * Get DMA address from physical address + * Get DMA address from virtual address * * @v map DMA mapping - * @v addr Physical address within the mapped region + * @v addr Address within the mapped region * @ret addr Device-side DMA address */ static inline __always_inline physaddr_t -DMAAPI_INLINE ( op, dma_phys ) ( struct dma_mapping *map, physaddr_t addr ) { +DMAAPI_INLINE ( op, dma ) ( struct dma_mapping *map, void *addr ) { /* Adjust physical address using mapping offset */ - return ( addr + map->offset ); + return ( virt_to_phys ( addr ) + map->offset ); } +/* Include all architecture-dependent DMA API headers */ +#include <bits/dma.h> + /** * Map buffer for DMA * @@ -358,14 +364,15 @@ DMAAPI_INLINE ( op, dma_phys ) ( struct dma_mapping *map, physaddr_t addr ) { * @ret rc Return status code */ int dma_map ( struct dma_device *dma, struct dma_mapping *map, - physaddr_t addr, size_t len, int flags ); + void *addr, size_t len, int flags ); /** * Unmap buffer * * @v map DMA mapping + * @v len Used length */ -void dma_unmap ( struct dma_mapping *map ); +void dma_unmap ( struct dma_mapping *map, size_t len ); /** * Allocate and map DMA-coherent buffer @@ -397,8 +404,8 @@ void dma_free ( struct dma_mapping *map, void *addr, size_t len ); * @v align Physical alignment * @ret addr Buffer address, or NULL on error */ -userptr_t dma_umalloc ( struct dma_device *dma, struct dma_mapping *map, - size_t len, size_t align ); +void * dma_umalloc ( struct dma_device *dma, struct dma_mapping *map, + size_t len, size_t align ); /** * Unmap and free DMA-coherent buffer from external (user) memory @@ -407,7 +414,7 @@ userptr_t dma_umalloc ( struct dma_device *dma, struct dma_mapping *map, * @v addr Buffer address * @v len Length of buffer */ -void dma_ufree ( struct dma_mapping *map, userptr_t addr, size_t len ); +void dma_ufree ( struct dma_mapping *map, void *addr, size_t len ); /** * Set addressable space mask @@ -418,27 +425,13 @@ void dma_ufree ( struct dma_mapping *map, userptr_t addr, size_t len ); void dma_set_mask ( struct dma_device *dma, physaddr_t mask ); /** - * Get DMA address from physical address - * - * @v map DMA mapping - * @v addr Physical address within the mapped region - * @ret addr Device-side DMA address - */ -physaddr_t dma_phys ( struct dma_mapping *map, physaddr_t addr ); - -/** * Get DMA address from virtual address * * @v map DMA mapping - * @v addr Virtual address within the mapped region + * @v addr Address within the mapped region * @ret addr Device-side DMA address */ -static inline __always_inline physaddr_t dma ( struct dma_mapping *map, - void *addr ) { - - /* Get DMA address from corresponding physical address */ - return dma_phys ( map, virt_to_phys ( addr ) ); -} +physaddr_t dma ( struct dma_mapping *map, void *addr ); /** * Check if DMA unmapping is required diff --git a/src/include/ipxe/dns.h b/src/include/ipxe/dns.h index 738dea6e4..e7fc32c25 100644 --- a/src/include/ipxe/dns.h +++ b/src/include/ipxe/dns.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/in.h> diff --git a/src/include/ipxe/downloader.h b/src/include/ipxe/downloader.h index ccb1abfef..f87a8ea78 100644 --- a/src/include/ipxe/downloader.h +++ b/src/include/ipxe/downloader.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct interface; struct image; diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h index ed2b3757a..0512f0833 100644 --- a/src/include/ipxe/drbg.h +++ b/src/include/ipxe/drbg.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/sha256.h> diff --git a/src/include/ipxe/dummy_pio.h b/src/include/ipxe/dummy_pio.h index 1cdabba14..7c80cdf35 100644 --- a/src/include/ipxe/dummy_pio.h +++ b/src/include/ipxe/dummy_pio.h @@ -13,6 +13,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +#include <string.h> + #define DUMMY_INX( _prefix, _suffix, _type ) \ static inline __always_inline _type \ IOAPI_INLINE ( _prefix, in ## _suffix ) ( volatile _type *io_addr __unused) { \ @@ -37,6 +39,19 @@ IOAPI_INLINE ( _prefix, outs ## _suffix ) ( volatile _type *io_addr __unused, \ /* Do nothing */ \ } +#define DUMMY_IOREADX( _prefix, _width, _suffix, _type ) \ +static inline __always_inline _type \ +IOAPI_INLINE ( _prefix, ioread ## _width ) ( volatile _type *io_addr ) { \ + return IOAPI_INLINE ( _prefix, read ## _suffix ) ( io_addr ); \ +} + +#define DUMMY_IOWRITEX( _prefix, _width, _suffix, _type ) \ +static inline __always_inline void \ +IOAPI_INLINE ( _prefix, iowrite ## _width ) ( _type data, \ + volatile _type *io_addr ) { \ + IOAPI_INLINE ( _prefix, write ## _suffix ) ( data, io_addr ); \ +} + #define DUMMY_IODELAY( _prefix ) \ static inline __always_inline void \ IOAPI_INLINE ( _prefix, iodelay ) ( void ) { \ @@ -50,6 +65,12 @@ IOAPI_INLINE ( _prefix, iodelay ) ( void ) { \ DUMMY_OUTX ( _prefix, b, uint8_t ); \ DUMMY_OUTX ( _prefix, w, uint16_t ); \ DUMMY_OUTX ( _prefix, l, uint32_t ); \ + DUMMY_IOREADX ( _prefix, 8, b, uint8_t ); \ + DUMMY_IOREADX ( _prefix, 16, w, uint16_t ); \ + DUMMY_IOREADX ( _prefix, 32, l, uint32_t ); \ + DUMMY_IOWRITEX ( _prefix, 8, b, uint8_t ); \ + DUMMY_IOWRITEX ( _prefix, 16, w, uint16_t ); \ + DUMMY_IOWRITEX ( _prefix, 32, l, uint32_t ); \ DUMMY_IODELAY ( _prefix ); #define PROVIDE_DUMMY_PIO( _prefix ) \ @@ -59,6 +80,12 @@ IOAPI_INLINE ( _prefix, iodelay ) ( void ) { \ PROVIDE_IOAPI_INLINE ( _prefix, outb ); \ PROVIDE_IOAPI_INLINE ( _prefix, outw ); \ PROVIDE_IOAPI_INLINE ( _prefix, outl ); \ + PROVIDE_IOAPI_INLINE ( _prefix, ioread8 ); \ + PROVIDE_IOAPI_INLINE ( _prefix, ioread16 ); \ + PROVIDE_IOAPI_INLINE ( _prefix, ioread32 ); \ + PROVIDE_IOAPI_INLINE ( _prefix, iowrite8 ); \ + PROVIDE_IOAPI_INLINE ( _prefix, iowrite16 ); \ + PROVIDE_IOAPI_INLINE ( _prefix, iowrite32 ); \ PROVIDE_IOAPI_INLINE ( _prefix, iodelay ); #endif /* _IPXE_DUMMY_PIO_H */ diff --git a/src/include/ipxe/dummy_sanboot.h b/src/include/ipxe/dummy_sanboot.h index 9c9d942aa..991a2545a 100644 --- a/src/include/ipxe/dummy_sanboot.h +++ b/src/include/ipxe/dummy_sanboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SANBOOT_DUMMY #define SANBOOT_PREFIX_dummy diff --git a/src/include/ipxe/dynui.h b/src/include/ipxe/dynui.h new file mode 100644 index 000000000..02179ef18 --- /dev/null +++ b/src/include/ipxe/dynui.h @@ -0,0 +1,73 @@ +#ifndef _IPXE_DYNUI_H +#define _IPXE_DYNUI_H + +/** @file + * + * Dynamic user interfaces + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/list.h> + +/** A dynamic user interface */ +struct dynamic_ui { + /** List of dynamic user interfaces */ + struct list_head list; + /** Name */ + const char *name; + /** Title */ + const char *title; + /** Dynamic user interface items */ + struct list_head items; + /** Hidden user interface items, accessible only via hotkey */ + struct list_head hidden_items; + /** Number of user interface items */ + unsigned int count; +}; + +/** A dynamic user interface item */ +struct dynamic_item { + /** List of dynamic user interface items */ + struct list_head list; + /** Name */ + const char *name; + /** Text */ + const char *text; + /** Index */ + unsigned int index; + /** Flags */ + unsigned int flags; + /** Shortcut key */ + int shortcut; +}; + +/** Dynamic user interface item is default selection */ +#define DYNUI_DEFAULT 0x0001 + +/** Dynamic user interface item represents a secret */ +#define DYNUI_SECRET 0x0002 + +/** Dynamic user interface item should be invisible */ +#define DYNUI_HIDDEN 0x0004 + +extern struct dynamic_ui * create_dynui ( const char *name, const char *title ); +extern struct dynamic_item * add_dynui_item ( struct dynamic_ui *dynui, + const char *name, + const char *text, + unsigned int flags, + int shortcut ); +extern void destroy_dynui ( struct dynamic_ui *dynui ); +extern struct dynamic_ui * find_dynui ( const char *name ); +extern struct dynamic_item * dynui_item ( struct dynamic_ui *dynui, + unsigned int index ); +extern struct dynamic_item * dynui_shortcut ( struct dynamic_ui *dynui, + int key ); +extern int show_menu ( struct dynamic_ui *dynui, unsigned long timeout, + unsigned long retimeout, const char *select, + struct dynamic_item **selected ); +extern int show_form ( struct dynamic_ui *dynui ); + +#endif /* _IPXE_DYNUI_H */ diff --git a/src/include/ipxe/eap.h b/src/include/ipxe/eap.h index a44f01e0a..2b3770138 100644 --- a/src/include/ipxe/eap.h +++ b/src/include/ipxe/eap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/eapol.h b/src/include/ipxe/eapol.h index dcf392946..2d44750ec 100644 --- a/src/include/ipxe/eapol.h +++ b/src/include/ipxe/eapol.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/ecam.h b/src/include/ipxe/ecam.h index ff08aee5a..856a673c5 100644 --- a/src/include/ipxe/ecam.h +++ b/src/include/ipxe/ecam.h @@ -54,6 +54,4 @@ struct ecam_mapping { int rc; }; -extern struct pci_api ecam_api; - #endif /* _IPXE_ECAM_H */ diff --git a/src/include/ipxe/ecam_io.h b/src/include/ipxe/ecam_io.h index 4fb24db33..f31ccdc53 100644 --- a/src/include/ipxe/ecam_io.h +++ b/src/include/ipxe/ecam_io.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> @@ -136,4 +137,15 @@ PCIAPI_INLINE ( ecam, pci_ioremap ) ( struct pci_device *pci __unused, return ioremap ( bus_addr, len ); } +/** + * Check if PCI bus probing is allowed + * + * @v pci PCI device + * @ret ok Bus probing is allowed + */ +static inline __always_inline int +PCIAPI_INLINE ( ecam, pci_can_probe ) ( struct pci_device *pci __unused ) { + return 1; +} + #endif /* _IPXE_ECAM_IO_H */ diff --git a/src/include/ipxe/ecb.h b/src/include/ipxe/ecb.h index db22d996d..c29602fca 100644 --- a/src/include/ipxe/ecb.h +++ b/src/include/ipxe/ecb.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/crypto.h> diff --git a/src/include/ipxe/ecdhe.h b/src/include/ipxe/ecdhe.h new file mode 100644 index 000000000..c6575678c --- /dev/null +++ b/src/include/ipxe/ecdhe.h @@ -0,0 +1,18 @@ +#ifndef _IPXE_ECDHE_H +#define _IPXE_ECDHE_H + +/** @file + * + * Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) key exchange + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/crypto.h> + +extern int ecdhe_key ( struct elliptic_curve *curve, const void *partner, + const void *private, void *public, void *shared ); + +#endif /* _IPXE_ECDHE_H */ diff --git a/src/include/ipxe/ecdsa.h b/src/include/ipxe/ecdsa.h new file mode 100644 index 000000000..fdf8c6159 --- /dev/null +++ b/src/include/ipxe/ecdsa.h @@ -0,0 +1,20 @@ +#ifndef _IPXE_ECDSA_H +#define _IPXE_ECDSA_H + +/** @file + * + * Elliptic curve digital signature algorithm (ECDSA) + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/crypto.h> + +/** Uncompressed curve point */ +#define ECDSA_UNCOMPRESSED 0x04 + +extern struct pubkey_algorithm ecdsa_algorithm; + +#endif /* _IPXE_ECDSA_H */ diff --git a/src/include/ipxe/edd.h b/src/include/ipxe/edd.h index 1914fd0b0..9529da475 100644 --- a/src/include/ipxe/edd.h +++ b/src/include/ipxe/edd.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/interface.h> diff --git a/src/include/ipxe/editbox.h b/src/include/ipxe/editbox.h index 2c70e0b6b..85d5919c9 100644 --- a/src/include/ipxe/editbox.h +++ b/src/include/ipxe/editbox.h @@ -8,54 +8,43 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <curses.h> #include <ipxe/editstring.h> +#include <ipxe/widget.h> /** An editable text box widget */ struct edit_box { + /** Text widget */ + struct widget widget; /** Editable string */ struct edit_string string; - /** Containing window */ - WINDOW *win; - /** Row */ - unsigned int row; - /** Starting column */ - unsigned int col; - /** Width */ - unsigned int width; /** First displayed character */ unsigned int first; - /** Flags */ - unsigned int flags; }; -/** Editable text box widget flags */ -enum edit_box_flags { - /** Show stars instead of contents (for password widgets) */ - EDITBOX_STARS = 0x0001, -}; - -extern void init_editbox ( struct edit_box *box, char *buf, size_t len, - WINDOW *win, unsigned int row, unsigned int col, - unsigned int width, unsigned int flags ) - __attribute__ (( nonnull (1, 2) )); -extern void draw_editbox ( struct edit_box *box ) __nonnull; -static inline int edit_editbox ( struct edit_box *box, int key ) __nonnull; +extern struct widget_operations editbox_operations; /** - * Edit text box widget + * Initialise text box widget * * @v box Editable text box widget - * @v key Key pressed by user - * @ret key Key returned to application, or zero - * - * You must call draw_editbox() to update the display after calling - * edit_editbox(). - * + * @v row Row + * @v col Starting column + * @v width Width + * @v flags Flags + * @v buf Dynamically allocated string buffer */ -static inline int edit_editbox ( struct edit_box *box, int key ) { - return edit_string ( &box->string, key ); +static inline __attribute__ (( always_inline )) void +init_editbox ( struct edit_box *box, unsigned int row, unsigned int col, + unsigned int width, unsigned int flags, char **buf ) { + + init_widget ( &box->widget, &editbox_operations, row, col, + width, ( flags | WIDGET_EDITABLE ) ); + init_editstring ( &box->string, buf ); + if ( *buf ) + box->string.cursor = strlen ( *buf ); } #endif /* _IPXE_EDITBOX_H */ diff --git a/src/include/ipxe/editstring.h b/src/include/ipxe/editstring.h index a00a8adaa..48dc34f18 100644 --- a/src/include/ipxe/editstring.h +++ b/src/include/ipxe/editstring.h @@ -8,13 +8,12 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** An editable string */ struct edit_string { - /** Buffer for string */ - char *buf; - /** Size of buffer (including terminating NUL) */ - size_t len; + /** Dynamically allocated string buffer */ + char **buf; /** Cursor position */ unsigned int cursor; @@ -32,17 +31,28 @@ struct edit_string { * Initialise editable string * * @v string Editable string - * @v buf Buffer for string - * @v len Length of buffer + * @v buf Dynamically allocated string buffer + * + * The @c buf parameter must be the address of a caller-provided + * pointer to a NUL-terminated string allocated using malloc() (or + * equivalent, such as strdup()). Any edits made to the string will + * realloc() the string buffer as needed. + * + * The caller may choose leave the initial string buffer pointer as @c + * NULL, in which case it will be allocated upon the first attempt to + * insert a character into the buffer. If the caller does this, then + * it must be prepared to find the pointer still @c NULL after + * editing, since the user may never attempt to insert any characters. */ -static inline void init_editstring ( struct edit_string *string, char *buf, - size_t len ) { +static inline __nonnull void init_editstring ( struct edit_string *string, + char **buf ) { + string->buf = buf; - string->len = len; } -extern void replace_string ( struct edit_string *string, - const char *replacement ) __nonnull; -extern int edit_string ( struct edit_string *string, int key ) __nonnull; +extern __attribute__ (( nonnull ( 1 ) )) int +replace_string ( struct edit_string *string, const char *replacement ); + +extern __nonnull int edit_string ( struct edit_string *string, int key ); #endif /* _IPXE_EDITSTRING_H */ diff --git a/src/include/ipxe/efi/AArch64/ProcessorBind.h b/src/include/ipxe/efi/AArch64/ProcessorBind.h index 3a7f77465..a64646ab4 100644 --- a/src/include/ipxe/efi/AArch64/ProcessorBind.h +++ b/src/include/ipxe/efi/AArch64/ProcessorBind.h @@ -13,6 +13,7 @@ #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/Arm/ProcessorBind.h b/src/include/ipxe/efi/Arm/ProcessorBind.h index 6d558a2dd..4f90eff84 100644 --- a/src/include/ipxe/efi/Arm/ProcessorBind.h +++ b/src/include/ipxe/efi/Arm/ProcessorBind.h @@ -1,3 +1,7 @@ +#ifndef _IPXE_EFI_ARM_PROCESSORBIND_H +#define _IPXE_EFI_ARM_PROCESSORBIND_H + + /** @file Processor or Compiler specific defines and types for ARM. @@ -15,7 +19,11 @@ FILE_LICENCE ( BSD2_PATENT ); /// /// Define the processor type so other code can make processor based choices /// -#define MDE_CPU_ARM +/// Upstream EDK2 headers no longer accept MDE_CPU_ARM: define +/// MDE_CPU_EBC to prevent build errors. (The definition doesn't +/// actually affect anything used by iPXE.) +/// +#define MDE_CPU_EBC // // Make sure we are using the correct packing rules per EFI specification @@ -238,3 +246,5 @@ typedef INT32 INTN; #endif #endif + +#endif /* _IPXE_EFI_ARM_PROCESSORBIND_H */ diff --git a/src/include/ipxe/efi/Base.h b/src/include/ipxe/efi/Base.h index 46c31a3b1..0002309a3 100644 --- a/src/include/ipxe/efi/Base.h +++ b/src/include/ipxe/efi/Base.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __BASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Include processor specific binding @@ -61,7 +62,7 @@ FILE_LICENCE ( BSD2_PATENT ); /// up to the compiler to remove any code past that point. /// #define UNREACHABLE() __builtin_unreachable () - #elif defined (__has_feature) + #elif defined (__has_builtin) && defined (__has_feature) #if __has_builtin (__builtin_unreachable) /// /// Signal compilers and analyzers that this call is not reachable. It is @@ -580,7 +581,7 @@ struct _LIST_ENTRY { **/ #define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) -#if defined (_M_ARM) || defined (_M_ARM64) +#if defined (_M_ARM64) // // MSFT ARM variable argument list support. // @@ -802,12 +803,12 @@ typedef UINTN *BASE_LIST; @param Message Raised compiler diagnostic message when expression is false. **/ -#ifdef MDE_CPU_EBC -#define STATIC_ASSERT(Expression, Message) -#elif defined (_MSC_EXTENSIONS) || defined (__cplusplus) +#if defined (__cplusplus) #define STATIC_ASSERT static_assert -#else +#elif defined (__GNUC__) || defined (__clang__) #define STATIC_ASSERT _Static_assert +#elif defined (_MSC_EXTENSIONS) +#define STATIC_ASSERT static_assert #endif // @@ -890,7 +891,7 @@ STATIC_ASSERT (ALIGNOF (__VERIFY_INT32_ENUM_SIZE) == sizeof (__VERIFY_INT32_ENUM @return A pointer to the structure from one of it's elements. **/ -#define BASE_CR(Record, TYPE, Field) ((TYPE *) ((CHAR8 *) (Record) - OFFSET_OF (TYPE, Field))) +#define BASE_CR(Record, TYPE, Field) ((TYPE *) (VOID *) ((CHAR8 *) (Record) - OFFSET_OF (TYPE, Field))) /** Checks whether a value is a power of two. @@ -1060,7 +1061,7 @@ typedef UINTN RETURN_STATUS; @retval FALSE The high bit of StatusCode is clear. **/ -#define RETURN_ERROR(StatusCode) (((INTN)(RETURN_STATUS)(StatusCode)) < 0) +#define RETURN_ERROR(StatusCode) (((RETURN_STATUS)(StatusCode)) >= MAX_BIT) /// /// The operation completed successfully. diff --git a/src/include/ipxe/efi/Guid/Acpi.h b/src/include/ipxe/efi/Guid/Acpi.h index 09b399926..70beebe34 100644 --- a/src/include/ipxe/efi/Guid/Acpi.h +++ b/src/include/ipxe/efi/Guid/Acpi.h @@ -17,6 +17,7 @@ #define __ACPI_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define ACPI_TABLE_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/Fdt.h b/src/include/ipxe/efi/Guid/Fdt.h new file mode 100644 index 000000000..5e303ab34 --- /dev/null +++ b/src/include/ipxe/efi/Guid/Fdt.h @@ -0,0 +1,20 @@ +/** @file +* +* Copyright (c) 2013-2014, ARM Limited. All rights reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#ifndef __FDT_H__ +#define __FDT_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define FDT_TABLE_GUID \ + { 0xb1b621d5, 0xf19c, 0x41a5, { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } } + +extern EFI_GUID gFdtTableGuid; + +#endif /* __FDT_H__ */ diff --git a/src/include/ipxe/efi/Guid/FileInfo.h b/src/include/ipxe/efi/Guid/FileInfo.h index 62c5f4c0c..7baa4550f 100644 --- a/src/include/ipxe/efi/Guid/FileInfo.h +++ b/src/include/ipxe/efi/Guid/FileInfo.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __FILE_INFO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_FILE_INFO_ID \ { \ diff --git a/src/include/ipxe/efi/Guid/FileSystemInfo.h b/src/include/ipxe/efi/Guid/FileSystemInfo.h index aadebc046..7f6b9cfdc 100644 --- a/src/include/ipxe/efi/Guid/FileSystemInfo.h +++ b/src/include/ipxe/efi/Guid/FileSystemInfo.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __FILE_SYSTEM_INFO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_FILE_SYSTEM_INFO_ID \ { \ diff --git a/src/include/ipxe/efi/Guid/GlobalVariable.h b/src/include/ipxe/efi/Guid/GlobalVariable.h new file mode 100644 index 000000000..48fe5337e --- /dev/null +++ b/src/include/ipxe/efi/Guid/GlobalVariable.h @@ -0,0 +1,195 @@ +/** @file + GUID for EFI (NVRAM) Variables. + + Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUID defined in UEFI 2.1 +**/ + +#ifndef __GLOBAL_VARIABLE_GUID_H__ +#define __GLOBAL_VARIABLE_GUID_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_GLOBAL_VARIABLE \ + { \ + 0x8BE4DF61, 0x93CA, 0x11d2, {0xAA, 0x0D, 0x00, 0xE0, 0x98, 0x03, 0x2B, 0x8C } \ + } + +extern EFI_GUID gEfiGlobalVariableGuid; + +// +// Follow UEFI 2.4 spec: +// To prevent name collisions with possible future globally defined variables, +// other internal firmware data variables that are not defined here must be +// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or +// any other GUID defined by the UEFI Specification. Implementations must +// only permit the creation of variables with a UEFI Specification-defined +// VendorGuid when these variables are documented in the UEFI Specification. +// +// Note: except the globally defined variables defined below, the spec also defines +// L"Boot####" - A boot load option. +// L"Driver####" - A driver load option. +// L"SysPrep####" - A System Prep application load option. +// L"Key####" - Describes hot key relationship with a Boot#### load option. +// The attribute for them is NV+BS+RT, #### is a printed hex value, and no 0x or h +// is included in the hex value. They can not be expressed as a #define like other globally +// defined variables, it is because we can not list the Boot0000, Boot0001, etc one by one. +// + +/// +/// The language codes that the firmware supports. This value is deprecated. +/// Its attribute is BS+RT. +/// +#define EFI_LANG_CODES_VARIABLE_NAME L"LangCodes" +/// +/// The language code that the system is configured for. This value is deprecated. +/// Its attribute is NV+BS+RT. +/// +#define EFI_LANG_VARIABLE_NAME L"Lang" +/// +/// The firmware's boot managers timeout, in seconds, before initiating the default boot selection. +/// Its attribute is NV+BS+RT. +/// +#define EFI_TIME_OUT_VARIABLE_NAME L"Timeout" +/// +/// The language codes that the firmware supports. +/// Its attribute is BS+RT. +/// +#define EFI_PLATFORM_LANG_CODES_VARIABLE_NAME L"PlatformLangCodes" +/// +/// The language code that the system is configured for. +/// Its attribute is NV+BS+RT. +/// +#define EFI_PLATFORM_LANG_VARIABLE_NAME L"PlatformLang" +/// +/// The device path of the default input/output/error output console. +/// Its attribute is NV+BS+RT. +/// +#define EFI_CON_IN_VARIABLE_NAME L"ConIn" +#define EFI_CON_OUT_VARIABLE_NAME L"ConOut" +#define EFI_ERR_OUT_VARIABLE_NAME L"ErrOut" +/// +/// The device path of all possible input/output/error output devices. +/// Its attribute is BS+RT. +/// +#define EFI_CON_IN_DEV_VARIABLE_NAME L"ConInDev" +#define EFI_CON_OUT_DEV_VARIABLE_NAME L"ConOutDev" +#define EFI_ERR_OUT_DEV_VARIABLE_NAME L"ErrOutDev" +/// +/// The ordered boot option load list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_BOOT_ORDER_VARIABLE_NAME L"BootOrder" +/// +/// The boot option for the next boot only. +/// Its attribute is NV+BS+RT. +/// +#define EFI_BOOT_NEXT_VARIABLE_NAME L"BootNext" +/// +/// The boot option that was selected for the current boot. +/// Its attribute is BS+RT. +/// +#define EFI_BOOT_CURRENT_VARIABLE_NAME L"BootCurrent" +/// +/// The types of boot options supported by the boot manager. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME L"BootOptionSupport" +/// +/// The ordered driver load option list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_DRIVER_ORDER_VARIABLE_NAME L"DriverOrder" +/// +/// The ordered System Prep Application load option list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_SYS_PREP_ORDER_VARIABLE_NAME L"SysPrepOrder" +/// +/// Identifies the level of hardware error record persistence +/// support implemented by the platform. This variable is +/// only modified by firmware and is read-only to the OS. +/// Its attribute is NV+BS+RT. +/// +#define EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME L"HwErrRecSupport" +/// +/// Whether the system is operating in setup mode (1) or not (0). +/// All other values are reserved. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SETUP_MODE_NAME L"SetupMode" +/// +/// The Key Exchange Key Signature Database. +/// Its attribute is NV+BS+RT+AT. +/// +#define EFI_KEY_EXCHANGE_KEY_NAME L"KEK" +/// +/// The public Platform Key. +/// Its attribute is NV+BS+RT+AT. +/// +#define EFI_PLATFORM_KEY_NAME L"PK" +/// +/// Array of GUIDs representing the type of signatures supported +/// by the platform firmware. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport" +/// +/// Whether the platform firmware is operating in Secure boot mode (1) or not (0). +/// All other values are reserved. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SECURE_BOOT_MODE_NAME L"SecureBoot" +/// +/// The OEM's default Key Exchange Key Signature Database. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_KEK_DEFAULT_VARIABLE_NAME L"KEKDefault" +/// +/// The OEM's default public Platform Key. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_PK_DEFAULT_VARIABLE_NAME L"PKDefault" +/// +/// The OEM's default secure boot signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DB_DEFAULT_VARIABLE_NAME L"dbDefault" +/// +/// The OEM's default secure boot blacklist signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DBX_DEFAULT_VARIABLE_NAME L"dbxDefault" +/// +/// The OEM's default secure boot timestamp signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DBT_DEFAULT_VARIABLE_NAME L"dbtDefault" +/// +/// Allows the firmware to indicate supported features and actions to the OS. +/// Its attribute is BS+RT. +/// +#define EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME L"OsIndicationsSupported" +/// +/// Allows the OS to request the firmware to enable certain features and to take certain actions. +/// Its attribute is NV+BS+RT. +/// +#define EFI_OS_INDICATIONS_VARIABLE_NAME L"OsIndications" +/// +/// Whether the system is configured to use only vendor provided +/// keys or not. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_VENDOR_KEYS_VARIABLE_NAME L"VendorKeys" + +/// +/// Whether the platform firmware is operating in device authentication boot mode (1) or not (0). +/// The content is UINT8. +/// +#define EFI_DEVICE_AUTH_BOOT_MODE_NAME L"devAuthBoot" + +#endif diff --git a/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h b/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h index 2636a1e4a..a3fb84732 100644 --- a/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h +++ b/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h @@ -12,6 +12,7 @@ #define __EFI_HII_FORMMAP_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_STANDARD_FORM_GUID \ { 0x3bd2f4ec, 0xe524, 0x46e4, { 0xa9, 0xd8, 0x51, 0x1, 0x17, 0x42, 0x55, 0x62 } } diff --git a/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h b/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h index e9a0e026c..647360242 100644 --- a/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h +++ b/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_PLATFORM_SETUP_FORMSET_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_PLATFORM_SETUP_FORMSET_GUID \ { 0x93039971, 0x8545, 0x4b04, { 0xb4, 0x5e, 0x32, 0xeb, 0x83, 0x26, 0x4, 0xe } } diff --git a/src/include/ipxe/efi/Guid/ImageAuthentication.h b/src/include/ipxe/efi/Guid/ImageAuthentication.h new file mode 100644 index 000000000..6b82eb5d0 --- /dev/null +++ b/src/include/ipxe/efi/Guid/ImageAuthentication.h @@ -0,0 +1,388 @@ +/** @file + Image signature database are defined for the signed image validation. + + Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUIDs defined in UEFI 2.5 spec. +**/ + +#ifndef __IMAGE_AUTHTICATION_H__ +#define __IMAGE_AUTHTICATION_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Guid/GlobalVariable.h> +#include <ipxe/efi/Protocol/Hash.h> + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { \ + 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ + } + +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the authorized signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE L"db" +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the forbidden signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" +/// +/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the timestamp signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 + +#define SETUP_MODE 1 +#define USER_MODE 0 + +#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 +#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 + +// *********************************************************************** +// Signature Database +// *********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + EFI_GUID SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + UINT8 SignatureData[1]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + EFI_GUID SignatureType; + /// + /// Total size of the signature list, including this header. + /// + UINT32 SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + UINT32 SignatureHeaderSize; + /// + /// Size of each signature. + /// + UINT32 SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + +typedef struct { + /// + /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA256_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA256; + +typedef struct { + /// + /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA384_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA384; + +typedef struct { + /// + /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA512_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA512; + +typedef UINT8 EFI_SM3_HASH[32]; + +typedef struct { + /// + /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SM3_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SM3; + +#pragma pack() + +/// +/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 32 bytes. +/// +#define EFI_CERT_SHA256_GUID \ + { \ + 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ + } + +/// +/// This identifies a signature containing an RSA-2048 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_GUID \ + { \ + 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ + } + +/// +/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA256_GUID \ + { \ + 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ + } + +/// +/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 20 bytes. +/// +#define EFI_CERT_SHA1_GUID \ + { \ + 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ + } + +/// +/// This identifies a signature containing a SM3 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 32 bytes. +/// +#define EFI_CERT_SM3_GUID \ + { \ + 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ + } + +/// +/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA1_GUID \ + { \ + 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ + } + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// +#define EFI_CERT_X509_GUID \ + { \ + 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ + } + +/// +/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed +/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The +/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for +/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should +/// be considered to be revoked from that time and onwards, and otherwise the certificate shall +/// be considered to always be revoked. +/// +#define EFI_CERT_X509_SM3_GUID \ + { \ + 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ + } + +/// +/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 28 bytes. +/// +#define EFI_CERT_SHA224_GUID \ + { \ + 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ + } + +/// +/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 48 bytes. +/// +#define EFI_CERT_SHA384_GUID \ + { \ + 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ + } + +/// +/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 64 bytes. +/// +#define EFI_CERT_SHA512_GUID \ + { \ + 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ + } + +/// +/// This identifies a signature containing the SHA256 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA256_GUID \ + { \ + 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ + } + +/// +/// This identifies a signature containing the SHA384 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA384_GUID \ + { \ + 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ + } + +/// +/// This identifies a signature containing the SHA512 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA512_GUID \ + { \ + 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ + } + +/// +/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] +/// SignedData value. +/// +#define EFI_CERT_TYPE_PKCS7_GUID \ + { \ + 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ + } + +// *********************************************************************** +// Image Execution Information Table Definition +// *********************************************************************** +typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; + +#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 +#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 +#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 +#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 + +// +// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table +// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. +// +typedef struct { + /// + /// Describes the action taken by the firmware regarding this image. + /// + EFI_IMAGE_EXECUTION_ACTION Action; + /// + /// Size of all of the entire structure. + /// + UINT32 InfoSize; + /// + /// If this image was a UEFI device driver (for option ROM, for example) this is the + /// null-terminated, user-friendly name for the device. If the image was for an application, + /// then this is the name of the application. If this cannot be determined, then a simple + /// NULL character should be put in this position. + /// CHAR16 Name[]; + /// + + /// + /// For device drivers, this is the device path of the device for which this device driver + /// was intended. In some cases, the driver itself may be stored as part of the system + /// firmware, but this field should record the device's path, not the firmware path. For + /// applications, this is the device path of the application. If this cannot be determined, + /// a simple end-of-path device node should be put in this position. + /// EFI_DEVICE_PATH_PROTOCOL DevicePath; + /// + + /// + /// Zero or more image signatures. If the image contained no signatures, + /// then this field is empty. + /// EFI_SIGNATURE_LIST Signature; + /// +} EFI_IMAGE_EXECUTION_INFO; + +typedef struct { + /// + /// Number of EFI_IMAGE_EXECUTION_INFO structures. + /// + UINTN NumberOfImages; + /// + /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. + /// + // EFI_IMAGE_EXECUTION_INFO InformationInfo[] +} EFI_IMAGE_EXECUTION_INFO_TABLE; + +extern EFI_GUID gEfiImageSecurityDatabaseGuid; +extern EFI_GUID gEfiCertSha256Guid; +extern EFI_GUID gEfiCertRsa2048Guid; +extern EFI_GUID gEfiCertRsa2048Sha256Guid; +extern EFI_GUID gEfiCertSha1Guid; +extern EFI_GUID gEfiCertRsa2048Sha1Guid; +extern EFI_GUID gEfiCertX509Guid; +extern EFI_GUID gEfiCertSha224Guid; +extern EFI_GUID gEfiCertSha384Guid; +extern EFI_GUID gEfiCertSha512Guid; +extern EFI_GUID gEfiCertX509Sha256Guid; +extern EFI_GUID gEfiCertX509Sha384Guid; +extern EFI_GUID gEfiCertX509Sha512Guid; +extern EFI_GUID gEfiCertPkcs7Guid; +extern EFI_GUID gEfiCertSm3Guid; +extern EFI_GUID gEfiCertX509Sm3Guid; + +#endif diff --git a/src/include/ipxe/efi/Guid/MdeModuleHii.h b/src/include/ipxe/efi/Guid/MdeModuleHii.h index 102025ac8..1634b8c62 100644 --- a/src/include/ipxe/efi/Guid/MdeModuleHii.h +++ b/src/include/ipxe/efi/Guid/MdeModuleHii.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __MDEMODULE_HII_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define NARROW_CHAR 0xFFF0 #define WIDE_CHAR 0xFFF1 diff --git a/src/include/ipxe/efi/Guid/MicrosoftVendor.h b/src/include/ipxe/efi/Guid/MicrosoftVendor.h new file mode 100644 index 000000000..ded1b9019 --- /dev/null +++ b/src/include/ipxe/efi/Guid/MicrosoftVendor.h @@ -0,0 +1,58 @@ +/** @file + Declare the GUID that is expected: + + - as EFI_SIGNATURE_DATA.SignatureOwner GUID in association with X509 and + RSA2048 Secure Boot certificates issued by/for Microsoft, + + - as UEFI variable vendor GUID in association with (unspecified) + Microsoft-owned variables. + + Copyright (C) 2014-2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + - MSDN: System.Fundamentals.Firmware at + <https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>. +**/ + +#ifndef MICROSOFT_VENDOR_H_ +#define MICROSOFT_VENDOR_H_ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Uefi/UefiBaseType.h> + +// +// The following test cases of the Secure Boot Logo Test in the Microsoft +// Hardware Certification Kit: +// +// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent +// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB +// +// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be +// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the +// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509 +// certificates: +// +// - "Microsoft Corporation KEK CA 2011" (in KEK) +// - "Microsoft Windows Production PCA 2011" (in db) +// - "Microsoft Corporation UEFI CA 2011" (in db) +// +// This is despite the fact that the UEFI specification requires +// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS, +// application or driver) that enrolled and therefore owns +// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued +// EFI_SIGNATURE_DATA.SignatureData. +// +#define MICROSOFT_VENDOR_GUID \ + { 0x77fa9abd, \ + 0x0359, \ + 0x4d32, \ + { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, \ + } + +extern EFI_GUID gMicrosoftVendorGuid; + +#endif /* MICROSOFT_VENDOR_H_ */ diff --git a/src/include/ipxe/efi/Guid/PcAnsi.h b/src/include/ipxe/efi/Guid/PcAnsi.h index 82835a2e3..73b740afd 100644 --- a/src/include/ipxe/efi/Guid/PcAnsi.h +++ b/src/include/ipxe/efi/Guid/PcAnsi.h @@ -13,6 +13,7 @@ #define __PC_ANSI_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_PC_ANSI_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/Rng.h b/src/include/ipxe/efi/Guid/Rng.h new file mode 100644 index 000000000..448b3a69b --- /dev/null +++ b/src/include/ipxe/efi/Guid/Rng.h @@ -0,0 +1,158 @@ +/** @file + Random Number Generator (RNG) GUIDs and structures shared across RNG interfaces. + + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef RNG_GUID_H_ +#define RNG_GUID_H_ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +typedef struct _EFI_RNG_INTERFACE EFI_RNG_INTERFACE; + +/// +/// A selection of EFI_RNG_PROTOCOL algorithms. +/// The algorithms listed are optional, not meant to be exhaustive and be argmented by +/// vendors or other industry standards. +/// +typedef EFI_GUID EFI_RNG_ALGORITHM; + +/// +/// The algorithms corresponds to SP800-90 as defined in +/// NIST SP 800-90, "Recommendation for Random Number Generation Using Deterministic Random +/// Bit Generators", March 2007. +/// +#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ + { \ + 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 } \ + } +#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ + { \ + 0xc5149b43, 0xae85, 0x4f53, {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7 } \ + } +#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ + { \ + 0x44f0de6e, 0x4d8c, 0x4045, {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e } \ + } + +/// +/// The algorithms correspond to X9.31 as defined in +/// NIST, "Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using +/// the 3-Key Triple DES and AES Algorithm", January 2005. +/// +#define EFI_RNG_ALGORITHM_X9_31_3DES_GUID \ + { \ + 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 } \ + } +#define EFI_RNG_ALGORITHM_X9_31_AES_GUID \ + { \ + 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 } \ + } + +/// +/// The "raw" algorithm, when supported, is intended to provide entropy directly from +/// the source, without it going through some deterministic random bit generator. +/// +#define EFI_RNG_ALGORITHM_RAW \ + { \ + 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ + } + +/// +/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant +/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be +/// inclusive of different geographies. +/// +#define EFI_RNG_ALGORITHM_ARM_RNDR \ + { \ + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ + } + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to this interface instance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_UNSUPPORTED The services is not supported by this driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a + hardware or firmware error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_RNG_GET_INFO)( + IN EFI_RNG_INTERFACE *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ); + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to this interface instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_RNG_GET_RNG)( + IN EFI_RNG_INTERFACE *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ); + +/// +/// The Random Number Generator (RNG) interface provides random bits for use in +/// applications, or entropy for seeding other random number generators. +/// +/// This interface is shared between the RNG Protocol defined in the UEFI 2.4 Specification +/// and the RNG PPI defined in the PI 1.9 Specification. +/// +struct _EFI_RNG_INTERFACE { + EFI_RNG_GET_INFO GetInfo; + EFI_RNG_GET_RNG GetRNG; +}; + +extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid; +extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid; +extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; +extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; +extern EFI_GUID gEfiRngAlgorithmX931AesGuid; +extern EFI_GUID gEfiRngAlgorithmRaw; +extern EFI_GUID gEfiRngAlgorithmArmRndr; + +#endif // #ifndef RNG_GUID_H_ diff --git a/src/include/ipxe/efi/Guid/SmBios.h b/src/include/ipxe/efi/Guid/SmBios.h index 0a47a0525..45149bc6f 100644 --- a/src/include/ipxe/efi/Guid/SmBios.h +++ b/src/include/ipxe/efi/Guid/SmBios.h @@ -17,6 +17,7 @@ #define __SMBIOS_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define SMBIOS_TABLE_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/TlsAuthentication.h b/src/include/ipxe/efi/Guid/TlsAuthentication.h new file mode 100644 index 000000000..806fba92c --- /dev/null +++ b/src/include/ipxe/efi/Guid/TlsAuthentication.h @@ -0,0 +1,26 @@ +/** @file + This file defines TlsCaCertificate variable. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TLS_AUTHENTICATION_H__ +#define __TLS_AUTHENTICATION_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +// Private variable for CA Certificate configuration +// +#define EFI_TLS_CA_CERTIFICATE_GUID \ + { \ + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ + } + +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" + +extern EFI_GUID gEfiTlsCaCertificateGuid; + +#endif diff --git a/src/include/ipxe/efi/Guid/WinCertificate.h b/src/include/ipxe/efi/Guid/WinCertificate.h index 1c706d3a4..efa6c3d9b 100644 --- a/src/include/ipxe/efi/Guid/WinCertificate.h +++ b/src/include/ipxe/efi/Guid/WinCertificate.h @@ -12,6 +12,7 @@ #define __EFI_WIN_CERTIFICATE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // _WIN_CERTIFICATE.wCertificateType diff --git a/src/include/ipxe/efi/Ia32/ProcessorBind.h b/src/include/ipxe/efi/Ia32/ProcessorBind.h index b922597fb..4272ed254 100644 --- a/src/include/ipxe/efi/Ia32/ProcessorBind.h +++ b/src/include/ipxe/efi/Ia32/ProcessorBind.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices. diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi10.h b/src/include/ipxe/efi/IndustryStandard/Acpi10.h index e9a561c22..0dc281b55 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi10.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi10.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _ACPI_1_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/AcpiAml.h> diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi20.h b/src/include/ipxe/efi/IndustryStandard/Acpi20.h index ad28120b2..131d760da 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi20.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi20.h @@ -9,6 +9,7 @@ #define _ACPI_2_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi10.h> diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi30.h b/src/include/ipxe/efi/IndustryStandard/Acpi30.h index ff82bf203..d5c1a82b3 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi30.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi30.h @@ -2,6 +2,7 @@ ACPI 3.0 definitions from the ACPI Specification Revision 3.0b October 10, 2006 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -9,9 +10,20 @@ #define _ACPI_3_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi20.h> +/// +/// _CSD Revision for ACPI 3.0 +/// +#define EFI_ACPI_3_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 3.0 +/// +#define EFI_ACPI_3_0_AML_CSD_NUM_ENTRIES 6 + // // Define for Descriptor // diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi40.h b/src/include/ipxe/efi/IndustryStandard/Acpi40.h index 97b817039..f668ce04b 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi40.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi40.h @@ -2,6 +2,7 @@ ACPI 4.0 definitions from the ACPI Specification Revision 4.0a April 5, 2010 Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -9,10 +10,21 @@ #define _ACPI_4_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi30.h> /// +/// _CSD Revision for ACPI 4.0 +/// +#define EFI_ACPI_4_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 4.0 +/// +#define EFI_ACPI_4_0_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 4.0 /// #define EFI_ACPI_4_0_AML_PSD_REVISION 0 diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi50.h b/src/include/ipxe/efi/IndustryStandard/Acpi50.h index 2addcb008..1621411b1 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi50.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi50.h @@ -4,6 +4,7 @@ Copyright (c) 2014 Hewlett-Packard Development Company, L.P.<BR> Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved.<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,9 +12,20 @@ #define _ACPI_5_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi40.h> +/// +/// _CSD Revision for ACPI 5.0 +/// +#define EFI_ACPI_5_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 5.0 +/// +#define EFI_ACPI_5_0_AML_CSD_NUM_ENTRIES 6 + // // Define for Descriptor // @@ -123,6 +135,40 @@ typedef PACKED struct { UINT16 DeviceSelection; } EFI_ACPI_SERIAL_BUS_RESOURCE_SPI_DESCRIPTOR; +/// Revision ID of serial bus uart descriptor +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_REVISION_ID 0x1 + +/// Type specific flags +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_LITTLE_ENDIAN 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_BIG_ENDIAN 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_5_BITS_PER_BYTE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_6_BITS_PER_BYTE 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_7_BITS_PER_BYTE 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_8_BITS_PER_BYTE 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_9_BITS_PER_BYTE 0x4 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1_5 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_2 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_HW 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_XON_XOFF 0x2 + +/// Parity definitions +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_EVEN 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_ODD 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_MARK 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_SPACE 0x4 + +/// Serial lines in use bits +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RTS BIT7 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_CTS BIT6 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTR BIT5 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DSR BIT4 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RI BIT3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTD BIT2 + /// /// Serial Bus Resource Descriptor (UART) /// diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi51.h b/src/include/ipxe/efi/IndustryStandard/Acpi51.h index a2079ecc5..ec48c5b25 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi51.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi51.h @@ -5,6 +5,7 @@ Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved.<BR> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -12,10 +13,21 @@ #define _ACPI_5_1_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi50.h> /// +/// _CSD Revision for ACPI 5.1 +/// +#define EFI_ACPI_5_1_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 5.1 +/// +#define EFI_ACPI_5_1_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 5.1 /// #define EFI_ACPI_5_1_AML_PSD_REVISION 0 @@ -1762,6 +1774,7 @@ typedef struct { #define EFI_ACPI_5_1_EINJ_EXECUTE_OPERATION 0x05 #define EFI_ACPI_5_1_EINJ_CHECK_BUSY_STATUS 0x06 #define EFI_ACPI_5_1_EINJ_GET_COMMAND_STATUS 0x07 +#define EFI_ACPI_5_1_EINJ_SET_ERROR_TYPE_WITH_ADDRESS 0x08 #define EFI_ACPI_5_1_EINJ_TRIGGER_ERROR 0xFF /// @@ -1825,6 +1838,25 @@ typedef struct { } EFI_ACPI_5_1_EINJ_TRIGGER_ACTION_TABLE; /// +/// Windows ACPI Emulated devices Table +/// +typedef struct { + EFI_ACPI_DESCRIPTION_HEADER Header; + /// + /// Container of a bitmask of Windows behavior that this system requires + /// Bit 0 - RTC good + /// Bit 1 - ACPI PM timer good + /// + UINT32 EmulatedDeviceFlags; +} EFI_ACPI_5_1_WAET_TABLE; + +/// +/// WAET Flags. All other bits are reserved and must be 0. +/// +#define EFI_ACPI_5_1_WAET_FLAGS_RTC_GOOD BIT0 +#define EFI_ACPI_5_1_WAET_FLAGS_ACPI_PM_TIMER_GOOD BIT1 + +/// /// Platform Communications Channel Table (PCCT) /// typedef struct { diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi60.h b/src/include/ipxe/efi/IndustryStandard/Acpi60.h index c8d99214c..251e27e49 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi60.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi60.h @@ -4,6 +4,7 @@ Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR> (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,10 +12,21 @@ #define _ACPI_6_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi51.h> /// +/// _CSD Revision for ACPI 6.0 +/// +#define EFI_ACPI_6_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 6.0 +/// +#define EFI_ACPI_6_0_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 6.0 /// #define EFI_ACPI_6_0_AML_PSD_REVISION 0 @@ -1949,6 +1961,7 @@ typedef struct { #define EFI_ACPI_6_0_EINJ_EXECUTE_OPERATION 0x05 #define EFI_ACPI_6_0_EINJ_CHECK_BUSY_STATUS 0x06 #define EFI_ACPI_6_0_EINJ_GET_COMMAND_STATUS 0x07 +#define EFI_ACPI_6_0_EINJ_SET_ERROR_TYPE_WITH_ADDRESS 0x08 #define EFI_ACPI_6_0_EINJ_TRIGGER_ERROR 0xFF /// diff --git a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h index d7a83f7fa..4ea320cd0 100644 --- a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h +++ b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h @@ -11,6 +11,7 @@ #define _ACPI_AML_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // ACPI AML definition diff --git a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h index 97b6526b3..b2547ca0b 100644 --- a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h +++ b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h @@ -11,6 +11,7 @@ #define _BLUETOOTH_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) diff --git a/src/include/ipxe/efi/IndustryStandard/Pci22.h b/src/include/ipxe/efi/IndustryStandard/Pci22.h index 161333d88..477761c32 100644 --- a/src/include/ipxe/efi/IndustryStandard/Pci22.h +++ b/src/include/ipxe/efi/IndustryStandard/Pci22.h @@ -17,6 +17,7 @@ #define _PCI22_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define PCI_MAX_BUS 255 #define PCI_MAX_DEVICE 31 diff --git a/src/include/ipxe/efi/IndustryStandard/PeImage.h b/src/include/ipxe/efi/IndustryStandard/PeImage.h index c1f1a09cb..f99deb051 100644 --- a/src/include/ipxe/efi/IndustryStandard/PeImage.h +++ b/src/include/ipxe/efi/IndustryStandard/PeImage.h @@ -20,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PE_IMAGE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // PE32+ Subsystem type for EFI images @@ -27,7 +28,6 @@ FILE_LICENCE ( BSD2_PATENT ); #define EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION 10 #define EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 #define EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 -#define EFI_IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER 13///< defined PI Specification, 1.0 // // PE32+ Machine type for EFI images diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm12.h b/src/include/ipxe/efi/IndustryStandard/Tpm12.h index 6bebcb7bd..02fda8564 100644 --- a/src/include/ipxe/efi/IndustryStandard/Tpm12.h +++ b/src/include/ipxe/efi/IndustryStandard/Tpm12.h @@ -10,6 +10,7 @@ #define _TPM12_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The start of TPM return codes @@ -746,8 +747,8 @@ typedef struct tdTPM_PERMANENT_FLAGS { BOOLEAN TPMpost; BOOLEAN TPMpostLock; BOOLEAN FIPS; - BOOLEAN operator; - BOOLEAN enableRevokeEK; + BOOLEAN operator_; + BOOLEAN enableRevokeEK; BOOLEAN nvLocked; BOOLEAN readSRKPub; BOOLEAN tpmEstablished; diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm20.h b/src/include/ipxe/efi/IndustryStandard/Tpm20.h index b314d6e91..c70e0a121 100644 --- a/src/include/ipxe/efi/IndustryStandard/Tpm20.h +++ b/src/include/ipxe/efi/IndustryStandard/Tpm20.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _TPM20_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Tpm12.h> @@ -205,15 +206,16 @@ typedef UINT16 TPM_ALG_ID; // Table 8 - TPM_ECC_CURVE Constants typedef UINT16 TPM_ECC_CURVE; -#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) -#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) -#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) -#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) -#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) -#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) -#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) -#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) -#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) +#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) +#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) +#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) +#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) +#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) +#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) +#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) +#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) +#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) +#define TPM_ECC_BP_P512_R1 (TPM_ECC_CURVE)(0x0032) // Table 11 - TPM_CC Constants (Numeric Order) typedef UINT32 TPM_CC; @@ -1249,7 +1251,7 @@ typedef union { TPMI_AES_KEY_BITS aes; TPMI_SM4_KEY_BITS SM4; TPM_KEY_BITS sym; - TPMI_ALG_HASH xor; + TPMI_ALG_HASH xor_; } TPMU_SYM_KEY_BITS; // Table 123 - TPMU_SYM_MODE Union @@ -1322,7 +1324,7 @@ typedef struct { // Table 136 - TPMU_SCHEME_KEYEDHASH Union typedef union { TPMS_SCHEME_HMAC hmac; - TPMS_SCHEME_XOR xor; + TPMS_SCHEME_XOR xor_; } TPMU_SCHEME_KEYEDHASH; // Table 137 - TPMT_KEYEDHASH_SCHEME Structure diff --git a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h index a89986712..98bf7b689 100644 --- a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h +++ b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h @@ -1,8 +1,8 @@ /** @file TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and - TCG PC Client Platform Firmware Profile Specification, Revision 1.05 + TCG PC Client Platform Firmware Profile Specification, Revision 1.06 - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,6 +11,7 @@ #define __UEFI_TCG_PLATFORM_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Tpm12.h> #include <ipxe/efi/IndustryStandard/Tpm20.h> @@ -55,6 +56,18 @@ FILE_LICENCE ( BSD2_PATENT ); #define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) #define EV_EFI_SPDM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 0xE1) #define EV_EFI_SPDM_FIRMWARE_CONFIG (EV_EFI_EVENT_BASE + 0xE2) +#define EV_EFI_SPDM_DEVICE_BLOB EV_EFI_SPDM_FIRMWARE_BLOB +#define EV_EFI_SPDM_DEVICE_CONFIG EV_EFI_SPDM_FIRMWARE_CONFIG +// +// The SPDM policy database for SPDM verification. +// It goes to PCR7 +// +#define EV_EFI_SPDM_DEVICE_POLICY (EV_EFI_EVENT_BASE + 0xE3) +// +// The SPDM policy authority for SPDM verification for the signature +// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7. +// +#define EV_EFI_SPDM_DEVICE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE4) #define EFI_CALLING_EFI_APPLICATION \ "Calling EFI Application from Boot Option" @@ -376,6 +389,7 @@ typedef struct { #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105 105 +#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 106 typedef struct { UINT8 signature[16]; @@ -440,6 +454,7 @@ typedef struct tdTCG_PCClientTaggedEvent { #define TCG_Sp800_155_PlatformId_Event_SIGNATURE "SP800-155 Event" #define TCG_Sp800_155_PlatformId_Event2_SIGNATURE "SP800-155 Event2" +#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE "SP800-155 Event3" typedef struct tdTCG_Sp800_155_PlatformId_Event2 { UINT8 Signature[16]; @@ -461,14 +476,57 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 { // UINT8 PlatformModel[PlatformModelSize]; // UINT8 PlatformVersionSize; // UINT8 PlatformVersion[PlatformVersionSize]; + // UINT8 FirmwareManufacturerStrSize; + // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize]; + // UINT32 FirmwareManufacturerId; + // UINT8 FirmwareVersion; + // UINT8 FirmwareVersion[FirmwareVersionSize]; +} TCG_Sp800_155_PlatformId_Event2; + +typedef struct tdTCG_Sp800_155_PlatformId_Event3 { + UINT8 Signature[16]; + // + // Where Vendor ID is an integer defined + // at http://www.iana.org/assignments/enterprisenumbers + // + UINT32 VendorId; + // + // 16-byte identifier of a given platform's static configuration of code + // + EFI_GUID ReferenceManifestGuid; + // UINT8 PlatformManufacturerStrSize; + // UINT8 PlatformManufacturerStr[PlatformManufacturerStrSize]; // UINT8 PlatformModelSize; // UINT8 PlatformModel[PlatformModelSize]; + // UINT8 PlatformVersionSize; + // UINT8 PlatformVersion[PlatformVersionSize]; // UINT8 FirmwareManufacturerStrSize; // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize]; // UINT32 FirmwareManufacturerId; // UINT8 FirmwareVersion; - // UINT8 FirmwareVersion[FirmwareVersionSize]]; -} TCG_Sp800_155_PlatformId_Event2; + // UINT8 FirmwareVersion[FirmwareVersionSize]; + // + // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3 + // + // UINT32 RimLocatorType; + // UINT32 RimLocatorLength; + // UINT8 RimLocator[RimLocatorLength]; + // UINT32 PlatformCertLocatorType; + // UINT32 PlatformCertLocatorLength; + // UINT8 PlatformCertLocator[PlatformCertLocatorLength]; +} TCG_Sp800_155_PlatformId_Event3; + +/** + * TCG specifies a locator type with the following values + * 0 - Raw data in the locator itself. + * 1 - URI in rtf2396 format. + * 2 - local device path in EFI_DEVICE_PATH_PROTOCOL format. + * 3 - UEFI variable (16 byte EFI_GUID, then 00-terminated UCS2 string) +**/ +#define TCG_LOCATOR_TYPE_RAW_DATA 0 +#define TCG_LOCATOR_TYPE_URI 1 +#define TCG_LOCATOR_TYPE_DEVICE_PATH 2 +#define TCG_LOCATOR_TYPE_UEFI_VARIABLE 3 #define TCG_EfiStartupLocalityEvent_SIGNATURE "StartupLocality" @@ -494,4 +552,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent { // #pragma pack () +// +// ====================================================================================================================== +// Event Type PCR Event Log Usage +// ====================================================================================================================== +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_CONFIG 3 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device + +// EV_EFI_SPDM_DEVICE_POLICY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST Provisioned device public cert. +// EV_EFI_SPDM_DEVICE_AUTHORITY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA CHALLENGE_AUTH signature verification +// ====================================================================================================================== +// + +#define PCR_INDEX_FOR_SIGNATURE_DB 7 + +#pragma pack(1) + +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2 "SPDM Device Sec2" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 AuthState; + UINT8 Reserved; + UINT32 Length; // Length in bytes for all following structures. + UINT32 DeviceType; + UINT32 SubHeaderType; + UINT32 SubHeaderLength; // Length in bytes of the sub header followed by. + UINT64 SubHeaderUID; // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together. + // UINT64 DevicePathLength; + // UINT8 DevicePath[DevicePathLength]; +} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2; + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG 3 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID 4 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM 0xFF + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN 1 + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmMeasurementBlockCount; + UINT8 Reserved; + UINT32 SpdmMeasurementHashAlgo; + // SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK; + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmSlotId; + UINT8 Reserved; + UINT32 SpdmHashAlgo; + // SPDM_CERT_CHAIN SpdmCertChain; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN; + +typedef struct { + UINT32 Type; + UINT32 Length; + UINT8 Value[1]; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT Pci; + TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT Usb; +} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT; + +typedef struct { + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext; +} TCG_DEVICE_SECURITY_EVENT_DATA2; + +#pragma pack() + +// +// EventType:EV_NO_ACTION +// ====================================================================================================================== +// NVIndex Name PCR/NvIndex Event Log Usage +// ====================================================================================================================== +// NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 NV_INDEX_INSTANCE_EVENT_LOG_STRUCT NV Extend Record for instance data (CertChain) +// NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT NV Extend Record for dynamic data (Nonce) + +// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ExitPmAuth +// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ReadyToBoot +// ====================================================================================================================== +// + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 + +#pragma pack(1) + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE "NvIndexInstance" +#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION 1 + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + // TCG_DEVICE_SECURITY_EVENT_DATA2 Data; +} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT; + +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE "NvIndexDynamic " +#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION 1 + +#define TCG_SPDM_CHALLENGE_DESCRIPTION "SPDM CHALLENGE" +#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION "SPDM CHALLENGE_AUTH" +#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION "SPDM GET_MEASUREMENTS" +#define TCG_SPDM_MEASUREMENTS_DESCRIPTION "SPDM MEASUREMENTS" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + UINT64 Uid; + // UINT16 DescriptionSize; + // UINT8 Description[DescriptionSize]; + // UINT16 DataSize; + // UINT8 Data[DataSize]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS; + +#pragma pack() + #endif diff --git a/src/include/ipxe/efi/IndustryStandard/Usb.h b/src/include/ipxe/efi/IndustryStandard/Usb.h index 8c7fe834f..a2b6c1ab9 100644 --- a/src/include/ipxe/efi/IndustryStandard/Usb.h +++ b/src/include/ipxe/efi/IndustryStandard/Usb.h @@ -2,6 +2,8 @@ Support for USB 2.0 standard. Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2024, American Megatrends International LLC. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -10,6 +12,7 @@ #define __USB_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Subset of Class and Subclass definitions from USB Specs @@ -134,6 +137,21 @@ typedef struct { } USB_CONFIG_DESCRIPTOR; /// +/// Standard Interface Association Descriptor +/// USB 3.0 spec, Section 9.6.4 +/// +typedef struct { + UINT8 Length; + UINT8 DescriptorType; + UINT8 FirstInterface; + UINT8 InterfaceCount; + UINT8 FunctionClass; + UINT8 FunctionSubclass; + UINT8 FunctionProtocol; + UINT8 FunctionDescriptionStringIndex; +} USB_INTERFACE_ASSOCIATION_DESCRIPTOR; + +/// /// Standard Interface Descriptor /// USB 2.0 spec, Section 9.6.5 /// @@ -209,13 +227,16 @@ typedef enum { // // USB Descriptor types // - USB_DESC_TYPE_DEVICE = 0x01, - USB_DESC_TYPE_CONFIG = 0x02, - USB_DESC_TYPE_STRING = 0x03, - USB_DESC_TYPE_INTERFACE = 0x04, - USB_DESC_TYPE_ENDPOINT = 0x05, - USB_DESC_TYPE_HID = 0x21, - USB_DESC_TYPE_REPORT = 0x22, + USB_DESC_TYPE_DEVICE = 0x01, + USB_DESC_TYPE_CONFIG = 0x02, + USB_DESC_TYPE_STRING = 0x03, + USB_DESC_TYPE_INTERFACE = 0x04, + USB_DESC_TYPE_ENDPOINT = 0x05, + USB_DESC_TYPE_INTERFACE_ASSOCIATION = 0x0b, + USB_DESC_TYPE_HID = 0x21, + USB_DESC_TYPE_REPORT = 0x22, + USB_DESC_TYPE_CS_INTERFACE = 0x24, + USB_DESC_TYPE_CS_ENDPOINT = 0x25, // // Features to be cleared by CLEAR_FEATURE requests diff --git a/src/include/ipxe/efi/Library/BaseLib.h b/src/include/ipxe/efi/Library/BaseLib.h index 16ea35cd2..30e2c76b1 100644 --- a/src/include/ipxe/efi/Library/BaseLib.h +++ b/src/include/ipxe/efi/Library/BaseLib.h @@ -7,6 +7,7 @@ Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> Copyright (c) Microsoft Corporation.<BR> Portions Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR> Portions Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR> +Copyright (c) 2023 - 2024, Arm Limited. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @@ -16,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __BASE_LIB__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Definitions for architecture-specific types @@ -78,26 +80,6 @@ typedef struct { #endif // defined (MDE_CPU_EBC) -#if defined (MDE_CPU_ARM) - -typedef struct { - UINT32 R3; ///< A copy of R13. - UINT32 R4; - UINT32 R5; - UINT32 R6; - UINT32 R7; - UINT32 R8; - UINT32 R9; - UINT32 R10; - UINT32 R11; - UINT32 R12; - UINT32 R14; -} BASE_LIBRARY_JUMP_BUFFER; - -#define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4 - -#endif // defined (MDE_CPU_ARM) - #if defined (MDE_CPU_AARCH64) typedef struct { // GP regs @@ -128,6 +110,92 @@ typedef struct { #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8 +/** + Reads the current value of CNTPCT_EL0 register. + + Reads and returns the current value of CNTPCT_EL0. + This function is only available on AARCH64. + + @return The current value of CNTPCT_EL0 +**/ +UINT64 +EFIAPI +ArmReadCntPctReg ( + VOID + ); + +// +// Bit shifts for the ID_AA64ISAR0_EL1 register. +// +#define ARM_ID_AA64ISAR0_EL1_AES_SHIFT (4U) +#define ARM_ID_AA64ISAR0_EL1_SHA1_SHIFT (8U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_SHIFT (12U) +#define ARM_ID_AA64ISAR0_EL1_CRC32_SHIFT (16U) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_SHIFT (20U) +#define ARM_ID_AA64ISAR0_EL1_RDM_SHIFT (28U) +#define ARM_ID_AA64ISAR0_EL1_SHA3_SHIFT (32U) +#define ARM_ID_AA64ISAR0_EL1_SM3_SHIFT (36U) +#define ARM_ID_AA64ISAR0_EL1_SM4_SHIFT (40U) +#define ARM_ID_AA64ISAR0_EL1_DP_SHIFT (44U) +#define ARM_ID_AA64ISAR0_EL1_FHM_SHIFT (48U) +#define ARM_ID_AA64ISAR0_EL1_TS_SHIFT (52U) +#define ARM_ID_AA64ISAR0_EL1_TLB_SHIFT (56U) +#define ARM_ID_AA64ISAR0_EL1_RNDR_SHIFT (60U) + +// +// Bit masks for the ID_AA64ISAR0_EL1 fields. +// +#define ARM_ID_AA64ISAR0_EL1_AES_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA1_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA2_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_CRC32_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_RDM_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA3_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SM3_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SM4_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_DP_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_FHM_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_TS_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_TLB_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_RNDR_MASK (0xFU) + +// +// Bit masks for the ID_AA64ISAR0_EL1 field values. +// +#define ARM_ID_AA64ISAR0_EL1_AES_FEAT_AES_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_AES_FEAT_PMULL_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_SHA1_FEAT_SHA1_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_FEAT_SHA256_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_FEAT_SHA512_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_CRC32_HAVE_CRC32_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_FEAT_LSE_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_RDM_FEAT_RDM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA3_FEAT_SHA3_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SM3_FEAT_SM3_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SM4_FEAT_SM4_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_DP_FEAT_DOTPROD_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_FHM_FEAT_FHM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TS_FEAT_FLAGM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TS_FEAT_FLAGM2_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_TLB_FEAT_TLBIOS_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TLB_FEAT_TLBIRANGE_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_RNDR_FEAT_RNG_MASK (0x1U) + +/** + Reads the current value of ID_AA64ISAR0_EL1 register. + + Reads and returns the current value of ID_AA64ISAR0_EL1. + This function is only available on AARCH64. + + @return The current value of ID_AA64ISAR0_EL1 +**/ +UINT64 +EFIAPI +ArmReadIdAA64Isar0Reg ( + VOID + ); + #endif // defined (MDE_CPU_AARCH64) #if defined (MDE_CPU_RISCV64) @@ -2902,7 +2970,7 @@ InitializeListHead ( If ListHead is NULL, then ASSERT(). If Entry is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and prior to insertion the number of nodes in ListHead, including the ListHead node, is greater than or @@ -2931,7 +2999,7 @@ InsertHeadList ( If ListHead is NULL, then ASSERT(). If Entry is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and prior to insertion the number of nodes in ListHead, including the ListHead node, is greater than or @@ -2955,11 +3023,11 @@ InsertTailList ( Retrieves the first node of a doubly linked list. Returns the first node of a doubly linked list. List must have been - initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -2981,12 +3049,12 @@ GetFirstNode ( Retrieves the next node of a doubly linked list. Returns the node of a doubly linked list that follows Node. - List must have been initialized with INTIALIZE_LIST_HEAD_VARIABLE() + List must have been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and List contains more than PcdMaximumLinkedListLength nodes, then ASSERT(). @@ -3009,12 +3077,12 @@ GetNextNode ( Retrieves the previous node of a doubly linked list. Returns the node of a doubly linked list that precedes Node. - List must have been initialized with INTIALIZE_LIST_HEAD_VARIABLE() + List must have been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and List contains more than PcdMaximumLinkedListLength nodes, then ASSERT(). @@ -3040,7 +3108,7 @@ GetPreviousNode ( zero nodes, this function returns TRUE. Otherwise, it returns FALSE. If ListHead is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3065,11 +3133,11 @@ IsListEmpty ( Returns TRUE if Node is equal to List. Returns FALSE if Node is one of the nodes in the doubly linked list specified by List. List must have been - initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3096,11 +3164,11 @@ IsNull ( Returns TRUE if Node is the last node in the doubly linked list specified by List. Otherwise, FALSE is returned. List must have been initialized with - INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3129,7 +3197,7 @@ IsNodeAtEnd ( Otherwise, the location of the FirstEntry node is swapped with the location of the SecondEntry node in a doubly linked list. SecondEntry must be in the same double linked list as FirstEntry and that double linked list must have - been initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). SecondEntry is returned after the nodes are swapped. If FirstEntry is NULL, then ASSERT(). @@ -3774,7 +3842,7 @@ DivS64x64Remainder ( UINT16 EFIAPI ReadUnaligned16 ( - IN CONST UINT16 *Buffer + IN CONST VOID *Buffer ); /** @@ -3795,7 +3863,7 @@ ReadUnaligned16 ( UINT16 EFIAPI WriteUnaligned16 ( - OUT UINT16 *Buffer, + OUT VOID *Buffer, IN UINT16 Value ); @@ -3815,7 +3883,7 @@ WriteUnaligned16 ( UINT32 EFIAPI ReadUnaligned24 ( - IN CONST UINT32 *Buffer + IN CONST VOID *Buffer ); /** @@ -3836,7 +3904,7 @@ ReadUnaligned24 ( UINT32 EFIAPI WriteUnaligned24 ( - OUT UINT32 *Buffer, + OUT VOID *Buffer, IN UINT32 Value ); @@ -3856,7 +3924,7 @@ WriteUnaligned24 ( UINT32 EFIAPI ReadUnaligned32 ( - IN CONST UINT32 *Buffer + IN CONST VOID *Buffer ); /** @@ -3877,7 +3945,7 @@ ReadUnaligned32 ( UINT32 EFIAPI WriteUnaligned32 ( - OUT UINT32 *Buffer, + OUT VOID *Buffer, IN UINT32 Value ); @@ -3897,7 +3965,7 @@ WriteUnaligned32 ( UINT64 EFIAPI ReadUnaligned64 ( - IN CONST UINT64 *Buffer + IN CONST VOID *Buffer ); /** @@ -3918,7 +3986,7 @@ ReadUnaligned64 ( UINT64 EFIAPI WriteUnaligned64 ( - OUT UINT64 *Buffer, + OUT VOID *Buffer, IN UINT64 Value ); @@ -4630,6 +4698,101 @@ BitFieldCountOnes64 ( IN UINTN EndBit ); +/******************************************************************************* + + UUID (Universally Unique IDentifier), as defined in RFC4122 + (https://datatracker.ietf.org/doc/html/rfc4122#section-4.1), is a 128-bit number + used to uniquely identify information in computer systems. + + UUIDs contains 5 fields: + - time_low: 32 bits + - time_mid: 16 bits + - time_hi_and_version: 16 bits + - clock_seq_hi_and_reserved: 8 bits + - clock_seq_low: 8 bits + - node: 8 bits * 6 + + Each field encoded with the Most Significant Byte first (known as network byte + order, or big-endian). + + GUID (Globally Unique Identifier), on the other hand, is a 128-bit number used + in UEFI environments, which is similar to UUID but has a different byte order + in memory. See https://uefi.org/specs/UEFI/2.11/Apx_A_GUID_and_Time_Formats.html + + GUID also contains 5 fields: + - TimeLow: 32 bits + - TimeMid: 16 bits + - TimeHiAndVersion: 16 bits + - ClockSeqHighAndReserved: 16 bits + - ClockSeqLow: 8 bits + - Node: 8 bits * 6 + + TimeLow, TimeMid, TimeHighAndVersion fields in the EFI are encoded with the Least + Significant Byte first (also known as little-endian). + + Example: + Consider the same string representation/registry format for MM communication v2: + "378daedc-f06b-4446-8314-40ab933c87a3" + + In UUID format, it is represented as: + - Data fields: + - time_low: 0x37 0x8d 0xae 0xdc (0x378daedc in big-endian) + - time_mid: 0xf0 0x6b (0xf06b in big-endian) + - time_hi_and_version: 0x44 0x46 (0x4446 in big-endian) + - clock_seq_hi_and_reserved: 0x83 + - clock_seq_low: 0x14 + - node: 0x00, 0xab, 0x93, 0x3c, 0x87, 0xa3 + - Byte representation in memory: + - 37 8d ae dc f0 6b 44 46 83 14 40 ab 93 3c 87 a3 + + However, in GUID format, it is represented as: + - Data fields: + - TimeLow: 0xdc 0xae 0x8d 0x37 (0x378daedc in little-endian) + - TimeMid: 0x6b 0xf0 (0xf06b in little-endian) + - TimeHiAndVersion: 0x46 0x44 (0x4446 in little-endian) + - ClockSeqHighAndReserved: 0x83 + - ClockSeqLow: 0x14 + - Node: 0x00, 0xab, 0x93, 0x3c, 0x87, 0xa3 + - Byte representation in memory: + - dc ae 8d 37 6b f0 46 44 83 14 40 ab 93 3c 87 a3 + +*******************************************************************************/ + +/** + This function converts a GUID in UEFI format to a UUID in RFC4122 format. + + The conversion is done by swapping the byte order of the TimeLow, TimeMid, and + TimeHiAndVersion fields, while keeping the ClockSeq and Node fields unchanged. + + @param [in] FromGuid GUID in format to be converted to UUID RFC4122 format. + @param [out] ToUuid Pointer to a GUID structure that will hold the converted + UUID in RFC4122 format. +**/ +VOID +EFIAPI +ConvertGuidToUuid ( + IN GUID *FromGuid, + OUT GUID *ToUuid + ); + +/** + This function converts a UUID in RFC4122 format to a GUID in UEFI format. + + The conversion is done by swapping the byte order of the time_low, time_mid, and + time_hi_and_version fields, while keeping the ClockSeq and Node fields unchanged. + This function is symmetric to ConvertGuidToUuid. + + @param [in] FromUuid UUID in RFC4122 format to be converted to GUID in UEFI format. + @param [out] ToGuid Pointer to a GUID structure that will hold the converted + GUID in UEFI format. +**/ +VOID +EFIAPI +ConvertUuidToGuid ( + IN GUID *FromUuid, + OUT GUID *ToGuid + ); + // // Base Library Checksum Functions // @@ -4902,6 +5065,23 @@ CalculateCrc32c ( IN UINT32 InitialValue ); +/** + Calculates the CRC16-CCITT-FALSE checksum of the given buffer. + + @param[in] Buffer Pointer to the buffer. + @param[in] Length Length of the buffer, in bytes. + @param[in] InitialValue Initial value of the CRC. + + @return The CRC16-CCITT-FALSE checksum. +**/ +UINT16 +EFIAPI +CalculateCrc16CcittF ( + IN CONST VOID *Buffer, + IN UINTN Length, + IN UINT16 InitialValue + ); + // // Base Library CPU Functions // @@ -5157,8 +5337,6 @@ SpeculationBarrier ( VOID ); -#if defined (MDE_CPU_X64) || defined (MDE_CPU_IA32) - /** The TDCALL instruction causes a VM exit to the Intel TDX module. It is used to call guest-side Intel TDX functions, either local or a TD exit @@ -5221,7 +5399,17 @@ TdIsEnabled ( VOID ); -#endif +/** + Probe if running as some kind of SEV guest. + + @return FALSE Not running as a guest under any kind of SEV + @return TRUE Running as a guest under any kind of SEV +**/ +BOOLEAN +EFIAPI +SevGuestIsEnabled ( + VOID + ); #if defined (MDE_CPU_X64) // @@ -7878,6 +8066,45 @@ AsmVmgExit ( VOID ); +/// +/// The structure used to supply and return data to and from the SVSM. +/// +typedef struct { + VOID *Caa; + UINT64 RaxIn; + UINT64 RcxIn; + UINT64 RdxIn; + UINT64 R8In; + UINT64 R9In; + UINT64 RaxOut; + UINT64 RcxOut; + UINT64 RdxOut; + UINT64 R8Out; + UINT64 R9Out; + UINT8 *CallPending; +} SVSM_CALL_DATA; + +/** + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments + and return code + + Executes a VMGEXIT instruction placing the specified arguments in the + corresponding registers before invocation. Upon return an XCHG is done to + atomically clear and retrieve the SVSM call pending value. The returned RAX + register value becomes the function return code. This function is intended + for use with an SVSM. This function is only available on IA-32 and x64. + + @param[in,out] SvsmCallPending Pointer to the location of the SVSM call data + + @return Value of the RAX register on return + +**/ +UINT32 +EFIAPI +AsmVmgExitSvsm ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ); + /** Patch the immediate operand of an IA32 or X64 instruction such that the byte, word, dword or qword operand is encoded at the end of the instruction's diff --git a/src/include/ipxe/efi/LoongArch64/ProcessorBind.h b/src/include/ipxe/efi/LoongArch64/ProcessorBind.h index 42d8b7942..ba7c52ce7 100644 --- a/src/include/ipxe/efi/LoongArch64/ProcessorBind.h +++ b/src/include/ipxe/efi/LoongArch64/ProcessorBind.h @@ -11,6 +11,7 @@ #define PROCESSOR_BIND_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/Pi/PiBootMode.h b/src/include/ipxe/efi/Pi/PiBootMode.h index 1d8a8a9af..9451c8cbe 100644 --- a/src/include/ipxe/efi/Pi/PiBootMode.h +++ b/src/include/ipxe/efi/Pi/PiBootMode.h @@ -13,6 +13,7 @@ #define __PI_BOOT_MODE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// EFI boot mode diff --git a/src/include/ipxe/efi/Pi/PiDependency.h b/src/include/ipxe/efi/Pi/PiDependency.h index bfe30c430..8c9ffc40b 100644 --- a/src/include/ipxe/efi/Pi/PiDependency.h +++ b/src/include/ipxe/efi/Pi/PiDependency.h @@ -13,6 +13,7 @@ #define __PI_DEPENDENCY_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// If present, this must be the first and only opcode, diff --git a/src/include/ipxe/efi/Pi/PiDxeCis.h b/src/include/ipxe/efi/Pi/PiDxeCis.h index 9b9254936..b501b053f 100644 --- a/src/include/ipxe/efi/Pi/PiDxeCis.h +++ b/src/include/ipxe/efi/Pi/PiDxeCis.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - PI Version 1.7 + PI Version 1.8.A **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_DXECIS_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiMultiPhase.h> #include <ipxe/efi/Pi/PiMultiPhase.h> @@ -58,14 +59,11 @@ typedef enum { /// system. If all memory has the same reliability, then this bit is not used. /// EfiGcdMemoryTypeMoreReliable, - // /// - // /// A memory region that describes system memory that has not been accepted - // /// by a corresponding call to the underlying isolation architecture. - // /// - // /// Please be noted: - // /// EfiGcdMemoryTypeUnaccepted is defined in PrePiDxeCis.h because it has not been - // /// defined in PI spec. - // EfiGcdMemoryTypeUnaccepted, + /// + /// A memory region that describes system memory that has not been accepted + /// by a corresponding call to the underlying isolation architecture. + /// + EfiGcdMemoryTypeUnaccepted, EfiGcdMemoryTypeMaximum = 7 } EFI_GCD_MEMORY_TYPE; @@ -696,8 +694,8 @@ EFI_STATUS // DXE Services Table // #define DXE_SERVICES_SIGNATURE 0x565245535f455844ULL -#define DXE_SPECIFICATION_MAJOR_REVISION 1 -#define DXE_SPECIFICATION_MINOR_REVISION 70 +#define DXE_SPECIFICATION_MAJOR_REVISION PI_SPECIFICATION_MAJOR_REVISION +#define DXE_SPECIFICATION_MINOR_REVISION PI_SPECIFICATION_MINOR_REVISION #define DXE_SERVICES_REVISION ((DXE_SPECIFICATION_MAJOR_REVISION<<16) | (DXE_SPECIFICATION_MINOR_REVISION)) typedef struct { diff --git a/src/include/ipxe/efi/Pi/PiFirmwareFile.h b/src/include/ipxe/efi/Pi/PiFirmwareFile.h index daf66f8a2..f81070bb0 100644 --- a/src/include/ipxe/efi/Pi/PiFirmwareFile.h +++ b/src/include/ipxe/efi/Pi/PiFirmwareFile.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_FIRMWARE_FILE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) /// diff --git a/src/include/ipxe/efi/Pi/PiFirmwareVolume.h b/src/include/ipxe/efi/Pi/PiFirmwareVolume.h index f46134fee..c67f70dcb 100644 --- a/src/include/ipxe/efi/Pi/PiFirmwareVolume.h +++ b/src/include/ipxe/efi/Pi/PiFirmwareVolume.h @@ -13,6 +13,7 @@ #define __PI_FIRMWAREVOLUME_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// EFI_FV_FILE_ATTRIBUTES diff --git a/src/include/ipxe/efi/Pi/PiHob.h b/src/include/ipxe/efi/Pi/PiHob.h index 5ecdf321f..4a98e2645 100644 --- a/src/include/ipxe/efi/Pi/PiHob.h +++ b/src/include/ipxe/efi/Pi/PiHob.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - PI Version 1.6 + PI Version 1.9 **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_HOB_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // HobType of EFI_HOB_GENERIC_HEADER. @@ -234,16 +235,8 @@ typedef UINT32 EFI_RESOURCE_TYPE; #define EFI_RESOURCE_MEMORY_MAPPED_IO_PORT 0x00000004 #define EFI_RESOURCE_MEMORY_RESERVED 0x00000005 #define EFI_RESOURCE_IO_RESERVED 0x00000006 -// -// BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is defined for unaccepted memory. -// But this defitinion has not been officially in the PI spec. Base -// on the code-first we define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED at -// MdeModulePkg/Include/Pi/PrePiHob.h and update EFI_RESOURCE_MAX_MEMORY_TYPE -// to 8. After BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is officially published -// in PI spec, we will re-visit here. -// -// #define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007 -#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008 +#define EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007 +#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008 /// /// A type of recount attribute type. @@ -299,6 +292,9 @@ typedef UINT32 EFI_RESOURCE_ATTRIBUTE_TYPE; #define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTED 0x00040000 #define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTABLE 0x00080000 +#define EFI_RESOURCE_ATTRIBUTE_ENCRYPTED 0x04000000 +#define EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE 0x08000000 +#define EFI_RESOURCE_ATTRIBUTE_HOT_PLUGGABLE 0x10000000 // // Physical memory relative reliability attribute. This // memory provides higher reliability relative to other diff --git a/src/include/ipxe/efi/Pi/PiMultiPhase.h b/src/include/ipxe/efi/Pi/PiMultiPhase.h index e631821ca..f5ee07068 100644 --- a/src/include/ipxe/efi/Pi/PiMultiPhase.h +++ b/src/include/ipxe/efi/Pi/PiMultiPhase.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - These elements are defined in UEFI Platform Initialization Specification 1.2. + These elements are defined in UEFI Platform Initialization Specification 1.8.A **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_MULTIPHASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Pi/PiFirmwareVolume.h> #include <ipxe/efi/Pi/PiFirmwareFile.h> @@ -22,6 +23,13 @@ FILE_LICENCE ( BSD2_PATENT ); #include <ipxe/efi/Pi/PiStatusCode.h> #include <ipxe/efi/Pi/PiS3BootScript.h> +// +// PI Specification Version Information +// +#define PI_SPECIFICATION_MAJOR_REVISION 1 +#define PI_SPECIFICATION_MINOR_REVISION 80 +#define PI_SPECIFICATION_VERSION ((PI_SPECIFICATION_MAJOR_REVISION << 16) | (PI_SPECIFICATION_MINOR_REVISION)) + /** Produces an error code in the range reserved for use by the Platform Initialization Architecture Specification. @@ -106,6 +114,14 @@ FILE_LICENCE ( BSD2_PATENT ); #define EFI_SMRAM_LOCKED EFI_MMRAM_LOCKED /// +/// MM Communicate header constants +/// +#define COMMUNICATE_HEADER_V3_GUID \ + { \ + 0x68e8c853, 0x2ba9, 0x4dd7, { 0x9a, 0xc0, 0x91, 0xe1, 0x61, 0x55, 0xc9, 0x35 } \ + } + +/// /// Structure describing a MMRAM region and its accessibility attributes. /// typedef struct { @@ -151,6 +167,47 @@ typedef struct _EFI_MM_RESERVED_MMRAM_REGION { UINT64 MmramReservedSize; } EFI_MM_RESERVED_MMRAM_REGION; +#pragma pack(1) + +/// +/// To avoid confusion in interpreting frames, the buffer communicating to MM core through +/// EFI_MM_COMMUNICATE3 or later should always start with EFI_MM_COMMUNICATE_HEADER_V3. +/// +typedef struct { + /// + /// Indicator GUID for MM core that the communication buffer is compliant with this v3 header. + /// Must be gEfiMmCommunicateHeaderV3Guid. + /// + EFI_GUID HeaderGuid; + /// + /// Describes the size of the entire buffer (in bytes) available for communication, including this communication header. + /// + UINT64 BufferSize; + /// + /// Reserved for future use. + /// + UINT64 Reserved; + /// + /// Allows for disambiguation of the message format. + /// + EFI_GUID MessageGuid; + /// + /// Describes the size of MessageData (in bytes) and does not include the size of the header. + /// + UINT64 MessageSize; + /// + /// Designates an array of bytes that is MessageSize in size. + /// + UINT8 MessageData[]; +} EFI_MM_COMMUNICATE_HEADER_V3; + +#pragma pack() + +STATIC_ASSERT ( + (sizeof (EFI_MM_COMMUNICATE_HEADER_V3) == OFFSET_OF (EFI_MM_COMMUNICATE_HEADER_V3, MessageData)), \ + "sizeof (EFI_MM_COMMUNICATE_HEADER_V3) does not align with the beginning of flexible array MessageData" + ); + typedef enum { EFI_PCD_TYPE_8, EFI_PCD_TYPE_16, @@ -210,4 +267,6 @@ EFI_STATUS IN VOID *ProcedureArgument ); +extern EFI_GUID gEfiMmCommunicateHeaderV3Guid; + #endif diff --git a/src/include/ipxe/efi/Pi/PiS3BootScript.h b/src/include/ipxe/efi/Pi/PiS3BootScript.h index f016e1245..e7086a565 100644 --- a/src/include/ipxe/efi/Pi/PiS3BootScript.h +++ b/src/include/ipxe/efi/Pi/PiS3BootScript.h @@ -1,5 +1,5 @@ /** @file - This file contains the boot script defintions that are shared between the + This file contains the boot script definitions that are shared between the Boot Script Executor PPI and the Boot Script Save Protocol. Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> @@ -11,6 +11,7 @@ #define _PI_S3_BOOT_SCRIPT_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // ******************************************* // EFI Boot Script Opcode definitions diff --git a/src/include/ipxe/efi/Pi/PiStatusCode.h b/src/include/ipxe/efi/Pi/PiStatusCode.h index 427e5061d..6015cabb2 100644 --- a/src/include/ipxe/efi/Pi/PiStatusCode.h +++ b/src/include/ipxe/efi/Pi/PiStatusCode.h @@ -2,6 +2,7 @@ StatusCode related definitions in PI. Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: @@ -14,9 +15,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_STATUS_CODE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // -// Required for IA32, X64, IPF, ARM and EBC defines for CPU exception types +// Required for IA32, X64, IPF, and EBC defines for CPU exception types // #include <ipxe/efi/Protocol/DebugSupport.h> @@ -142,6 +144,7 @@ typedef struct { #define EFI_COMPUTING_UNIT_CACHE (EFI_COMPUTING_UNIT | 0x00040000) #define EFI_COMPUTING_UNIT_MEMORY (EFI_COMPUTING_UNIT | 0x00050000) #define EFI_COMPUTING_UNIT_CHIPSET (EFI_COMPUTING_UNIT | 0x00060000) +#define EFI_COMPUTING_UNIT_MANAGEABILITY (EFI_COMPUTING_UNIT | 0x00070000) ///@} /// @@ -346,6 +349,16 @@ typedef struct { ///@} /// +/// Computing Unit Manageability Subclass Error Code definitions. +/// The detail information is reported by REPORT_STATUS_CODE_WITH_EXTENDED_DATA +// with ASCII string in EFI_STATUS_CODE_STRING_DATA. +///@{ +#define EFI_MANAGEABILITY_EC_REDFISH_COMMUNICATION_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000000) +#define EFI_MANAGEABILITY_EC_REDFISH_HOST_INTERFACE_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000001) +#define EFI_MANAGEABILITY_EC_REDFISH_BOOTSTRAP_CREDENTIAL_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000002) +///@} + +/// /// Peripheral Subclass definitions. /// Values of 12-127 are reserved for future use by this specification. /// Values of 128-255 are reserved for OEM use. diff --git a/src/include/ipxe/efi/PiDxe.h b/src/include/ipxe/efi/PiDxe.h index 698c139f0..cef2a0273 100644 --- a/src/include/ipxe/efi/PiDxe.h +++ b/src/include/ipxe/efi/PiDxe.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_DXE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiBaseType.h> #include <ipxe/efi/Uefi/UefiSpec.h> diff --git a/src/include/ipxe/efi/ProcessorBind.h b/src/include/ipxe/efi/ProcessorBind.h index dbccf346d..9fb8012f7 100644 --- a/src/include/ipxe/efi/ProcessorBind.h +++ b/src/include/ipxe/efi/ProcessorBind.h @@ -2,6 +2,7 @@ #define _IPXE_EFI_PROCESSOR_BIND_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* * EFI header files rely on having the CPU architecture directory @@ -10,13 +11,43 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * - mcb30 */ -#ifdef EFI_HOSTONLY +/* Determine EFI architecture name (if existent) */ +#if defined ( __i386__ ) +#define EFIARCH Ia32 +#endif +#if defined ( __x86_64__ ) +#define EFIARCH X64 +#endif +#if defined ( __arm__ ) +#define EFIARCH Arm +#endif +#if defined ( __aarch64__ ) +#define EFIARCH AArch64 +#endif +#if defined ( __loongarch__ ) +#define EFIARCH LoongArch64 +#endif +#if defined ( __riscv ) && ( _riscv_xlen == 64 ) +#define EFIARCH RiscV64 +#endif + +/* Determine architecture-specific ProcessorBind.h path */ +#define PROCESSORBIND(_arch) <ipxe/efi/_arch/ProcessorBind.h> /* - * We cannot rely on the EDK2 ProcessorBind.h headers when compiling a - * binary for execution on the build host itself, since the host's CPU - * architecture may not even be supported by EDK2. + * We do not want to use any EFI-specific calling conventions etc when + * compiling a binary for execution on the build host itself. */ +#ifdef EFI_HOSTONLY +#undef EFIARCH +#endif + +#if defined ( EFIARCH ) + +/* Include architecture-specific ProcessorBind.h if existent */ +#include PROCESSORBIND(EFIARCH) + +#else /* EFIARCH */ /* Define the basic integer types in terms of the host's <stdint.h> */ #include <stdint.h> @@ -30,8 +61,8 @@ typedef uint16_t UINT16; typedef uint32_t UINT32; typedef uint64_t UINT64; typedef unsigned long UINTN; -typedef int8_t CHAR8; -typedef int16_t CHAR16; +typedef char CHAR8; +typedef uint16_t CHAR16; typedef uint8_t BOOLEAN; /* Define EFIAPI as whatever API the host uses by default */ @@ -40,31 +71,12 @@ typedef uint8_t BOOLEAN; /* Define an architecture-neutral MDE_CPU macro to prevent build errors */ #define MDE_CPU_EBC +/* Define a dummy boot file name to prevent build errors */ +#define EFI_REMOVABLE_MEDIA_FILE_NAME L"\\EFI\\BOOT\\BOOTNONE.EFI" + /* Define MAX_BIT in terms of UINTN */ #define MAX_BIT ( ( ( UINTN ) 1U ) << ( ( 8 * sizeof ( UINTN ) ) - 1 ) ) -#else /* EFI_HOSTONLY */ - -#ifdef __i386__ -#include <ipxe/efi/Ia32/ProcessorBind.h> -#endif - -#ifdef __x86_64__ -#include <ipxe/efi/X64/ProcessorBind.h> -#endif - -#ifdef __arm__ -#include <ipxe/efi/Arm/ProcessorBind.h> -#endif - -#ifdef __aarch64__ -#include <ipxe/efi/AArch64/ProcessorBind.h> -#endif - -#ifdef __loongarch__ -#include <ipxe/efi/LoongArch64/ProcessorBind.h> -#endif - -#endif /* EFI_HOSTONLY */ +#endif /* EFIARCH */ #endif /* _IPXE_EFI_PROCESSOR_BIND_H */ diff --git a/src/include/ipxe/efi/Protocol/AbsolutePointer.h b/src/include/ipxe/efi/Protocol/AbsolutePointer.h index 48810f90c..886d214a9 100644 --- a/src/include/ipxe/efi/Protocol/AbsolutePointer.h +++ b/src/include/ipxe/efi/Protocol/AbsolutePointer.h @@ -14,6 +14,7 @@ #define __ABSOLUTE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ABSOLUTE_POINTER_PROTOCOL_GUID \ { 0x8D59D32B, 0xC655, 0x4AE9, { 0x9B, 0x15, 0xF2, 0x59, 0x04, 0x99, 0x2A, 0x43 } } diff --git a/src/include/ipxe/efi/Protocol/AcpiTable.h b/src/include/ipxe/efi/Protocol/AcpiTable.h index 27a9873c3..601e7b769 100644 --- a/src/include/ipxe/efi/Protocol/AcpiTable.h +++ b/src/include/ipxe/efi/Protocol/AcpiTable.h @@ -14,6 +14,7 @@ #define __ACPI_TABLE_H___ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ACPI_TABLE_PROTOCOL_GUID \ { 0xffe06bdd, 0x6107, 0x46a6, { 0x7b, 0xb2, 0x5a, 0x9c, 0x7e, 0xc5, 0x27, 0x5c }} diff --git a/src/include/ipxe/efi/Protocol/AdapterInformation.h b/src/include/ipxe/efi/Protocol/AdapterInformation.h new file mode 100644 index 000000000..b52288793 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/AdapterInformation.h @@ -0,0 +1,258 @@ +/** @file + EFI Adapter Information Protocol definition. + The EFI Adapter Information Protocol is used to dynamically and quickly discover + or set device information for an adapter. + + Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.4 + +**/ + +#ifndef __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ +#define __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_ADAPTER_INFORMATION_PROTOCOL_GUID \ + { \ + 0xE5DD1403, 0xD622, 0xC24E, {0x84, 0x88, 0xC7, 0x1B, 0x17, 0xF5, 0xE8, 0x02 } \ + } + +#define EFI_ADAPTER_INFO_MEDIA_STATE_GUID \ + { \ + 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 } \ + } + +#define EFI_ADAPTER_INFO_NETWORK_BOOT_GUID \ + { \ + 0x1FBD2960, 0x4130, 0x41E5, {0x94, 0xAC, 0xD2, 0xCF, 0x03, 0x7F, 0xB3, 0x7C } \ + } + +#define EFI_ADAPTER_INFO_SAN_MAC_ADDRESS_GUID \ + { \ + 0x114da5ef, 0x2cf1, 0x4e12, {0x9b, 0xbb, 0xc4, 0x70, 0xb5, 0x52, 0x5, 0xd9 } \ + } + +#define EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT_GUID \ + { \ + 0x4bd56be3, 0x4975, 0x4d8a, {0xa0, 0xad, 0xc4, 0x91, 0x20, 0x4b, 0x5d, 0x4d} \ + } + +#define EFI_ADAPTER_INFO_MEDIA_TYPE_GUID \ + { \ + 0x8484472f, 0x71ec, 0x411a, { 0xb3, 0x9c, 0x62, 0xcd, 0x94, 0xd9, 0x91, 0x6e } \ + } + +typedef struct _EFI_ADAPTER_INFORMATION_PROTOCOL EFI_ADAPTER_INFORMATION_PROTOCOL; + +/// +/// EFI_ADAPTER_INFO_MEDIA_STATE +/// +typedef struct { + /// + /// Returns the current media state status. MediaState can have any of the following values: + /// EFI_SUCCESS: There is media attached to the network adapter. EFI_NOT_READY: This detects a bounced state. + /// There was media attached to the network adapter, but it was removed and reattached. EFI_NO_MEDIA: There is + /// not any media attached to the network. + /// + EFI_STATUS MediaState; +} EFI_ADAPTER_INFO_MEDIA_STATE; + +/// +/// EFI_ADAPTER_INFO_MEDIA_TYPE +/// +typedef struct { + /// + /// Indicates the current media type. MediaType can have any of the following values: + /// 1: Ethernet Network Adapter + /// 2: Ethernet Wireless Network Adapter + /// 3~255: Reserved + /// + UINT8 MediaType; +} EFI_ADAPTER_INFO_MEDIA_TYPE; + +/// +/// EFI_ADAPTER_INFO_NETWORK_BOOT +/// +typedef struct { + /// + /// TRUE if the adapter supports booting from iSCSI IPv4 targets. + /// + BOOLEAN iScsiIpv4BootCapablity; + /// + /// TRUE if the adapter supports booting from iSCSI IPv6 targets. + /// + BOOLEAN iScsiIpv6BootCapablity; + /// + /// TRUE if the adapter supports booting from FCoE targets. + /// + BOOLEAN FCoeBootCapablity; + /// + /// TRUE if the adapter supports an offload engine (such as TCP + /// Offload Engine (TOE)) for its iSCSI or FCoE boot operations. + /// + BOOLEAN OffloadCapability; + /// + /// TRUE if the adapter supports multipath I/O (MPIO) for its iSCSI + /// boot operations. + /// + BOOLEAN iScsiMpioCapability; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv4 targets. + /// + BOOLEAN iScsiIpv4Boot; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv6 targets. + /// + BOOLEAN iScsiIpv6Boot; + /// + /// TRUE if the adapter is currently configured to boot from FCoE targets. + /// + BOOLEAN FCoeBoot; +} EFI_ADAPTER_INFO_NETWORK_BOOT; + +/// +/// EFI_ADAPTER_INFO_SAN_MAC_ADDRESS +/// +typedef struct { + /// + /// Returns the SAN MAC address for the adapter.For adapters that support today's 802.3 ethernet + /// networking and Fibre-Channel Over Ethernet (FCOE), this conveys the FCOE SAN MAC address from the adapter. + /// + EFI_MAC_ADDRESS SanMacAddress; +} EFI_ADAPTER_INFO_SAN_MAC_ADDRESS; + +/// +/// EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT +/// +typedef struct { + /// + /// Returns capability of UNDI to support IPv6 traffic. + /// + BOOLEAN Ipv6Support; +} EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT; + +/** + Returns the current state information for the adapter. + + This function returns information of type InformationType from the adapter. + If an adapter does not support the requested informational type, then + EFI_UNSUPPORTED is returned. If an adapter does not contain Information for + the requested InformationType, it fills InformationBlockSize with 0 and + returns EFI_NOT_FOUND. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[out] InforamtionBlock The service returns a pointer to the buffer with the InformationBlock + structure which contains details about the data specific to InformationType. + @param[out] InforamtionBlockSize The driver returns the size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The InformationType information was retrieved. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_NOT_FOUND Information is not available for the requested information type. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_INVALID_PARAMETER InformationBlockSize is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + OUT VOID **InformationBlock, + OUT UINTN *InformationBlockSize + ); + +/** + Sets state information for an adapter. + + This function sends information of type InformationType for an adapter. + If an adapter does not support the requested information type, then EFI_UNSUPPORTED + is returned. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[in] InforamtionBlock A pointer to the InformationBlock structure which contains details + about the data specific to InformationType. + @param[in] InforamtionBlockSize The size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The information was received and interpreted successfully. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_WRITE_PROTECTED The InformationType cannot be modified using EFI_ADAPTER_INFO_SET_INFO(). + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_SET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + IN VOID *InformationBlock, + IN UINTN InformationBlockSize + ); + +/** + Get a list of supported information types for this instance of the protocol. + + This function returns a list of InformationType GUIDs that are supported on an + adapter with this instance of EFI_ADAPTER_INFORMATION_PROTOCOL. The list is returned + in InfoTypesBuffer, and the number of GUID pointers in InfoTypesBuffer is returned in + InfoTypesBufferCount. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[out] InfoTypesBuffer A pointer to the array of InformationType GUIDs that are supported + by This. + @param[out] InfoTypesBufferCount A pointer to the number of GUIDs present in InfoTypesBuffer. + + @retval EFI_SUCCESS The list of information type GUIDs that are supported on this adapter was + returned in InfoTypesBuffer. The number of information type GUIDs was + returned in InfoTypesBufferCount. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBuffer is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBufferCount is NULL. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the results. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + OUT EFI_GUID **InfoTypesBuffer, + OUT UINTN *InfoTypesBufferCount + ); + +/// +/// EFI_ADAPTER_INFORMATION_PROTOCOL +/// The protocol for adapter provides the following services. +/// - Gets device state information from adapter. +/// - Sets device information for adapter. +/// - Gets a list of supported information types for this instance of the protocol. +/// +struct _EFI_ADAPTER_INFORMATION_PROTOCOL { + EFI_ADAPTER_INFO_GET_INFO GetInformation; + EFI_ADAPTER_INFO_SET_INFO SetInformation; + EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES GetSupportedTypes; +}; + +extern EFI_GUID gEfiAdapterInformationProtocolGuid; + +extern EFI_GUID gEfiAdapterInfoMediaStateGuid; + +extern EFI_GUID gEfiAdapterInfoNetworkBootGuid; + +extern EFI_GUID gEfiAdapterInfoSanMacAddressGuid; + +extern EFI_GUID gEfiAdapterInfoUndiIpv6SupportGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/AppleNetBoot.h b/src/include/ipxe/efi/Protocol/AppleNetBoot.h index 5946524fd..417730bc3 100644 --- a/src/include/ipxe/efi/Protocol/AppleNetBoot.h +++ b/src/include/ipxe/efi/Protocol/AppleNetBoot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_APPLE_NET_BOOT_PROTOCOL_GUID \ { 0x78ee99fb, 0x6a5e, 0x4186, \ diff --git a/src/include/ipxe/efi/Protocol/Arp.h b/src/include/ipxe/efi/Protocol/Arp.h index 0f60e3c4f..26dc89d59 100644 --- a/src/include/ipxe/efi/Protocol/Arp.h +++ b/src/include/ipxe/efi/Protocol/Arp.h @@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_ARP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ARP_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo.h b/src/include/ipxe/efi/Protocol/BlockIo.h index 5efaf6e90..c5614b1ef 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo.h +++ b/src/include/ipxe/efi/Protocol/BlockIo.h @@ -13,6 +13,7 @@ #define __BLOCK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_BLOCK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo2.h b/src/include/ipxe/efi/Protocol/BlockIo2.h index abc2f8a9b..b985b5dab 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo2.h +++ b/src/include/ipxe/efi/Protocol/BlockIo2.h @@ -14,6 +14,7 @@ #define __BLOCK_IO2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/BlockIo.h> diff --git a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h index 69d9b1dcf..a304f3bfa 100644 --- a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h +++ b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h @@ -15,6 +15,7 @@ #define _EFI_BUS_SPECIFIC_DRIVER_OVERRIDE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Bus Specific Driver Override Protocol diff --git a/src/include/ipxe/efi/Protocol/ComponentName.h b/src/include/ipxe/efi/Protocol/ComponentName.h index cd7f4d0e3..89e2e19d2 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName.h +++ b/src/include/ipxe/efi/Protocol/ComponentName.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_COMPONENT_NAME_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the Component Name Protocol. diff --git a/src/include/ipxe/efi/Protocol/ComponentName2.h b/src/include/ipxe/efi/Protocol/ComponentName2.h index 886c9eb52..ad7818a46 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName2.h +++ b/src/include/ipxe/efi/Protocol/ComponentName2.h @@ -12,6 +12,7 @@ #define __EFI_COMPONENT_NAME2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Component Name Protocol diff --git a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h index c96484ff9..cdff796a4 100644 --- a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h +++ b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h @@ -26,6 +26,7 @@ Abstract: #define __CONSOLE_CONTROL_H__ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \ { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} } diff --git a/src/include/ipxe/efi/Protocol/DebugSupport.h b/src/include/ipxe/efi/Protocol/DebugSupport.h index 8f930e335..e97b4c7f1 100644 --- a/src/include/ipxe/efi/Protocol/DebugSupport.h +++ b/src/include/ipxe/efi/Protocol/DebugSupport.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __DEBUG_SUPPORT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/PeImage.h> @@ -682,23 +683,23 @@ typedef struct { UINT32 STVAL; } EFI_SYSTEM_CONTEXT_RISCV64; -// -// LoongArch processor exception types. -// -// The exception types is located in the CSR ESTAT -// register offset 16 bits, width 6 bits. -// -// If you want to register an exception hook, you can -// shfit the number left by 16 bits, and the exception -// handler will know the types. -// -// For example: -// mCpu->CpuRegisterInterruptHandler ( -// mCpu, -// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), -// PpiExceptionHandler -// ); -// +/// +/// LoongArch processor exception types. +/// +/// The exception types is located in the CSR ESTAT +/// register offset 16 bits, width 6 bits. +/// +/// If you want to register an exception hook, you can +/// shfit the number left by 16 bits, and the exception +/// handler will know the types. +/// +/// For example: +/// mCpu->CpuRegisterInterruptHandler ( +/// mCpu, +/// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), +/// PpiExceptionHandler +/// ); +/// #define EXCEPT_LOONGARCH_INT 0 #define EXCEPT_LOONGARCH_PIL 1 #define EXCEPT_LOONGARCH_PIS 2 @@ -718,11 +719,22 @@ typedef struct { #define EXCEPT_LOONGARCH_SXD 16 #define EXCEPT_LOONGARCH_ASXD 17 #define EXCEPT_LOONGARCH_FPE 18 -#define EXCEPT_LOONGARCH_TBR 64 // For code only, there is no such type in the ISA spec, the TLB refill is defined for an independent exception. +#define EXCEPT_LOONGARCH_WPE 19 +#define EXCEPT_LOONGARCH_BTD 20 +#define EXCEPT_LOONGARCH_BTE 21 +#define EXCEPT_LOONGARCH_GSPR 22 +#define EXCEPT_LOONGARCH_HVC 23 +#define EXCEPT_LOONGARCH_GCXC 24 -// -// LoongArch processor Interrupt types. -// +/// +/// For coding convenience, define the maximum valid +/// LoongArch exception. +/// +#define MAX_LOONGARCH_EXCEPTION 64 + +/// +/// LoongArch processor Interrupt types. +/// #define EXCEPT_LOONGARCH_INT_SIP0 0 #define EXCEPT_LOONGARCH_INT_SIP1 1 #define EXCEPT_LOONGARCH_INT_IP0 2 @@ -737,11 +749,11 @@ typedef struct { #define EXCEPT_LOONGARCH_INT_TIMER 11 #define EXCEPT_LOONGARCH_INT_IPI 12 -// -// For coding convenience, define the maximum valid -// LoongArch interrupt. -// -#define MAX_LOONGARCH_INTERRUPT 14 +/// +/// For coding convenience, define the maximum valid +/// LoongArch interrupt. +/// +#define MAX_LOONGARCH_INTERRUPT 16 typedef struct { UINT64 R0; @@ -840,7 +852,6 @@ typedef enum { IsaX64 = IMAGE_FILE_MACHINE_X64, ///< 0x8664 IsaIpf = IMAGE_FILE_MACHINE_IA64, ///< 0x0200 IsaEbc = IMAGE_FILE_MACHINE_EBC, ///< 0x0EBC - IsaArm = IMAGE_FILE_MACHINE_ARMTHUMB_MIXED, ///< 0x01c2 IsaAArch64 = IMAGE_FILE_MACHINE_ARM64 ///< 0xAA64 } EFI_INSTRUCTION_SET_ARCHITECTURE; diff --git a/src/include/ipxe/efi/Protocol/DevicePath.h b/src/include/ipxe/efi/Protocol/DevicePath.h index 3256d5594..fd7a0ea27 100644 --- a/src/include/ipxe/efi/Protocol/DevicePath.h +++ b/src/include/ipxe/efi/Protocol/DevicePath.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DEVICE_PATH_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/PcAnsi.h> #include <ipxe/efi/IndustryStandard/Bluetooth.h> @@ -840,6 +841,26 @@ typedef struct { } NVME_NAMESPACE_DEVICE_PATH; /// +/// NVMe over Fabric (NVMe-oF) Namespace Device Path SubType. +/// +#define MSG_NVME_OF_NAMESPACE_DP 0x22 +typedef struct { + EFI_DEVICE_PATH_PROTOCOL Header; + /// + /// Namespace Identifier Type (NIDT) + /// + UINT8 NamespaceIdType; + /// + /// Namespace Identifier (NID) + /// + UINT8 NamespaceId[16]; + /// + /// Unique identifier of an NVM subsystem + /// + CHAR8 SubsystemNqn[]; +} NVME_OF_NAMESPACE_DEVICE_PATH; + +/// /// DNS Device Path SubType /// #define MSG_DNS_DP 0x1F @@ -1289,6 +1310,7 @@ typedef union { SAS_DEVICE_PATH Sas; SASEX_DEVICE_PATH SasEx; NVME_NAMESPACE_DEVICE_PATH NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH NvmeOfNamespace; DNS_DEVICE_PATH Dns; URI_DEVICE_PATH Uri; BLUETOOTH_DEVICE_PATH Bluetooth; @@ -1345,6 +1367,7 @@ typedef union { SAS_DEVICE_PATH *Sas; SASEX_DEVICE_PATH *SasEx; NVME_NAMESPACE_DEVICE_PATH *NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH *NvmeOfNamespace; DNS_DEVICE_PATH *Dns; URI_DEVICE_PATH *Uri; BLUETOOTH_DEVICE_PATH *Bluetooth; diff --git a/src/include/ipxe/efi/Protocol/DevicePathToText.h b/src/include/ipxe/efi/Protocol/DevicePathToText.h index 2f591b9a2..fc68a7686 100644 --- a/src/include/ipxe/efi/Protocol/DevicePathToText.h +++ b/src/include/ipxe/efi/Protocol/DevicePathToText.h @@ -11,6 +11,7 @@ #define __DEVICE_PATH_TO_TEXT_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Device Path To Text protocol diff --git a/src/include/ipxe/efi/Protocol/Dhcp4.h b/src/include/ipxe/efi/Protocol/Dhcp4.h index 1e7e27b11..c0a365c17 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp4.h +++ b/src/include/ipxe/efi/Protocol/Dhcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DHCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP4_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dhcp6.h b/src/include/ipxe/efi/Protocol/Dhcp6.h index 19f59086c..5a3e6148e 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp6.h +++ b/src/include/ipxe/efi/Protocol/Dhcp6.h @@ -14,6 +14,7 @@ #define __EFI_DHCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP6_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DiskIo.h b/src/include/ipxe/efi/Protocol/DiskIo.h index c5ce5d339..7a81ad5ad 100644 --- a/src/include/ipxe/efi/Protocol/DiskIo.h +++ b/src/include/ipxe/efi/Protocol/DiskIo.h @@ -14,6 +14,7 @@ #define __DISK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DISK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns4.h b/src/include/ipxe/efi/Protocol/Dns4.h index 0ab07e519..36e9757a3 100644 --- a/src/include/ipxe/efi/Protocol/Dns4.h +++ b/src/include/ipxe/efi/Protocol/Dns4.h @@ -16,6 +16,7 @@ #define __EFI_DNS4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns6.h b/src/include/ipxe/efi/Protocol/Dns6.h index 3b88c88eb..524988c5f 100644 --- a/src/include/ipxe/efi/Protocol/Dns6.h +++ b/src/include/ipxe/efi/Protocol/Dns6.h @@ -16,6 +16,7 @@ #define __EFI_DNS6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DriverBinding.h b/src/include/ipxe/efi/Protocol/DriverBinding.h index 3c2027506..903545b98 100644 --- a/src/include/ipxe/efi/Protocol/DriverBinding.h +++ b/src/include/ipxe/efi/Protocol/DriverBinding.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DRIVER_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the ControllerHandle Driver Protocol. diff --git a/src/include/ipxe/efi/Protocol/EapConfiguration.h b/src/include/ipxe/efi/Protocol/EapConfiguration.h new file mode 100644 index 000000000..980873945 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/EapConfiguration.h @@ -0,0 +1,156 @@ +/** @file + This file defines the EFI EAP Configuration protocol. + + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ + +#ifndef __EFI_EAP_CONFIGURATION_PROTOCOL_H__ +#define __EFI_EAP_CONFIGURATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +/// +/// EFI EAP Configuration protocol provides a way to set and get EAP configuration. +/// +#define EFI_EAP_CONFIGURATION_PROTOCOL_GUID \ + { \ + 0xe5b58dbb, 0x7688, 0x44b4, {0x97, 0xbf, 0x5f, 0x1d, 0x4b, 0x7c, 0xc8, 0xdb } \ + } + +typedef struct _EFI_EAP_CONFIGURATION_PROTOCOL EFI_EAP_CONFIGURATION_PROTOCOL; + +/// +/// Make sure it not conflict with any real EapTypeXXX +/// +#define EFI_EAP_TYPE_ATTRIBUTE 0 + +typedef enum { + /// + /// EFI_EAP_TYPE_ATTRIBUTE + /// + EfiEapConfigEapAuthMethod, + EfiEapConfigEapSupportedAuthMethod, + /// + /// EapTypeIdentity + /// + EfiEapConfigIdentityString, + /// + /// EapTypeEAPTLS/EapTypePEAP + /// + EfiEapConfigEapTlsCACert, + EfiEapConfigEapTlsClientCert, + EfiEapConfigEapTlsClientPrivateKeyFile, + EfiEapConfigEapTlsClientPrivateKeyFilePassword, // ASCII format, Volatile + EfiEapConfigEapTlsCipherSuite, + EfiEapConfigEapTlsSupportedCipherSuite, + /// + /// EapTypeMSChapV2 + /// + EfiEapConfigEapMSChapV2Password, // UNICODE format, Volatile + /// + /// EapTypePEAP + /// + EfiEapConfigEap2ndAuthMethod, + /// + /// More... + /// +} EFI_EAP_CONFIG_DATA_TYPE; + +/// +/// EFI_EAP_TYPE +/// +typedef UINT8 EFI_EAP_TYPE; +#define EFI_EAP_TYPE_ATTRIBUTE 0 +#define EFI_EAP_TYPE_IDENTITY 1 +#define EFI_EAP_TYPE_NOTIFICATION 2 +#define EFI_EAP_TYPE_NAK 3 +#define EFI_EAP_TYPE_MD5CHALLENGE 4 +#define EFI_EAP_TYPE_OTP 5 +#define EFI_EAP_TYPE_GTC 6 +#define EFI_EAP_TYPE_EAPTLS 13 +#define EFI_EAP_TYPE_EAPSIM 18 +#define EFI_EAP_TYPE_TTLS 21 +#define EFI_EAP_TYPE_PEAP 25 +#define EFI_EAP_TYPE_MSCHAPV2 26 +#define EFI_EAP_TYPE_EAP_EXTENSION 33 + +/** + Set EAP configuration data. + + The SetData() function sets EAP configuration to non-volatile storage or volatile + storage. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in] Data Pointer to configuration data. + @param[in] DataSize Total size of configuration data. + + @retval EFI_SUCCESS The EAP configuration data is set successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_SET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get EAP configuration data. + + The GetData() function gets EAP configuration. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in, out] Data Pointer to configuration data. + @param[in, out] DataSize Total size of configuration data. On input, it means + the size of Data buffer. On output, it means the size + of copied Data buffer if EFI_SUCCESS, and means the + size of desired Data buffer if EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The EAP configuration data is got successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is NULL. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_NOT_FOUND The EAP configuration data is not found. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the buffer. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_GET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_EAP_CONFIGURATION_PROTOCOL +/// is designed to provide a way to set and get EAP configuration, such as Certificate, +/// private key file. +/// +struct _EFI_EAP_CONFIGURATION_PROTOCOL { + EFI_EAP_CONFIGURATION_SET_DATA SetData; + EFI_EAP_CONFIGURATION_GET_DATA GetData; +}; + +extern EFI_GUID gEfiEapConfigurationProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/FormBrowser2.h b/src/include/ipxe/efi/Protocol/FormBrowser2.h index 5e6f940b8..7f726757b 100644 --- a/src/include/ipxe/efi/Protocol/FormBrowser2.h +++ b/src/include/ipxe/efi/Protocol/FormBrowser2.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_FORM_BROWSER2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/HiiPlatformSetupFormset.h> diff --git a/src/include/ipxe/efi/Protocol/GraphicsOutput.h b/src/include/ipxe/efi/Protocol/GraphicsOutput.h index b89315c7d..1e822c208 100644 --- a/src/include/ipxe/efi/Protocol/GraphicsOutput.h +++ b/src/include/ipxe/efi/Protocol/GraphicsOutput.h @@ -12,6 +12,7 @@ #define __GRAPHICS_OUTPUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Hash.h b/src/include/ipxe/efi/Protocol/Hash.h new file mode 100644 index 000000000..aabbc3026 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Hash.h @@ -0,0 +1,172 @@ +/** @file + EFI_HASH_SERVICE_BINDING_PROTOCOL as defined in UEFI 2.0. + EFI_HASH_PROTOCOL as defined in UEFI 2.0. + The EFI Hash Service Binding Protocol is used to locate hashing services support + provided by a driver and to create and destroy instances of the EFI Hash Protocol + so that a multiple drivers can use the underlying hashing services. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __EFI_HASH_PROTOCOL_H__ +#define __EFI_HASH_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_HASH_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x42881c98, 0xa4f3, 0x44b0, {0xa3, 0x9d, 0xdf, 0xa1, 0x86, 0x67, 0xd8, 0xcd } \ + } + +#define EFI_HASH_PROTOCOL_GUID \ + { \ + 0xc5184932, 0xdba5, 0x46db, {0xa5, 0xba, 0xcc, 0x0b, 0xda, 0x9c, 0x14, 0x35 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_GUID \ + { \ + 0x2ae9d80f, 0x3fb2, 0x4095, {0xb7, 0xb1, 0xe9, 0x31, 0x57, 0xb9, 0x46, 0xb6 } \ + } + +#define EFI_HASH_ALGORITHM_SHA224_GUID \ + { \ + 0x8df01a06, 0x9bd5, 0x4bf7, {0xb0, 0x21, 0xdb, 0x4f, 0xd9, 0xcc, 0xf4, 0x5b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_GUID \ + { \ + 0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \ + } + +#define EFI_HASH_ALGORITHM_SHA384_GUID \ + { \ + 0xefa96432, 0xde33, 0x4dd2, {0xae, 0xe6, 0x32, 0x8c, 0x33, 0xdf, 0x77, 0x7a } \ + } + +#define EFI_HASH_ALGORITHM_SHA512_GUID \ + { \ + 0xcaa4381e, 0x750c, 0x4770, {0xb8, 0x70, 0x7a, 0x23, 0xb4, 0xe4, 0x21, 0x30 } \ + } + +#define EFI_HASH_ALGORTIHM_MD5_GUID \ + { \ + 0xaf7c79c, 0x65b5, 0x4319, {0xb0, 0xae, 0x44, 0xec, 0x48, 0x4e, 0x4a, 0xd7 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_NOPAD_GUID \ + { \ + 0x24c5dc2f, 0x53e2, 0x40ca, {0x9e, 0xd6, 0xa5, 0xd9, 0xa4, 0x9f, 0x46, 0x3b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_NOPAD_GUID \ + { \ + 0x8628752a, 0x6cb7, 0x4814, {0x96, 0xfc, 0x24, 0xa8, 0x15, 0xac, 0x22, 0x26 } \ + } + +// +// Note: Use of the following algorithms with EFI_HASH_PROTOCOL is deprecated. +// EFI_HASH_ALGORITHM_SHA1_GUID +// EFI_HASH_ALGORITHM_SHA224_GUID +// EFI_HASH_ALGORITHM_SHA256_GUID +// EFI_HASH_ALGORITHM_SHA384_GUID +// EFI_HASH_ALGORITHM_SHA512_GUID +// EFI_HASH_ALGORTIHM_MD5_GUID +// + +typedef struct _EFI_HASH_PROTOCOL EFI_HASH_PROTOCOL; + +typedef UINT8 EFI_MD5_HASH[16]; +typedef UINT8 EFI_SHA1_HASH[20]; +typedef UINT8 EFI_SHA224_HASH[28]; +typedef UINT8 EFI_SHA256_HASH[32]; +typedef UINT8 EFI_SHA384_HASH[48]; +typedef UINT8 EFI_SHA512_HASH[64]; + +typedef union { + EFI_MD5_HASH *Md5Hash; + EFI_SHA1_HASH *Sha1Hash; + EFI_SHA224_HASH *Sha224Hash; + EFI_SHA256_HASH *Sha256Hash; + EFI_SHA384_HASH *Sha384Hash; + EFI_SHA512_HASH *Sha512Hash; +} EFI_HASH_OUTPUT; + +/** + Returns the size of the hash which results from a specific algorithm. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[out] HashSize Holds the returned size of the algorithm's hash. + + @retval EFI_SUCCESS Hash size returned successfully. + @retval EFI_INVALID_PARAMETER HashSize is NULL or HashAlgorithm is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported + by this driver. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_GET_HASH_SIZE)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize + ); + +/** + Creates a hash for the specified message text. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[in] Extend Specifies whether to create a new hash (FALSE) or extend the specified + existing hash (TRUE). + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + @param[in,out] Hash On input, if Extend is TRUE, then this parameter holds a pointer + to a pointer to an array containing the hash to extend. If Extend + is FALSE, then this parameter holds a pointer to a pointer to a + caller-allocated array that will receive the result of the hash + computation. On output (regardless of the value of Extend), the + array will contain the result of the hash computation. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER Message or Hash, HashAlgorithm is NULL or MessageSize is 0. + MessageSize is not an integer multiple of block size. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this + driver. Or, Extend is TRUE, and the algorithm doesn't support extending the hash. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_HASH)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN BOOLEAN Extend, + IN CONST UINT8 *Message, + IN UINT64 MessageSize, + IN OUT EFI_HASH_OUTPUT *Hash + ); + +/// +/// This protocol allows creating a hash of an arbitrary message digest +/// using one or more hash algorithms. +/// +struct _EFI_HASH_PROTOCOL { + EFI_HASH_GET_HASH_SIZE GetHashSize; + EFI_HASH_HASH Hash; +}; + +extern EFI_GUID gEfiHashServiceBindingProtocolGuid; +extern EFI_GUID gEfiHashProtocolGuid; +extern EFI_GUID gEfiHashAlgorithmSha1Guid; +extern EFI_GUID gEfiHashAlgorithmSha224Guid; +extern EFI_GUID gEfiHashAlgorithmSha256Guid; +extern EFI_GUID gEfiHashAlgorithmSha384Guid; +extern EFI_GUID gEfiHashAlgorithmSha512Guid; +extern EFI_GUID gEfiHashAlgorithmMD5Guid; +extern EFI_GUID gEfiHashAlgorithmSha1NoPadGuid; +extern EFI_GUID gEfiHashAlgorithmSha256NoPadGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h index aaa51a31b..e48a48335 100644 --- a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h +++ b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_HII_CONFIG_ACCESS_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/FormBrowser2.h> diff --git a/src/include/ipxe/efi/Protocol/HiiDatabase.h b/src/include/ipxe/efi/Protocol/HiiDatabase.h index d077b1167..4338319d1 100644 --- a/src/include/ipxe/efi/Protocol/HiiDatabase.h +++ b/src/include/ipxe/efi/Protocol/HiiDatabase.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_DATABASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_DATABASE_PROTOCOL_GUID \ { 0xef9fc172, 0xa1b2, 0x4693, { 0xb3, 0x27, 0x6d, 0x32, 0xfc, 0x41, 0x60, 0x42 } } diff --git a/src/include/ipxe/efi/Protocol/HiiFont.h b/src/include/ipxe/efi/Protocol/HiiFont.h index 248f13ea5..6d6f88514 100644 --- a/src/include/ipxe/efi/Protocol/HiiFont.h +++ b/src/include/ipxe/efi/Protocol/HiiFont.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_FONT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> #include <ipxe/efi/Protocol/HiiImage.h> diff --git a/src/include/ipxe/efi/Protocol/HiiImage.h b/src/include/ipxe/efi/Protocol/HiiImage.h index 20fd72578..f40c00eb7 100644 --- a/src/include/ipxe/efi/Protocol/HiiImage.h +++ b/src/include/ipxe/efi/Protocol/HiiImage.h @@ -13,6 +13,7 @@ #define __HII_IMAGE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> diff --git a/src/include/ipxe/efi/Protocol/Http.h b/src/include/ipxe/efi/Protocol/Http.h index d30a5aa46..84eb20600 100644 --- a/src/include/ipxe/efi/Protocol/Http.h +++ b/src/include/ipxe/efi/Protocol/Http.h @@ -17,6 +17,7 @@ #define __EFI_HTTP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ { \ @@ -100,7 +101,8 @@ typedef enum { HTTP_STATUS_503_SERVICE_UNAVAILABLE, HTTP_STATUS_504_GATEWAY_TIME_OUT, HTTP_STATUS_505_HTTP_VERSION_NOT_SUPPORTED, - HTTP_STATUS_308_PERMANENT_REDIRECT + HTTP_STATUS_308_PERMANENT_REDIRECT, + HTTP_STATUS_429_TOO_MANY_REQUESTS } EFI_HTTP_STATUS_CODE; /// @@ -190,12 +192,27 @@ typedef struct { /// The URI of a remote host. From the information in this field, the HTTP instance /// will be able to determine whether to use HTTP or HTTPS and will also be able to /// determine the port number to use. If no port number is specified, port 80 (HTTP) - /// is assumed. See RFC 3986 for more details on URI syntax. + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. /// CHAR16 *Url; } EFI_HTTP_REQUEST_DATA; /// +/// EFI_HTTP_CONNECT_REQUEST_DATA +/// +typedef struct { + EFI_HTTP_REQUEST_DATA Base; + /// + /// The URI of an Proxy Host. This field will be NULL if there is no Proxy Host + /// in the device path. From the information in this field, the HTTP instance will + /// be able to determine whether to use HTTP or HTTPS and will also be able to + /// determine the port number to use. If no port number is specified, port 80 (HTTP) + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. + /// + CHAR16 *ProxyUrl; +} EFI_HTTP_CONNECT_REQUEST_DATA; + +/// /// EFI_HTTP_RESPONSE_DATA /// typedef struct { diff --git a/src/include/ipxe/efi/Protocol/Ip4.h b/src/include/ipxe/efi/Protocol/Ip4.h index 0455c7b2f..f45465860 100644 --- a/src/include/ipxe/efi/Protocol/Ip4.h +++ b/src/include/ipxe/efi/Protocol/Ip4.h @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip4Config.h b/src/include/ipxe/efi/Protocol/Ip4Config.h index ff47fd2b7..45d395ca8 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_IP4CONFIG_H +#define _IPXE_EFI_IP4CONFIG_H + /** @file This file provides a definition of the EFI IPv4 Configuration Protocol. @@ -14,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> @@ -176,3 +180,5 @@ struct _EFI_IP4_CONFIG_PROTOCOL { extern EFI_GUID gEfiIp4ConfigProtocolGuid; #endif + +#endif /* _IPXE_EFI_IP4CONFIG_H */ diff --git a/src/include/ipxe/efi/Protocol/Ip4Config2.h b/src/include/ipxe/efi/Protocol/Ip4Config2.h index ca091dea5..362387179 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config2.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config2.h @@ -14,6 +14,7 @@ This Protocol is introduced in UEFI Specification 2.5 #define __EFI_IP4CONFIG2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6.h b/src/include/ipxe/efi/Protocol/Ip6.h index c70df1906..2d19b806a 100644 --- a/src/include/ipxe/efi/Protocol/Ip6.h +++ b/src/include/ipxe/efi/Protocol/Ip6.h @@ -22,6 +22,7 @@ #define __EFI_IP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6Config.h b/src/include/ipxe/efi/Protocol/Ip6Config.h index 5665e93b9..75c5adbb0 100644 --- a/src/include/ipxe/efi/Protocol/Ip6Config.h +++ b/src/include/ipxe/efi/Protocol/Ip6Config.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP6CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/LoadFile.h b/src/include/ipxe/efi/Protocol/LoadFile.h index 034b22b55..47e164600 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile.h +++ b/src/include/ipxe/efi/Protocol/LoadFile.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_LOAD_FILE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadFile2.h b/src/include/ipxe/efi/Protocol/LoadFile2.h index 2cb155dda..409e411cf 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile2.h +++ b/src/include/ipxe/efi/Protocol/LoadFile2.h @@ -16,6 +16,7 @@ #define __EFI_LOAD_FILE2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE2_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadedImage.h b/src/include/ipxe/efi/Protocol/LoadedImage.h index db331b88f..401f464fa 100755 --- a/src/include/ipxe/efi/Protocol/LoadedImage.h +++ b/src/include/ipxe/efi/Protocol/LoadedImage.h @@ -13,6 +13,7 @@ #define __LOADED_IMAGE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOADED_IMAGE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ManagedNetwork.h b/src/include/ipxe/efi/Protocol/ManagedNetwork.h index 44a27ed1f..60e7e9ae8 100644 --- a/src/include/ipxe/efi/Protocol/ManagedNetwork.h +++ b/src/include/ipxe/efi/Protocol/ManagedNetwork.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MANAGED_NETWORK_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/MpService.h b/src/include/ipxe/efi/Protocol/MpService.h index cd1bb27fe..1a1874662 100644 --- a/src/include/ipxe/efi/Protocol/MpService.h +++ b/src/include/ipxe/efi/Protocol/MpService.h @@ -40,6 +40,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _MP_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the EFI_MP_SERVICES_PROTOCOL. diff --git a/src/include/ipxe/efi/Protocol/Mtftp4.h b/src/include/ipxe/efi/Protocol/Mtftp4.h index 4890c8ab2..5e50fcc9f 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp4.h +++ b/src/include/ipxe/efi/Protocol/Mtftp4.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MTFTP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Mtftp6.h b/src/include/ipxe/efi/Protocol/Mtftp6.h index b08af87e1..5a6d640e5 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp6.h +++ b/src/include/ipxe/efi/Protocol/Mtftp6.h @@ -17,6 +17,7 @@ #define __EFI_MTFTP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h index 1ce13f273..5a0a82071 100644 --- a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h +++ b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_NETWORK_INTERFACE_IDENTIFER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // GUID retired from UEFI Specification 2.1b diff --git a/src/include/ipxe/efi/Protocol/PciIo.h b/src/include/ipxe/efi/Protocol/PciIo.h index c733925d5..3c2582cab 100644 --- a/src/include/ipxe/efi/Protocol/PciIo.h +++ b/src/include/ipxe/efi/Protocol/PciIo.h @@ -11,6 +11,7 @@ #define __PCI_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the PCI I/O Protocol diff --git a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h index b6a478027..674e864d1 100644 --- a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h +++ b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h @@ -14,6 +14,7 @@ #define __PCI_ROOT_BRIDGE_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Library/BaseLib.h> diff --git a/src/include/ipxe/efi/Protocol/PxeBaseCode.h b/src/include/ipxe/efi/Protocol/PxeBaseCode.h index 20efd7280..5db934370 100644 --- a/src/include/ipxe/efi/Protocol/PxeBaseCode.h +++ b/src/include/ipxe/efi/Protocol/PxeBaseCode.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PXE_BASE_CODE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// PXE Base Code protocol. @@ -36,7 +37,7 @@ typedef EFI_PXE_BASE_CODE_PROTOCOL EFI_PXE_BASE_CODE; /// /// Default IP TTL and ToS. /// -#define DEFAULT_TTL 16 +#define DEFAULT_TTL 64 #define DEFAULT_ToS 0 /// @@ -155,8 +156,6 @@ typedef UINT16 EFI_PXE_BASE_CODE_UDP_PORT; #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0006 #elif defined (MDE_CPU_X64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0007 -#elif defined (MDE_CPU_ARM) -#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000A #elif defined (MDE_CPU_AARCH64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000B #elif defined (MDE_CPU_RISCV64) diff --git a/src/include/ipxe/efi/Protocol/Rng.h b/src/include/ipxe/efi/Protocol/Rng.h index 92d648bee..e4ad3d716 100644 --- a/src/include/ipxe/efi/Protocol/Rng.h +++ b/src/include/ipxe/efi/Protocol/Rng.h @@ -8,10 +8,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ -#ifndef __EFI_RNG_PROTOCOL_H__ -#define __EFI_RNG_PROTOCOL_H__ +#ifndef EFI_RNG_PROTOCOL_H_ +#define EFI_RNG_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Guid/Rng.h> /// /// Global ID for the Random Number Generator Protocol @@ -21,142 +24,8 @@ FILE_LICENCE ( BSD2_PATENT ); 0x3152bca5, 0xeade, 0x433d, {0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ } -typedef struct _EFI_RNG_PROTOCOL EFI_RNG_PROTOCOL; - -/// -/// A selection of EFI_RNG_PROTOCOL algorithms. -/// The algorithms listed are optional, not meant to be exhaustive and be argmented by -/// vendors or other industry standards. -/// - -typedef EFI_GUID EFI_RNG_ALGORITHM; - -/// -/// The algorithms corresponds to SP800-90 as defined in -/// NIST SP 800-90, "Recommendation for Random Number Generation Using Deterministic Random -/// Bit Generators", March 2007. -/// -#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ - { \ - 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ - { \ - 0xc5149b43, 0xae85, 0x4f53, {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ - { \ - 0x44f0de6e, 0x4d8c, 0x4045, {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e } \ - } -/// -/// The algorithms correspond to X9.31 as defined in -/// NIST, "Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using -/// the 3-Key Triple DES and AES Algorithm", January 2005. -/// -#define EFI_RNG_ALGORITHM_X9_31_3DES_GUID \ - { \ - 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 } \ - } -#define EFI_RNG_ALGORITHM_X9_31_AES_GUID \ - { \ - 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 } \ - } -/// -/// The "raw" algorithm, when supported, is intended to provide entropy directly from -/// the source, without it going through some deterministic random bit generator. -/// -#define EFI_RNG_ALGORITHM_RAW \ - { \ - 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ - } -/// -/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant -/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be -/// inclusive of different geographies. -/// -#define EFI_RNG_ALGORITHM_ARM_RNDR \ - { \ - 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ - } - -/** - Returns information about the random number generation implementation. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. - On output with a return code of EFI_SUCCESS, the size - in bytes of the data returned in RNGAlgorithmList. On output - with a return code of EFI_BUFFER_TOO_SMALL, - the size of RNGAlgorithmList required to obtain the list. - @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver - with one EFI_RNG_ALGORITHM element for each supported - RNG algorithm. The list must not change across multiple - calls to the same driver. The first algorithm in the list - is the default algorithm for the driver. - - @retval EFI_SUCCESS The RNG algorithm list was returned successfully. - @retval EFI_UNSUPPORTED The services is not supported by this driver. - @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a - hardware or firmware error. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. - @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_INFO)( - IN EFI_RNG_PROTOCOL *This, - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList - ); - -/** - Produces and returns an RNG value using either the default or specified RNG algorithm. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG - algorithm to use. May be NULL in which case the function will - use its default RNG algorithm. - @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by - RNGValue. The driver shall return exactly this numbers of bytes. - @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the - resulting RNG value. - - @retval EFI_SUCCESS The RNG value was returned successfully. - @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by - this driver. - @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or - firmware error. - @retval EFI_NOT_READY There is not enough random data available to satisfy the length - requested by RNGValueLength. - @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_RNG)( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue - ); - -/// -/// The Random Number Generator (RNG) protocol provides random bits for use in -/// applications, or entropy for seeding other random number generators. -/// -struct _EFI_RNG_PROTOCOL { - EFI_RNG_GET_INFO GetInfo; - EFI_RNG_GET_RNG GetRNG; -}; +typedef EFI_RNG_INTERFACE EFI_RNG_PROTOCOL; extern EFI_GUID gEfiRngProtocolGuid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; -extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; -extern EFI_GUID gEfiRngAlgorithmX931AesGuid; -extern EFI_GUID gEfiRngAlgorithmRaw; -extern EFI_GUID gEfiRngAlgorithmArmRndr; #endif diff --git a/src/include/ipxe/efi/Protocol/SerialIo.h b/src/include/ipxe/efi/Protocol/SerialIo.h index 1e44a21c4..31fd99215 100644 --- a/src/include/ipxe/efi/Protocol/SerialIo.h +++ b/src/include/ipxe/efi/Protocol/SerialIo.h @@ -13,6 +13,7 @@ #define __SERIAL_IO_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SERIAL_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ServiceBinding.h b/src/include/ipxe/efi/Protocol/ServiceBinding.h index 6baf73aa7..d23059ccf 100644 --- a/src/include/ipxe/efi/Protocol/ServiceBinding.h +++ b/src/include/ipxe/efi/Protocol/ServiceBinding.h @@ -14,6 +14,7 @@ #define __EFI_SERVICE_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Forward reference for pure ANSI compatability diff --git a/src/include/ipxe/efi/Protocol/ShimLock.h b/src/include/ipxe/efi/Protocol/ShimLock.h index b31365173..8fd3c3bc8 100644 --- a/src/include/ipxe/efi/Protocol/ShimLock.h +++ b/src/include/ipxe/efi/Protocol/ShimLock.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SHIM_LOCK_PROTOCOL_GUID \ { 0x605dab50, 0xe046, 0x4300, \ diff --git a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h index 62edb2a88..39944c31a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h +++ b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_FILE_SYSTEM_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimpleNetwork.h b/src/include/ipxe/efi/Protocol/SimpleNetwork.h index 141ab8856..d7e4e1182 100644 --- a/src/include/ipxe/efi/Protocol/SimpleNetwork.h +++ b/src/include/ipxe/efi/Protocol/SimpleNetwork.h @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_NETWORK_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_NETWORK_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimplePointer.h b/src/include/ipxe/efi/Protocol/SimplePointer.h index 45ddf8d5c..1381b7ec1 100644 --- a/src/include/ipxe/efi/Protocol/SimplePointer.h +++ b/src/include/ipxe/efi/Protocol/SimplePointer.h @@ -12,6 +12,7 @@ #define __SIMPLE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_POINTER_PROTOCOL_GUID \ { \ @@ -56,12 +57,12 @@ typedef struct { UINT64 ResolutionX; /// /// The resolution of the pointer device on the y-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a y-axis. /// UINT64 ResolutionY; /// /// The resolution of the pointer device on the z-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a z-axis. /// UINT64 ResolutionZ; /// diff --git a/src/include/ipxe/efi/Protocol/SimpleTextIn.h b/src/include/ipxe/efi/Protocol/SimpleTextIn.h index 11daeb5bc..1198ff81a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextIn.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextIn.h @@ -13,6 +13,7 @@ #define __SIMPLE_TEXT_IN_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_INPUT_PROTOCOL_GUID \ { \ @@ -102,6 +103,7 @@ EFI_STATUS @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ typedef diff --git a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h index 9a93da509..f797a45c9 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h @@ -14,6 +14,7 @@ #define __SIMPLE_TEXT_IN_EX_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleTextIn.h> @@ -188,6 +189,7 @@ typedef struct { @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ diff --git a/src/include/ipxe/efi/Protocol/SimpleTextOut.h b/src/include/ipxe/efi/Protocol/SimpleTextOut.h index 824018822..349e9debe 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextOut.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextOut.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_TEXT_OUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h new file mode 100644 index 000000000..f00eb925c --- /dev/null +++ b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h @@ -0,0 +1,213 @@ +/** @file + EFI Storage Security Command Protocol as defined in UEFI 2.3.1 specification. + This protocol is used to abstract mass storage devices to allow code running in + the EFI boot services environment to send security protocol commands to mass + storage devices without specific knowledge of the type of device or controller + that manages the device. + + Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __STORAGE_SECURITY_COMMAND_H__ +#define __STORAGE_SECURITY_COMMAND_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_STORAGE_SECURITY_COMMAND_PROTOCOL_GUID \ + { \ + 0xC88B0B6D, 0x0DFC, 0x49A7, {0x9C, 0xB4, 0x49, 0x07, 0x4B, 0x4C, 0x3A, 0x78 } \ + } + +typedef struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL EFI_STORAGE_SECURITY_COMMAND_PROTOCOL; + +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. + + If the PayloadBufferSize is zero, the security protocol command is sent using the + Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the + data written to the payload data buffer. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available + data from the device. The PayloadBuffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_RECEIVE_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ); + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the payload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specific data + SecurityProtocolSpecificData. If the underlying protocol command requires a + specific padding for the command payload, the SendData function shall add padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. If the PayloadBufferSize is zero, the security protocol command is + sent using the Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function + shall return EFI_UNSUPPORTED. If there is no media in the device, the function + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall return + EFI_SUCCESS. If the security protocol command completes with an error, the function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_SEND_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + IN VOID *PayloadBuffer + ); + +/// +/// The EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is used to send security protocol +/// commands to a mass storage device. Two types of security protocol commands +/// are supported. SendData sends a command with data to a device. ReceiveData +/// sends a command that receives data and/or the result of one or more commands +/// sent by SendData. +/// +/// The security protocol command formats supported shall be based on the definition +/// of the SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands defined in SPC-4. +/// If the device uses the SCSI command set, no translation is needed in the firmware +/// and the firmware can package the parameters into a SECURITY PROTOCOL IN or SECURITY +/// PROTOCOL OUT command and send the command to the device. If the device uses a +/// non-SCSI command set, the firmware shall map the command and data payload to the +/// corresponding command and payload format defined in the non-SCSI command set +/// (for example, TRUSTED RECEIVE and TRUSTED SEND in ATA8-ACS). +/// +/// The firmware shall automatically add an EFI_STORAGE_SECURITY_COMMAND_PROTOCOL +/// for any storage devices detected during system boot that support SPC-4, ATA8-ACS +/// or their successors. +/// +struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL { + EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData; + EFI_STORAGE_SECURITY_SEND_DATA SendData; +}; + +extern EFI_GUID gEfiStorageSecurityCommandProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Supplicant.h b/src/include/ipxe/efi/Protocol/Supplicant.h new file mode 100644 index 000000000..51a568335 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Supplicant.h @@ -0,0 +1,461 @@ +/** @file + This file defines the EFI Supplicant Protocol. + + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_SUPPLICANT_PROTOCOL_H__ +#define __EFI_SUPPLICANT_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Protocol/WiFi2.h> + +/// +/// The EFI Supplicant Service Binding Protocol is used to locate EFI +/// Supplicant Protocol drivers to create and destroy child of the driver to +/// communicate with other host using Supplicant protocol. +/// +#define EFI_SUPPLICANT_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x45bcd98e, 0x59ad, 0x4174, { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 } \ + } + +/// +/// The EFI Supplicant protocol provides services to process authentication and +/// data encryption/decryption for security management. +/// +#define EFI_SUPPLICANT_PROTOCOL_GUID \ + { \ + 0x54fcc43e, 0xaa89, 0x4333, { 0x9a, 0x85, 0xcd, 0xea, 0x24, 0x5, 0x1e, 0x9e } \ + } + +typedef struct _EFI_SUPPLICANT_PROTOCOL EFI_SUPPLICANT_PROTOCOL; + +/// +/// EFI_SUPPLICANT_CRYPT_MODE +/// +typedef enum { + // + // Encrypt data provided in the fragment buffers. + // + EfiSupplicantEncrypt, + // + // Decrypt data provided in the fragment buffers. + // + EfiSupplicantDecrypt, +} EFI_SUPPLICANT_CRYPT_MODE; + +/// +/// EFI_SUPPLICANT_DATA_TYPE +/// +typedef enum { + // + // Session Configuration + // + + // + // Current authentication type in use. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211AKMSuite, + // + // Group data encryption type in use. The corresponding Data is of type + // EFI_SUPPLICANT_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211GroupDataCipherSuite, + // + // Pairwise encryption type in use. The corresponding Data is of type + // EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211PairwiseCipherSuite, + // + // PSK password. The corresponding Data is a NULL-terminated ASCII string. + // + EfiSupplicant80211PskPassword, + // + // Target SSID name. The corresponding Data is of type EFI_80211_SSID. + // + EfiSupplicant80211TargetSSIDName, + // + // Station MAC address. The corresponding Data is of type + // EFI_80211_MAC_ADDRESS. + // + EfiSupplicant80211StationMac, + // + // Target SSID MAC address. The corresponding Data is 6 bytes MAC address. + // + EfiSupplicant80211TargetSSIDMac, + + // + // Session Information + // + + // + // 802.11 PTK. The corresponding Data is of type EFI_SUPPLICANT_KEY. + // + EfiSupplicant80211PTK, + // + // 802.11 GTK. The corresponding Data is of type EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211GTK, + // + // Supplicant state. The corresponding Data is + // EFI_EAPOL_SUPPLICANT_PAE_STATE. + // + EfiSupplicantState, + // + // 802.11 link state. The corresponding Data is EFI_80211_LINK_STATE. + // + EfiSupplicant80211LinkState, + // + // Flag indicates key is refreshed. The corresponding Data is + // EFI_SUPPLICANT_KEY_REFRESH. + // + EfiSupplicantKeyRefresh, + + // + // Session Configuration + // + + // + // Supported authentication types. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedAKMSuites, + // + // Supported software encryption types provided by supplicant driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedSoftwareCipherSuites, + // + // Supported hardware encryption types provided by wireless UNDI driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedHardwareCipherSuites, + + // + // Session Information + // + + // + // 802.11 Integrity GTK. The corresponding Data is of type + // EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211IGTK, + // + // 802.11 PMK. The corresponding Data is 32 bytes pairwise master key. + // + EfiSupplicant80211PMK, + EfiSupplicantDataTypeMaximum +} EFI_SUPPLICANT_DATA_TYPE; + +/// +/// EFI_80211_LINK_STATE +/// +typedef enum { + // + // Indicates initial start state, unauthenticated, unassociated. + // + Ieee80211UnauthenticatedUnassociated, + // + // Indicates authenticated, unassociated. + // + Ieee80211AuthenticatedUnassociated, + // + // Indicates authenticated and associated, but pending RSN authentication. + // + Ieee80211PendingRSNAuthentication, + // + // Indicates authenticated and associated. + // + Ieee80211AuthenticatedAssociated +} EFI_80211_LINK_STATE; + +/// +/// EFI_SUPPLICANT_KEY_TYPE (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + Group, + Pairwise, + PeerKey, + IGTK +} EFI_SUPPLICANT_KEY_TYPE; + +/// +/// EFI_SUPPLICANT_KEY_DIRECTION (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + // + // Indicates that the keys are being installed for the receive direction. + // + Receive, + // + // Indicates that the keys are being installed for the transmit direction. + // + Transmit, + // + // Indicates that the keys are being installed for both the receive and + // transmit directions. + // + Both +} EFI_SUPPLICANT_KEY_DIRECTION; + +/// +/// EFI_SUPPLICANT_KEY_REFRESH +/// +typedef struct { + // + // If TRUE, indicates GTK is just refreshed after a successful call to + // EFI_SUPPLICANT_PROTOCOL.BuildResponsePacket(). + // + BOOLEAN GTKRefresh; +} EFI_SUPPLICANT_KEY_REFRESH; + +#define EFI_MAX_KEY_LEN 64 + +/// +/// EFI_SUPPLICANT_KEY +/// +typedef struct { + // + // The key value. + // + UINT8 Key[EFI_MAX_KEY_LEN]; + // + // Length in bytes of the Key. Should be up to EFI_MAX_KEY_LEN. + // + UINT8 KeyLen; + // + // The key identifier. + // + UINT8 KeyId; + // + // Defines whether this key is a group key, pairwise key, PeerKey, or + // Integrity Group. + // + EFI_SUPPLICANT_KEY_TYPE KeyType; + // + // The value is set according to the KeyType. + // + EFI_80211_MAC_ADDRESS Addr; + // + // The Receive Sequence Count value. + // + UINT8 Rsc[8]; + // + // Length in bytes of the Rsc. Should be up to 8. + // + UINT8 RscLen; + // + // Indicates whether the key is configured by the Authenticator or + // Supplicant. The value true indicates Authenticator. + // + BOOLEAN IsAuthenticator; + // + // The cipher suite required for this association. + // + EFI_80211_SUITE_SELECTOR CipherSuite; + // + // Indicates the direction for which the keys are to be installed. + // + EFI_SUPPLICANT_KEY_DIRECTION Direction; +} EFI_SUPPLICANT_KEY; + +/// +/// EFI_SUPPLICANT_GTK_LIST +/// +typedef struct { + // + // Indicates the number of GTKs that are contained in GTKList. + // + UINT8 GTKCount; + // + // A variable-length array of GTKs of type EFI_SUPPLICANT_KEY. The number of + // entries is specified by GTKCount. + // + EFI_SUPPLICANT_KEY GTKList[1]; +} EFI_SUPPLICANT_GTK_LIST; + +/// +/// EFI_SUPPLICANT_FRAGMENT_DATA +/// +typedef struct { + // + // Length of data buffer in the fragment. + // + UINT32 FragmentLength; + // + // Pointer to the data buffer in the fragment. + // + VOID *FragmentBuffer; +} EFI_SUPPLICANT_FRAGMENT_DATA; + +/** + BuildResponsePacket() is called during STA and AP authentication is in + progress. Supplicant derives the PTK or session keys depend on type of + authentication is being employed. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] RequestBuffer Pointer to the most recently received EAPOL + packet. NULL means the supplicant need + initiate the EAP authentication session and + send EAPOL-Start message. + @param[in] RequestBufferSize + Packet size in bytes for the most recently + received EAPOL packet. 0 is only valid when + RequestBuffer is NULL. + @param[out] Buffer Pointer to the buffer to hold the built + packet. + @param[in, out] BufferSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The required EAPOL packet is built + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + RequestBuffer is NULL, but RequestSize is + NOT 0. + RequestBufferSize is 0. + Buffer is NULL, but RequestBuffer is NOT 0. + BufferSize is NULL. + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response + packet. + @retval EFI_NOT_READY Current EAPOL session state is NOT ready to + build ResponsePacket. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_BUILD_RESPONSE_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN UINT8 *RequestBuffer OPTIONAL, + IN UINTN RequestBufferSize OPTIONAL, + OUT UINT8 *Buffer, + IN OUT UINTN *BufferSize + ); + +/** + ProcessPacket() is called to Supplicant driver to encrypt or decrypt the data + depending type of authentication type. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in, out] FragmentTable Pointer to a list of fragment. The caller + will take responsible to handle the original + FragmentTable while it may be reallocated in + Supplicant driver. + @param[in] FragmentCount Number of fragment. + @param[in] CryptMode Crypt mode. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + FragmentTable is NULL. + FragmentCount is NULL. + CryptMode is invalid. + @retval EFI_NOT_READY Current supplicant state is NOT Authenticated. + @retval EFI_ABORTED Something wrong decryption the message. + @retval EFI_UNSUPPORTED This API is not supported. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_PROCESS_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN OUT EFI_SUPPLICANT_FRAGMENT_DATA **FragmentTable, + IN UINT32 *FragmentCount, + IN EFI_SUPPLICANT_CRYPT_MODE CryptMode + ); + +/** + Set Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[in] Data Pointer to the buffer to hold the data. + @param[in] DataSize Pointer to the buffer size in bytes. + + @retval EFI_SUCCESS The Supplicant configuration data is set + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_SET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[out] Data Pointer to the buffer to hold the data. + Ignored if DataSize is 0. + @param[in, out] DataSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The Supplicant configuration data is got + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + DataSize is NULL. + Data is NULL if *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The Supplicant configuration data is not + found. + @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the + specified configuration data and the required + size is returned in DataSize. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_GET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + OUT UINT8 *Data OPTIONAL, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_SUPPLICANT_PROTOCOL is designed to provide unified place for WIFI +/// and EAP security management. Both PSK authentication and 802.1X EAP +/// authentication can be managed via this protocol and driver or application +/// as a consumer can only focus on about packet transmitting or receiving. +/// +struct _EFI_SUPPLICANT_PROTOCOL { + EFI_SUPPLICANT_BUILD_RESPONSE_PACKET BuildResponsePacket; + EFI_SUPPLICANT_PROCESS_PACKET ProcessPacket; + EFI_SUPPLICANT_SET_DATA SetData; + EFI_SUPPLICANT_GET_DATA GetData; +}; + +extern EFI_GUID gEfiSupplicantServiceBindingProtocolGuid; +extern EFI_GUID gEfiSupplicantProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Tcg2Protocol.h b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h new file mode 100644 index 000000000..4333211b6 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h @@ -0,0 +1,338 @@ +/** @file + TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0". + See http://trustedcomputinggroup.org for the latest specification + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_PROTOCOL_H__ +#define __TCG2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> +#include <ipxe/efi/IndustryStandard/Tpm20.h> + +#define EFI_TCG2_PROTOCOL_GUID \ + {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }} + +typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; + +typedef struct tdEFI_TCG2_VERSION { + UINT8 Major; + UINT8 Minor; +} EFI_TCG2_VERSION; + +typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP; +typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT; +typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001 +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 + +typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY { + // + // Allocated size of the structure + // + UINT8 Size; + // + // Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION StructureVersion; + // + // Version of the EFI TCG2 protocol. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION ProtocolVersion; + // + // Supported hash algorithms (this bitmap is determined by the supported PCR + // banks in the TPM and the hashing algorithms supported by the firmware) + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; + // + // Bitmap of supported event log formats + // + EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; + // + // False = TPM not present + // + BOOLEAN TPMPresentFlag; + // + // Max size (in bytes) of a command that can be sent to the TPM + // + UINT16 MaxCommandSize; + // + // Max size (in bytes) of a response that can be provided by the TPM + // + UINT16 MaxResponseSize; + // + // 4-byte Vendor ID + // (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID") + // + UINT32 ManufacturerID; + // + // Maximum number of PCR banks (hashing algorithms) supported. + // No granularity is provided to support a specific set of algorithms. + // Minimum value is 1. + // + UINT32 NumberOfPCRBanks; + // + // A bitmap of currently active PCR banks (hashing algorithms). + // This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap. + // NumberOfPcrBanks defines the number of bits that are set. + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; +} EFI_TCG2_BOOT_SERVICE_CAPABILITY; + +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 + +// +// This bit is shall be set when an event shall be extended but not logged. +// +#define EFI_TCG2_EXTEND_ONLY 0x0000000000000001 +// +// This bit shall be set when the intent is to measure a PE/COFF image. +// +#define PE_COFF_IMAGE 0x0000000000000010 + +#define MAX_PCR_INDEX 23 + +#pragma pack(1) + +#define EFI_TCG2_EVENT_HEADER_VERSION 1 + +typedef struct { + // + // Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)). + // + UINT32 HeaderSize; + // + // Header version. For this version of this specification, the value shall be 1. + // + UINT16 HeaderVersion; + // + // Index of the PCR that shall be extended (0 - 23). + // + TCG_PCRINDEX PCRIndex; + // + // Type of the event that shall be extended (and optionally logged). + // + TCG_EVENTTYPE EventType; +} EFI_TCG2_EVENT_HEADER; + +typedef struct tdEFI_TCG2_EVENT { + // + // Total size of the event including the Size component, the header and the Event data. + // + UINT32 Size; + EFI_TCG2_EVENT_HEADER Header; + UINT8 Event[1]; +} EFI_TCG2_EVENT; + +#pragma pack() + +/** + The EFI_TCG2_PROTOCOL GetCapability function call provides protocol + capability information and state information. + + @param[in] This Indicates the calling context + @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY + structure and sets the size field to the size of the structure allocated. + The callee fills in the fields with the EFI protocol capability information + and the current EFI TCG2 state information up to the number of fields which + fit within the size of the structure passed in. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + The ProtocolCapability variable will not be populated. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + The ProtocolCapability variable will not be populated. + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. + It will be partially populated (required Size field will be set). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_CAPABILITY)( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ); + +/** + The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to + retrieve the address of a given event log and its last entry. + + @param[in] This Indicates the calling context + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[out] EventLogLocation A pointer to the memory address of the event log. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would + have exceeded the area allocated for events, this value is set to TRUE. + Otherwise, the value will be FALSE and the Event Log will be complete. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect + (e.g. asking for an event log whose format is not supported). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_EVENT_LOG)( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated + ); + +/** + The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with + an opportunity to extend and optionally log events without requiring + knowledge of actual TPM commands. + The extend operation will occur even if this function cannot create an event + log entry (e.g. due to the event log being full). + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. + @param[in] EfiTcgEvent Pointer to data buffer containing information about the event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_HASH_LOG_EXTEND_EVENT)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *EfiTcgEvent + ); + +/** + This service enables the sending of commands to the TPM. + + @param[in] This Indicates the calling context + @param[in] InputParameterBlockSize Size of the TPM input parameter block. + @param[in] InputParameterBlock Pointer to the TPM input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SUBMIT_COMMAND)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service returns the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. + + @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks + ); + +/** + This service sets the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set. + + @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks + ); + +/** + This service retrieves the result of a previous invocation of SetActivePcrBanks. + + @param[in] This Indicates the calling context + @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot. + @param[out] Response The response from the SetActivePcrBank request. + + @retval EFI_SUCCESS The result value could be returned. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *OperationPresent, + OUT UINT32 *Response + ); + +struct tdEFI_TCG2_PROTOCOL { + EFI_TCG2_GET_CAPABILITY GetCapability; + EFI_TCG2_GET_EVENT_LOG GetEventLog; + EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; + EFI_TCG2_SUBMIT_COMMAND SubmitCommand; + EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks; + EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks; + EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks; +}; + +extern EFI_GUID gEfiTcg2ProtocolGuid; + +// +// Log entries after Get Event Log service +// + +#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \ + {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }} + +extern EFI_GUID gEfiTcg2FinalEventsTableGuid; + +typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE { + // + // The version of this structure. + // + UINT64 Version; + // + // Number of events recorded after invocation of GetEventLog API + // + UINT64 NumberOfEvents; + // + // List of events of type TCG_PCR_EVENT2. + // + // TCG_PCR_EVENT2 Event[1]; +} EFI_TCG2_FINAL_EVENTS_TABLE; + +#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 + +#endif diff --git a/src/include/ipxe/efi/Protocol/TcgService.h b/src/include/ipxe/efi/Protocol/TcgService.h index d225ae884..88b9f0ea9 100644 --- a/src/include/ipxe/efi/Protocol/TcgService.h +++ b/src/include/ipxe/efi/Protocol/TcgService.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _TCG_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp4.h b/src/include/ipxe/efi/Protocol/Tcp4.h index 249f1fe0c..eeecd366d 100644 --- a/src/include/ipxe/efi/Protocol/Tcp4.h +++ b/src/include/ipxe/efi/Protocol/Tcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_TCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp6.h b/src/include/ipxe/efi/Protocol/Tcp6.h index ddceaaf9f..df0ed6500 100644 --- a/src/include/ipxe/efi/Protocol/Tcp6.h +++ b/src/include/ipxe/efi/Protocol/Tcp6.h @@ -16,6 +16,7 @@ #define __EFI_TCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/Udp4.h b/src/include/ipxe/efi/Protocol/Udp4.h index dc0586d81..7e8cc68c9 100644 --- a/src/include/ipxe/efi/Protocol/Udp4.h +++ b/src/include/ipxe/efi/Protocol/Udp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_UDP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> // diff --git a/src/include/ipxe/efi/Protocol/Udp6.h b/src/include/ipxe/efi/Protocol/Udp6.h index 5a62a3e02..4f176b8db 100644 --- a/src/include/ipxe/efi/Protocol/Udp6.h +++ b/src/include/ipxe/efi/Protocol/Udp6.h @@ -15,6 +15,7 @@ #define __EFI_UDP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/UgaDraw.h b/src/include/ipxe/efi/Protocol/UgaDraw.h index c268bd2d2..9e07948c4 100644 --- a/src/include/ipxe/efi/Protocol/UgaDraw.h +++ b/src/include/ipxe/efi/Protocol/UgaDraw.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_UGADRAW_H +#define _IPXE_EFI_UGADRAW_H + /** @file UGA Draw protocol from the EFI 1.10 specification. @@ -12,6 +15,7 @@ #define __UGA_DRAW_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_UGA_DRAW_PROTOCOL_GUID \ { \ @@ -159,3 +163,5 @@ struct _EFI_UGA_DRAW_PROTOCOL { extern EFI_GUID gEfiUgaDrawProtocolGuid; #endif + +#endif /* _IPXE_EFI_UGADRAW_H */ diff --git a/src/include/ipxe/efi/Protocol/UnicodeCollation.h b/src/include/ipxe/efi/Protocol/UnicodeCollation.h index f708624ee..96933d006 100644 --- a/src/include/ipxe/efi/Protocol/UnicodeCollation.h +++ b/src/include/ipxe/efi/Protocol/UnicodeCollation.h @@ -12,11 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UNICODE_COLLATION_H__ FILE_LICENCE ( BSD2_PATENT ); - -#define EFI_UNICODE_COLLATION_PROTOCOL_GUID \ - { \ - 0x1d85cd7f, 0xf43d, 0x11d2, {0x9a, 0xc, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ - } +FILE_SECBOOT ( PERMITTED ); #define EFI_UNICODE_COLLATION_PROTOCOL2_GUID \ { \ @@ -26,16 +22,6 @@ FILE_LICENCE ( BSD2_PATENT ); typedef struct _EFI_UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL; /// -/// Protocol GUID name defined in EFI1.1. -/// -#define UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL_GUID - -/// -/// Protocol defined in EFI1.1. -/// -typedef EFI_UNICODE_COLLATION_PROTOCOL UNICODE_COLLATION_INTERFACE; - -/// /// Protocol data structures and defines /// #define EFI_UNICODE_BYTE_ORDER_MARK (CHAR16) (0xfeff) @@ -182,7 +168,6 @@ struct _EFI_UNICODE_COLLATION_PROTOCOL { CHAR8 *SupportedLanguages; }; -extern EFI_GUID gEfiUnicodeCollationProtocolGuid; extern EFI_GUID gEfiUnicodeCollation2ProtocolGuid; #endif diff --git a/src/include/ipxe/efi/Protocol/Usb2HostController.h b/src/include/ipxe/efi/Protocol/Usb2HostController.h index 657918d44..4ef2a0cc6 100644 --- a/src/include/ipxe/efi/Protocol/Usb2HostController.h +++ b/src/include/ipxe/efi/Protocol/Usb2HostController.h @@ -13,6 +13,7 @@ #define _USB2_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/UsbIo.h> diff --git a/src/include/ipxe/efi/Protocol/UsbHostController.h b/src/include/ipxe/efi/Protocol/UsbHostController.h index 5336f00b3..f694b80d5 100644 --- a/src/include/ipxe/efi/Protocol/UsbHostController.h +++ b/src/include/ipxe/efi/Protocol/UsbHostController.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_USBHOSTCONTROLLER_H +#define _IPXE_EFI_USBHOSTCONTROLLER_H + /** @file EFI_USB_HC_PROTOCOL as defined in EFI 1.10. @@ -14,6 +17,7 @@ #define _USB_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Usb2HostController.h> @@ -501,3 +505,5 @@ struct _EFI_USB_HC_PROTOCOL { extern EFI_GUID gEfiUsbHcProtocolGuid; #endif + +#endif /* _IPXE_EFI_USBHOSTCONTROLLER_H */ diff --git a/src/include/ipxe/efi/Protocol/UsbIo.h b/src/include/ipxe/efi/Protocol/UsbIo.h index d5f02bb17..7686f241e 100644 --- a/src/include/ipxe/efi/Protocol/UsbIo.h +++ b/src/include/ipxe/efi/Protocol/UsbIo.h @@ -14,6 +14,7 @@ #define __USB_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Usb.h> diff --git a/src/include/ipxe/efi/Protocol/VlanConfig.h b/src/include/ipxe/efi/Protocol/VlanConfig.h index 79b6bc463..aa163ab95 100644 --- a/src/include/ipxe/efi/Protocol/VlanConfig.h +++ b/src/include/ipxe/efi/Protocol/VlanConfig.h @@ -13,6 +13,7 @@ #define __EFI_VLANCONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_VLAN_CONFIG_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/WiFi2.h b/src/include/ipxe/efi/Protocol/WiFi2.h new file mode 100644 index 000000000..016e6f588 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/WiFi2.h @@ -0,0 +1,410 @@ +/** @file + This file defines the EFI Wireless MAC Connection II Protocol. + + Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_WIFI2_PROTOCOL_H__ +#define __EFI_WIFI2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL_GUID \ + { \ + 0x1b0fb9bf, 0x699d, 0x4fdd, { 0xa7, 0xc3, 0x25, 0x46, 0x68, 0x1b, 0xf6, 0x3b } \ + } + +typedef struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL; + +/// +/// EFI_80211_BSS_TYPE +/// +typedef enum { + IeeeInfrastructureBSS, + IeeeIndependentBSS, + IeeeMeshBSS, + IeeeAnyBss +} EFI_80211_BSS_TYPE; + +/// +/// EFI_80211_CONNECT_NETWORK_RESULT_CODE +/// +typedef enum { + // + // The connection establishment operation finished successfully. + // + ConnectSuccess, + // + // The connection was refused by the Network. + // + ConnectRefused, + // + // The connection establishment operation failed (i.e, Network is not + // detected). + // + ConnectFailed, + // + // The connection establishment operation was terminated on timeout. + // + ConnectFailureTimeout, + // + // The connection establishment operation failed on other reason. + // + ConnectFailedReasonUnspecified +} EFI_80211_CONNECT_NETWORK_RESULT_CODE; + +/// +/// EFI_80211_MAC_ADDRESS +/// +typedef struct { + UINT8 Addr[6]; +} EFI_80211_MAC_ADDRESS; + +#define EFI_MAX_SSID_LEN 32 + +/// +/// EFI_80211_SSID +/// +typedef struct { + // + // Length in bytes of the SSId. If zero, ignore SSId field. + // + UINT8 SSIdLen; + // + // Specifies the service set identifier. + // + UINT8 SSId[EFI_MAX_SSID_LEN]; +} EFI_80211_SSID; + +/// +/// EFI_80211_GET_NETWORKS_DATA +/// +typedef struct { + // + // The number of EFI_80211_SSID in SSIDList. If zero, SSIDList should be + // ignored. + // + UINT32 NumOfSSID; + // + // The SSIDList is a pointer to an array of EFI_80211_SSID instances. The + // number of entries is specified by NumOfSSID. The array should only include + // SSIDs of hidden networks. It is suggested that the caller inputs less than + // 10 elements in the SSIDList. It is the caller's responsibility to free + // this buffer. + // + EFI_80211_SSID SSIDList[1]; +} EFI_80211_GET_NETWORKS_DATA; + +/// +/// EFI_80211_SUITE_SELECTOR +/// +typedef struct { + // + // Organization Unique Identifier, as defined in IEEE 802.11 standard, + // usually set to 00-0F-AC. + // + UINT8 Oui[3]; + // + // Suites types, as defined in IEEE 802.11 standard. + // + UINT8 SuiteType; +} EFI_80211_SUITE_SELECTOR; + +/// +/// EFI_80211_AKM_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of AKM suite selectors that are contained in + // AKMSuiteList. If zero, the AKMSuiteList is ignored. + // + UINT16 AKMSuiteCount; + // + // A variable-length array of AKM suites, as defined in IEEE 802.11 standard, + // Table 8-101. The number of entries is specified by AKMSuiteCount. + // + EFI_80211_SUITE_SELECTOR AKMSuiteList[1]; +} EFI_80211_AKM_SUITE_SELECTOR; + +/// +/// EFI_80211_CIPHER_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of cipher suites that are contained in + // CipherSuiteList. If zero, the CipherSuiteList is ignored. + // + UINT16 CipherSuiteCount; + // + // A variable-length array of cipher suites, as defined in IEEE 802.11 + // standard, Table 8-99. The number of entries is specified by + // CipherSuiteCount. + // + EFI_80211_SUITE_SELECTOR CipherSuiteList[1]; +} EFI_80211_CIPHER_SUITE_SELECTOR; + +/// +/// EFI_80211_NETWORK +/// +typedef struct { + // + // Specifies the type of the BSS. + // + EFI_80211_BSS_TYPE BSSType; + // + // Specifies the SSID of the BSS. + // + EFI_80211_SSID SSId; + // + // Pointer to the AKM suites supported in the wireless network. + // + EFI_80211_AKM_SUITE_SELECTOR *AKMSuite; + // + // Pointer to the cipher suites supported in the wireless network. + // + EFI_80211_CIPHER_SUITE_SELECTOR *CipherSuite; +} EFI_80211_NETWORK; + +/// +/// EFI_80211_NETWORK_DESCRIPTION +/// +typedef struct { + // + // Specifies the found wireless network. + // + EFI_80211_NETWORK Network; + // + // Indicates the network quality as a value between 0 to 100, where 100 + // indicates the highest network quality. + // + UINT8 NetworkQuality; +} EFI_80211_NETWORK_DESCRIPTION; + +/// +/// EFI_80211_GET_NETWORKS_RESULT +/// +typedef struct { + // + // The number of EFI_80211_NETWORK_DESCRIPTION in NetworkDesc. If zero, + // NetworkDesc should be ignored. + // + UINT8 NumOfNetworkDesc; + // + // The NetworkDesc is a pointer to an array of EFI_80211_NETWORK_DESCRIPTION + // instances. It is caller's responsibility to free this buffer. + // + EFI_80211_NETWORK_DESCRIPTION NetworkDesc[1]; +} EFI_80211_GET_NETWORKS_RESULT; + +/// +/// EFI_80211_GET_NETWORKS_TOKEN +/// +typedef struct { + // + // If the status code returned by GetNetworks() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_NOT_FOUND: Failed to find available wireless networks. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the input data for getting networks. + // + EFI_80211_GET_NETWORKS_DATA *Data; + // + // Indicates the scan result. It is caller's responsibility to free this + // buffer. + // + EFI_80211_GET_NETWORKS_RESULT *Result; +} EFI_80211_GET_NETWORKS_TOKEN; + +/// +/// EFI_80211_CONNECT_NETWORK_DATA +/// +typedef struct { + // + // Specifies the wireless network to connect to. + // + EFI_80211_NETWORK *Network; + // + // Specifies a time limit in seconds that is optionally present, after which + // the connection establishment procedure is terminated by the UNDI driver. + // This is an optional parameter and may be 0. Values of 5 seconds or higher + // are recommended. + // + UINT32 FailureTimeout; +} EFI_80211_CONNECT_NETWORK_DATA; + +/// +/// EFI_80211_CONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by ConnectNetwork() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the connection data. + // + EFI_80211_CONNECT_NETWORK_DATA *Data; + // + // Indicates the connection state. + // + EFI_80211_CONNECT_NETWORK_RESULT_CODE ResultCode; +} EFI_80211_CONNECT_NETWORK_TOKEN; + +/// +/// EFI_80211_DISCONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by DisconnectNetwork() is EFI_SUCCESS, then + // this Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // + EFI_STATUS Status; +} EFI_80211_DISCONNECT_NETWORK_TOKEN; + +/** + Request a survey of potential wireless networks that administrator can later + elect to try to join. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for getting wireless + network. + + @retval EFI_SUCCESS The operation started, and an event will + eventually be raised for the caller. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters is not + supported by this implementation. + @retval EFI_ALREADY_STARTED The operation of getting wireless network is + already started. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_GET_NETWORKS_TOKEN *Token + ); + +/** + Connect a wireless network specified by a particular SSID, BSS type and + Security type. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for connecting wireless + network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_ALREADY_STARTED The connection process is already started. + @retval EFI_NOT_FOUND The specified wireless network is not found. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_CONNECT_NETWORK_TOKEN *Token + ); + +/** + Request a disconnection with current connected wireless network. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for disconnecting + wireless network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_NOT_FOUND Not connected to a wireless network. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_DISCONNECT_NETWORK_TOKEN *Token + ); + +/// +/// The EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL provides network management +/// service interfaces for 802.11 network stack. It is used by network +/// applications (and drivers) to establish wireless connection with a wireless +/// network. +/// +struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL { + EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS GetNetworks; + EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK ConnectNetwork; + EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK DisconnectNetwork; +}; + +extern EFI_GUID gEfiWiFi2ProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/RiscV64/ProcessorBind.h b/src/include/ipxe/efi/RiscV64/ProcessorBind.h new file mode 100644 index 000000000..7b3122fc2 --- /dev/null +++ b/src/include/ipxe/efi/RiscV64/ProcessorBind.h @@ -0,0 +1,176 @@ +/** @file + Processor or Compiler specific defines and types for RISC-V + + Copyright (c) 2016 - 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PROCESSOR_BIND_H__ +#define PROCESSOR_BIND_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +/// +/// Define the processor type so other code can make processor based choices +/// +#define MDE_CPU_RISCV64 + +// +// Make sure we are using the correct packing rules per EFI specification +// +#if !defined (__GNUC__) + #pragma pack() +#endif + +/// +/// 8-byte unsigned value +/// +typedef unsigned long long UINT64 __attribute__ ((aligned (8))); +/// +/// 8-byte signed value +/// +typedef long long INT64 __attribute__ ((aligned (8))); +/// +/// 4-byte unsigned value +/// +typedef unsigned int UINT32 __attribute__ ((aligned (4))); +/// +/// 4-byte signed value +/// +typedef int INT32 __attribute__ ((aligned (4))); +/// +/// 2-byte unsigned value +/// +typedef unsigned short UINT16 __attribute__ ((aligned (2))); +/// +/// 2-byte Character. Unless otherwise specified all strings are stored in the +/// UTF-16 encoding format as defined by Unicode 2.1 and ISO/IEC 10646 standards. +/// +typedef unsigned short CHAR16 __attribute__ ((aligned (2))); +/// +/// 2-byte signed value +/// +typedef short INT16 __attribute__ ((aligned (2))); +/// +/// Logical Boolean. 1-byte value containing 0 for FALSE or a 1 for TRUE. Other +/// values are undefined. +/// +typedef unsigned char BOOLEAN; +/// +/// 1-byte unsigned value +/// +typedef unsigned char UINT8; +/// +/// 1-byte Character +/// +typedef char CHAR8; +/// +/// 1-byte signed value +/// +typedef signed char INT8; +/// +/// Unsigned value of native width. (4 bytes on supported 32-bit processor instructions, +/// 8 bytes on supported 64-bit processor instructions) +/// +typedef UINT64 UINTN __attribute__ ((aligned (8))); +/// +/// Signed value of native width. (4 bytes on supported 32-bit processor instructions, +/// 8 bytes on supported 64-bit processor instructions) +/// +typedef INT64 INTN __attribute__ ((aligned (8))); + +// +// Processor specific defines +// + +/// +/// A value of native width with the highest bit set. +/// +#define MAX_BIT 0x8000000000000000ULL +/// +/// A value of native width with the two highest bits set. +/// +#define MAX_2_BITS 0xC000000000000000ULL + +/// +/// Maximum legal RV64 address +/// +#define MAX_ADDRESS 0xFFFFFFFFFFFFFFFFULL + +/// +/// Maximum usable address at boot time (48 bits using 4 KB pages in Supervisor mode) +/// +#define MAX_ALLOC_ADDRESS 0xFFFFFFFFFFFFULL + +/// +/// Maximum legal RISC-V INTN and UINTN values. +/// +#define MAX_INTN ((INTN)0x7FFFFFFFFFFFFFFFULL) +#define MAX_UINTN ((UINTN)0xFFFFFFFFFFFFFFFFULL) + +/// +/// The stack alignment required for RISC-V +/// +#define CPU_STACK_ALIGNMENT 16 + +/// +/// Page allocation granularity for RISC-V +/// +#define DEFAULT_PAGE_ALLOCATION_GRANULARITY (0x1000) +#define RUNTIME_PAGE_ALLOCATION_GRANULARITY (0x1000) + +// +// Modifier to ensure that all protocol member functions and EFI intrinsics +// use the correct C calling convention. All protocol member functions and +// EFI intrinsics are required to modify their member functions with EFIAPI. +// +#ifdef EFIAPI +/// +/// If EFIAPI is already defined, then we use that definition. +/// +#elif defined (__GNUC__) +/// +/// Define the standard calling convention regardless of optimization level +/// The GCC support assumes a GCC compiler that supports the EFI ABI. The EFI +/// ABI is much closer to the x64 Microsoft* ABI than standard x64 (x86-64) +/// GCC ABI. Thus a standard x64 (x86-64) GCC compiler can not be used for +/// x64. Warning the assembly code in the MDE x64 does not follow the correct +/// ABI for the standard x64 (x86-64) GCC. +/// +#define EFIAPI +#else +/// +/// The default for a non Microsoft* or GCC compiler is to assume the EFI ABI +/// is the standard. +/// +#define EFIAPI +#endif + +#if defined (__GNUC__) +/// +/// For GNU assembly code, .global or .globl can declare global symbols. +/// Define this macro to unify the usage. +/// +#define ASM_GLOBAL .globl +#endif + +/** + Return the pointer to the first instruction of a function given a function pointer. + On x64 CPU architectures, these two pointer values are the same, + so the implementation of this macro is very simple. + + @param FunctionPointer A pointer to a function. + + @return The pointer to the first instruction of a function given a function pointer. + +**/ +#define FUNCTION_ENTRY_POINT(FunctionPointer) (VOID *)(UINTN)(FunctionPointer) + +#ifndef __USER_LABEL_PREFIX__ +#define __USER_LABEL_PREFIX__ +#endif + +#endif diff --git a/src/include/ipxe/efi/Uefi.h b/src/include/ipxe/efi/Uefi.h index 2a9973df9..4b8aad331 100644 --- a/src/include/ipxe/efi/Uefi.h +++ b/src/include/ipxe/efi/Uefi.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_UEFI_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiBaseType.h> #include <ipxe/efi/Uefi/UefiSpec.h> diff --git a/src/include/ipxe/efi/Uefi/UefiBaseType.h b/src/include/ipxe/efi/Uefi/UefiBaseType.h index bf3aa9bb2..80560ed97 100644 --- a/src/include/ipxe/efi/Uefi/UefiBaseType.h +++ b/src/include/ipxe/efi/Uefi/UefiBaseType.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_BASETYPE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Base.h> @@ -235,11 +236,6 @@ typedef union { #define EFI_IMAGE_MACHINE_X64 0x8664 /// -/// PE32+ Machine type for ARM mixed ARM and Thumb/Thumb2 images. -/// -#define EFI_IMAGE_MACHINE_ARMTHUMB_MIXED 0x01C2 - -/// /// PE32+ Machine type for AARCH64 A64 images. /// #define EFI_IMAGE_MACHINE_AARCH64 0xAA64 @@ -272,12 +268,6 @@ typedef union { #define EFI_IMAGE_MACHINE_CROSS_TYPE_SUPPORTED(Machine) ((Machine) == EFI_IMAGE_MACHINE_IA32) - #elif defined (MDE_CPU_ARM) - -#define EFI_IMAGE_MACHINE_TYPE_SUPPORTED(Machine) ((Machine) == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED) - -#define EFI_IMAGE_MACHINE_CROSS_TYPE_SUPPORTED(Machine) (FALSE) - #elif defined (MDE_CPU_AARCH64) #define EFI_IMAGE_MACHINE_TYPE_SUPPORTED(Machine) \ diff --git a/src/include/ipxe/efi/Uefi/UefiGpt.h b/src/include/ipxe/efi/Uefi/UefiGpt.h index 38eff7df5..4699edee5 100644 --- a/src/include/ipxe/efi/Uefi/UefiGpt.h +++ b/src/include/ipxe/efi/Uefi/UefiGpt.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_GPT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The primary GUID Partition Table Header must be diff --git a/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h b/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h index 36468e022..700cb4693 100644 --- a/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h +++ b/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_INTERNAL_FORMREPRESENTATION_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/HiiFormMapMethodGuid.h> @@ -1698,7 +1699,17 @@ typedef enum { EfiKeyF12, EfiKeyPrint, EfiKeySLck, - EfiKeyPause + EfiKeyPause, + EfiKeyIntl0, + EfiKeyIntl1, + EfiKeyIntl2, + EfiKeyIntl3, + EfiKeyIntl4, + EfiKeyIntl5, + EfiKeyIntl6, + EfiKeyIntl7, + EfiKeyIntl8, + EfiKeyIntl9 } EFI_KEY; typedef struct { diff --git a/src/include/ipxe/efi/Uefi/UefiMultiPhase.h b/src/include/ipxe/efi/Uefi/UefiMultiPhase.h index 4ac760469..9584f152d 100644 --- a/src/include/ipxe/efi/Uefi/UefiMultiPhase.h +++ b/src/include/ipxe/efi/Uefi/UefiMultiPhase.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_MULTIPHASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Attributes of variable. @@ -110,7 +111,22 @@ typedef enum { /// by a corresponding call to the underlying isolation architecture. /// EfiUnacceptedMemoryType, - EfiMaxMemoryType + EfiMaxMemoryType, + // + // +---------------------------------------------------+ + // | 0..(EfiMaxMemoryType - 1) - Normal memory type | + // +---------------------------------------------------+ + // | EfiMaxMemoryType..0x6FFFFFFF - Invalid | + // +---------------------------------------------------+ + // | 0x70000000..0x7FFFFFFF - OEM reserved | + // +---------------------------------------------------+ + // | 0x80000000..0xFFFFFFFF - OS reserved | + // +---------------------------------------------------+ + // + MEMORY_TYPE_OEM_RESERVED_MIN = 0x70000000, + MEMORY_TYPE_OEM_RESERVED_MAX = 0x7FFFFFFF, + MEMORY_TYPE_OS_RESERVED_MIN = 0x80000000, + MEMORY_TYPE_OS_RESERVED_MAX = 0xFFFFFFFF } EFI_MEMORY_TYPE; /// diff --git a/src/include/ipxe/efi/Uefi/UefiPxe.h b/src/include/ipxe/efi/Uefi/UefiPxe.h index b4366eda5..54c90f19c 100644 --- a/src/include/ipxe/efi/Uefi/UefiPxe.h +++ b/src/include/ipxe/efi/Uefi/UefiPxe.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_PXE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) diff --git a/src/include/ipxe/efi/Uefi/UefiSpec.h b/src/include/ipxe/efi/Uefi/UefiSpec.h index cc166fc34..824e8dba6 100644 --- a/src/include/ipxe/efi/Uefi/UefiSpec.h +++ b/src/include/ipxe/efi/Uefi/UefiSpec.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_SPEC_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiMultiPhase.h> @@ -108,6 +109,16 @@ typedef enum { #define EFI_MEMORY_CPU_CRYPTO 0x0000000000080000ULL // +// If this flag is set, the memory region is present and capable of having +// memory dynamically removed from the platform. This attribute serves as +// a hint to the OS prior to its ACPI subsystem initialization to avoid +// allocating this memory for core OS data or code that cannot be dynamically +// relocated at runtime. If this flag is clear, the memory region is not +// capable of being dynamically removed from the platform at runtime. +// +#define EFI_MEMORY_HOT_PLUGGABLE 0x0000000000100000 + +// // Runtime memory attribute // #define EFI_MEMORY_RUNTIME 0x8000000000000000ULL @@ -1841,21 +1852,24 @@ EFI_STATUS // // EFI Runtime Services Table // -#define EFI_SYSTEM_TABLE_SIGNATURE SIGNATURE_64 ('I','B','I',' ','S','Y','S','T') -#define EFI_2_80_SYSTEM_TABLE_REVISION ((2 << 16) | (80)) -#define EFI_2_70_SYSTEM_TABLE_REVISION ((2 << 16) | (70)) -#define EFI_2_60_SYSTEM_TABLE_REVISION ((2 << 16) | (60)) -#define EFI_2_50_SYSTEM_TABLE_REVISION ((2 << 16) | (50)) -#define EFI_2_40_SYSTEM_TABLE_REVISION ((2 << 16) | (40)) -#define EFI_2_31_SYSTEM_TABLE_REVISION ((2 << 16) | (31)) -#define EFI_2_30_SYSTEM_TABLE_REVISION ((2 << 16) | (30)) -#define EFI_2_20_SYSTEM_TABLE_REVISION ((2 << 16) | (20)) -#define EFI_2_10_SYSTEM_TABLE_REVISION ((2 << 16) | (10)) -#define EFI_2_00_SYSTEM_TABLE_REVISION ((2 << 16) | (00)) -#define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10)) -#define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02)) -#define EFI_SYSTEM_TABLE_REVISION EFI_2_70_SYSTEM_TABLE_REVISION -#define EFI_SPECIFICATION_VERSION EFI_SYSTEM_TABLE_REVISION +#define EFI_SYSTEM_TABLE_SIGNATURE SIGNATURE_64 ('I','B','I',' ','S','Y','S','T') +#define EFI_2_110_SYSTEM_TABLE_REVISION ((2 << 16) | (110)) +#define EFI_2_100_SYSTEM_TABLE_REVISION ((2 << 16) | (100)) +#define EFI_2_90_SYSTEM_TABLE_REVISION ((2 << 16) | (90)) +#define EFI_2_80_SYSTEM_TABLE_REVISION ((2 << 16) | (80)) +#define EFI_2_70_SYSTEM_TABLE_REVISION ((2 << 16) | (70)) +#define EFI_2_60_SYSTEM_TABLE_REVISION ((2 << 16) | (60)) +#define EFI_2_50_SYSTEM_TABLE_REVISION ((2 << 16) | (50)) +#define EFI_2_40_SYSTEM_TABLE_REVISION ((2 << 16) | (40)) +#define EFI_2_31_SYSTEM_TABLE_REVISION ((2 << 16) | (31)) +#define EFI_2_30_SYSTEM_TABLE_REVISION ((2 << 16) | (30)) +#define EFI_2_20_SYSTEM_TABLE_REVISION ((2 << 16) | (20)) +#define EFI_2_10_SYSTEM_TABLE_REVISION ((2 << 16) | (10)) +#define EFI_2_00_SYSTEM_TABLE_REVISION ((2 << 16) | (00)) +#define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10)) +#define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02)) +#define EFI_SYSTEM_TABLE_REVISION EFI_2_70_SYSTEM_TABLE_REVISION +#define EFI_SPECIFICATION_VERSION EFI_SYSTEM_TABLE_REVISION #define EFI_RUNTIME_SERVICES_SIGNATURE SIGNATURE_64 ('R','U','N','T','S','E','R','V') #define EFI_RUNTIME_SERVICES_REVISION EFI_SPECIFICATION_VERSION @@ -2044,7 +2058,8 @@ typedef struct { UINT32 FirmwareRevision; /// /// The handle for the active console input device. This handle must support - /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL and EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL. + /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL and EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL. If + /// there is no active console, these protocols must still be present. /// EFI_HANDLE ConsoleInHandle; /// @@ -2053,7 +2068,9 @@ typedef struct { /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL *ConIn; /// - /// The handle for the active console output device. + /// The handle for the active console output device. This handle must support the + /// EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. If there is no active console, these protocols + /// must still be present. /// EFI_HANDLE ConsoleOutHandle; /// @@ -2063,7 +2080,8 @@ typedef struct { EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *ConOut; /// /// The handle for the active standard error console device. - /// This handle must support the EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. + /// This handle must support the EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. If there + /// is no active console, this protocol must still be present. /// EFI_HANDLE StandardErrorHandle; /// @@ -2252,7 +2270,7 @@ typedef struct { #define EFI_REMOVABLE_MEDIA_FILE_NAME_IA32 L"\\EFI\\BOOT\\BOOTIA32.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_IA64 L"\\EFI\\BOOT\\BOOTIA64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_X64 L"\\EFI\\BOOT\\BOOTX64.EFI" -#define EFI_REMOVABLE_MEDIA_FILE_NAME_ARM L"\\EFI\\BOOT\\BOOTARM.EFI" +#define EFI_REMOVABLE_MEDIA_FILE_NAME_EBC L"\\EFI\\BOOT\\BOOTARM.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_AARCH64 L"\\EFI\\BOOT\\BOOTAA64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_RISCV64 L"\\EFI\\BOOT\\BOOTRISCV64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_LOONGARCH64 L"\\EFI\\BOOT\\BOOTLOONGARCH64.EFI" @@ -2263,8 +2281,7 @@ typedef struct { #elif defined (MDE_CPU_X64) #define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_X64 #elif defined (MDE_CPU_EBC) - #elif defined (MDE_CPU_ARM) -#define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_ARM +#define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_EBC #elif defined (MDE_CPU_AARCH64) #define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_AARCH64 #elif defined (MDE_CPU_RISCV64) diff --git a/src/include/ipxe/efi/X64/ProcessorBind.h b/src/include/ipxe/efi/X64/ProcessorBind.h index 062a77ba7..fd8c04484 100644 --- a/src/include/ipxe/efi/X64/ProcessorBind.h +++ b/src/include/ipxe/efi/X64/ProcessorBind.h @@ -10,6 +10,7 @@ #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h index 2137b824d..9554a6ad7 100644 --- a/src/include/ipxe/efi/efi.h +++ b/src/include/ipxe/efi/efi.h @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); /* EFI headers rudely redefine NULL */ #undef NULL @@ -39,10 +40,10 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define EFIAPI __attribute__((cdecl,regparm(0))) #endif -/* EFI headers define EFI_HANDLE as a void pointer, which renders type - * checking somewhat useless. Work around this bizarre sabotage - * attempt by redefining EFI_HANDLE as a pointer to an anonymous - * structure. +/* EFI headers define EFI_HANDLE and EFI_EVENT as void pointers, which + * renders type checking somewhat useless. Work around this bizarre + * sabotage attempt by redefining both as pointers to anonymous + * structures. * * EFI headers perform some ABI validation checks via _Static_assert() * that may fail when EFI headers are included on a non-EFI platform. @@ -50,13 +51,16 @@ FILE_LICENCE ( GPL2_OR_LATER ); * included. */ #define EFI_HANDLE STUPID_EFI_HANDLE +#define EFI_EVENT STUPID_EFI_EVENT #ifndef PLATFORM_efi #define _Static_assert(expr, msg) #endif #include <ipxe/efi/Uefi/UefiBaseType.h> #undef EFI_HANDLE +#undef EFI_EVENT #undef _Static_assert typedef struct {} *EFI_HANDLE; +typedef struct {} *EFI_EVENT; /* Include the top-level EFI header files */ #include <ipxe/efi/Uefi.h> @@ -172,6 +176,7 @@ struct efi_config_table { extern EFI_GUID efi_absolute_pointer_protocol_guid; extern EFI_GUID efi_acpi_table_protocol_guid; +extern EFI_GUID efi_adapter_information_protocol_guid; extern EFI_GUID efi_apple_net_boot_protocol_guid; extern EFI_GUID efi_arp_protocol_guid; extern EFI_GUID efi_arp_service_binding_protocol_guid; @@ -192,6 +197,7 @@ extern EFI_GUID efi_dns4_service_binding_protocol_guid; extern EFI_GUID efi_dns6_protocol_guid; extern EFI_GUID efi_dns6_service_binding_protocol_guid; extern EFI_GUID efi_driver_binding_protocol_guid; +extern EFI_GUID efi_eap_configuration_protocol_guid; extern EFI_GUID efi_graphics_output_protocol_guid; extern EFI_GUID efi_hii_config_access_protocol_guid; extern EFI_GUID efi_hii_font_protocol_guid; @@ -219,6 +225,7 @@ extern EFI_GUID efi_nii31_protocol_guid; extern EFI_GUID efi_pci_io_protocol_guid; extern EFI_GUID efi_pci_root_bridge_io_protocol_guid; extern EFI_GUID efi_pxe_base_code_protocol_guid; +extern EFI_GUID efi_rng_protocol_guid; extern EFI_GUID efi_serial_io_protocol_guid; extern EFI_GUID efi_shim_lock_protocol_guid; extern EFI_GUID efi_simple_file_system_protocol_guid; @@ -227,7 +234,10 @@ extern EFI_GUID efi_simple_pointer_protocol_guid; extern EFI_GUID efi_simple_text_input_protocol_guid; extern EFI_GUID efi_simple_text_input_ex_protocol_guid; extern EFI_GUID efi_simple_text_output_protocol_guid; +extern EFI_GUID efi_storage_security_command_protocol_guid; +extern EFI_GUID efi_supplicant_protocol_guid; extern EFI_GUID efi_tcg_protocol_guid; +extern EFI_GUID efi_tcg2_protocol_guid; extern EFI_GUID efi_tcp4_protocol_guid; extern EFI_GUID efi_tcp4_service_binding_protocol_guid; extern EFI_GUID efi_tcp6_protocol_guid; @@ -243,9 +253,21 @@ extern EFI_GUID efi_usb_hc_protocol_guid; extern EFI_GUID efi_usb2_hc_protocol_guid; extern EFI_GUID efi_usb_io_protocol_guid; extern EFI_GUID efi_vlan_config_protocol_guid; +extern EFI_GUID efi_wifi2_protocol_guid; +extern EFI_GUID efi_acpi_10_table_guid; +extern EFI_GUID efi_acpi_20_table_guid; +extern EFI_GUID efi_fdt_table_guid; +extern EFI_GUID efi_smbios_table_guid; +extern EFI_GUID efi_smbios2_table_guid; + +extern EFI_GUID efi_cert_x509_guid; extern EFI_GUID efi_file_info_id; extern EFI_GUID efi_file_system_info_id; +extern EFI_GUID efi_global_variable; +extern EFI_GUID efi_image_security_database_guid; +extern EFI_GUID efi_microsoft_vendor_guid; +extern EFI_GUID efi_tls_ca_certificate_guid; extern EFI_HANDLE efi_image_handle; extern EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image; @@ -258,6 +280,8 @@ extern int efi_shutdown_in_progress; extern const __attribute__ (( pure )) char * efi_guid_ntoa ( CONST EFI_GUID *guid ); extern const __attribute__ (( pure )) char * +efi_tpl_name ( EFI_TPL tpl ); +extern const __attribute__ (( pure )) char * efi_locate_search_type_name ( EFI_LOCATE_SEARCH_TYPE search_type ); extern const __attribute__ (( pure )) char * efi_open_attributes_name ( unsigned int attributes ); @@ -384,5 +408,90 @@ extern EFI_STATUS efi_init ( EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *systab ); extern void efi_raise_tpl ( struct efi_saved_tpl *tpl ); extern void efi_restore_tpl ( struct efi_saved_tpl *tpl ); +extern int efi_open_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern int efi_open_unsafe_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern void efi_close_unsafe ( EFI_HANDLE handle, EFI_GUID *protocol ); +extern int efi_open_by_driver_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern void efi_close_by_driver ( EFI_HANDLE handle, EFI_GUID *protocol ); +extern int efi_open_by_child_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + EFI_HANDLE child, void **interface ); +extern void efi_close_by_child ( EFI_HANDLE handle, EFI_GUID *protocol, + EFI_HANDLE child ); +extern int efi_connect ( EFI_HANDLE device, EFI_HANDLE driver ); +extern int efi_disconnect ( EFI_HANDLE device, EFI_HANDLE driver ); + +/** + * Test protocol existence + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @ret rc Return status code + */ +#define efi_test( handle, protocol ) \ + efi_open_untyped ( (handle), (protocol), NULL ) + +/** + * Open protocol for ephemeral use + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for unsafe persistent use + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_unsafe( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_unsafe_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for persistent use by a driver + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_by_driver( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_by_driver_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for persistent use by a child controller + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v child Child controller handle + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_by_child( handle, protocol, child, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_by_child_untyped ( (handle), (protocol), (child), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) #endif /* _IPXE_EFI_H */ diff --git a/src/include/ipxe/efi/efi_acpi.h b/src/include/ipxe/efi/efi_acpi.h index a698863a6..d11ae95b1 100644 --- a/src/include/ipxe/efi/efi_acpi.h +++ b/src/include/ipxe/efi/efi_acpi.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef ACPI_EFI #define ACPI_PREFIX_efi @@ -20,9 +21,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @v signature Requested table signature * @v index Requested index of table with this signature - * @ret table Table, or UNULL if not found + * @ret table Table, or NULL if not found */ -static inline __attribute__ (( always_inline )) userptr_t +static inline __attribute__ (( always_inline )) const struct acpi_header * ACPI_INLINE ( efi, acpi_find ) ( uint32_t signature, unsigned int index ) { return acpi_find_via_rsdt ( signature, index ); diff --git a/src/include/ipxe/efi/efi_autoboot.h b/src/include/ipxe/efi/efi_autoboot.h index 94fd2d766..29b80fd86 100644 --- a/src/include/ipxe/efi/efi_autoboot.h +++ b/src/include/ipxe/efi/efi_autoboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_autoexec.h b/src/include/ipxe/efi/efi_autoexec.h index 18bc4200c..1e68daeee 100644 --- a/src/include/ipxe/efi/efi_autoexec.h +++ b/src/include/ipxe/efi/efi_autoexec.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_autoexec_load ( void ); diff --git a/src/include/ipxe/efi/efi_block.h b/src/include/ipxe/efi/efi_block.h index f8cf7fc13..b010d71a3 100644 --- a/src/include/ipxe/efi/efi_block.h +++ b/src/include/ipxe/efi/efi_block.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SANBOOT_EFI #define SANBOOT_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_cachedhcp.h b/src/include/ipxe/efi/efi_cachedhcp.h index 5968a1ea2..86164f463 100644 --- a/src/include/ipxe/efi/efi_cachedhcp.h +++ b/src/include/ipxe/efi/efi_cachedhcp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_cmdline.h b/src/include/ipxe/efi/efi_cmdline.h index 45abd5493..ed43d71a7 100644 --- a/src/include/ipxe/efi/efi_cmdline.h +++ b/src/include/ipxe/efi/efi_cmdline.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <wchar.h> diff --git a/src/include/ipxe/efi/efi_download.h b/src/include/ipxe/efi/efi_download.h index 740fcadf5..ca96efae2 100644 --- a/src/include/ipxe/efi/efi_download.h +++ b/src/include/ipxe/efi/efi_download.h @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); /** @file * diff --git a/src/include/ipxe/efi/efi_driver.h b/src/include/ipxe/efi/efi_driver.h index 7b64e1e0b..f373e47d3 100644 --- a/src/include/ipxe/efi/efi_driver.h +++ b/src/include/ipxe/efi/efi_driver.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/device.h> #include <ipxe/tables.h> @@ -34,6 +35,13 @@ struct efi_driver { /** Name */ const char *name; /** + * Exclude existing drivers + * + * @v device EFI device handle + * @ret rc Return status code + */ + int ( * exclude ) ( EFI_HANDLE device ); + /** * Check if driver supports device * * @v device EFI device handle @@ -62,8 +70,10 @@ struct efi_driver { #define __efi_driver( order ) __table_entry ( EFI_DRIVERS, order ) #define EFI_DRIVER_EARLY 01 /**< Early drivers */ -#define EFI_DRIVER_NORMAL 02 /**< Normal drivers */ -#define EFI_DRIVER_LATE 03 /**< Late drivers */ +#define EFI_DRIVER_HARDWARE 02 /**< Hardware drivers */ +#define EFI_DRIVER_NII 03 /**< NII protocol drivers */ +#define EFI_DRIVER_SNP 04 /**< SNP protocol drivers */ +#define EFI_DRIVER_MNP 05 /**< MNP protocol drivers */ /** * Set EFI driver-private data @@ -91,6 +101,7 @@ extern void efidev_free ( struct efi_device *efidev ); extern struct efi_device * efidev_parent ( struct device *dev ); extern int efi_driver_install ( void ); extern void efi_driver_uninstall ( void ); +extern int efi_driver_exclude ( EFI_HANDLE device, EFI_GUID *protocol ); extern int efi_driver_connect_all ( void ); extern void efi_driver_disconnect_all ( void ); extern void efi_driver_reconnect_all ( void ); diff --git a/src/include/ipxe/efi/efi_fdt.h b/src/include/ipxe/efi/efi_fdt.h new file mode 100644 index 000000000..644e6ddf9 --- /dev/null +++ b/src/include/ipxe/efi/efi_fdt.h @@ -0,0 +1,18 @@ +#ifndef _IPXE_EFI_FDT_H +#define _IPXE_EFI_FDT_H + +/** @file + * + * EFI Flattened Device Tree + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/efi.h> + +extern int efi_fdt_install ( const char *cmdline ); +extern int efi_fdt_uninstall ( void ); + +#endif /* _IPXE_EFI_FDT_H */ diff --git a/src/include/ipxe/efi/efi_file.h b/src/include/ipxe/efi/efi_file.h index 79c073cf1..bf14297a1 100644 --- a/src/include/ipxe/efi/efi_file.h +++ b/src/include/ipxe/efi/efi_file.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_file_install ( EFI_HANDLE handle ); extern void efi_file_uninstall ( EFI_HANDLE handle ); diff --git a/src/include/ipxe/efi/efi_hii.h b/src/include/ipxe/efi/efi_hii.h index bbec31194..8a001723f 100644 --- a/src/include/ipxe/efi/efi_hii.h +++ b/src/include/ipxe/efi/efi_hii.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <string.h> #include <ipxe/efi/Uefi/UefiInternalFormRepresentation.h> diff --git a/src/include/ipxe/efi/efi_image.h b/src/include/ipxe/efi/efi_image.h index 0fc0402b1..7fd2e2894 100644 --- a/src/include/ipxe/efi/efi_image.h +++ b/src/include/ipxe/efi/efi_image.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/image.h> diff --git a/src/include/ipxe/efi/efi_nap.h b/src/include/ipxe/efi/efi_nap.h new file mode 100644 index 000000000..6c01072c3 --- /dev/null +++ b/src/include/ipxe/efi/efi_nap.h @@ -0,0 +1,19 @@ +#ifndef _IPXE_EFI_NAP_H +#define _IPXE_EFI_NAP_H + +/** @file + * + * CPU sleeping + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef NAP_EFI +#define NAP_PREFIX_efi +#else +#define NAP_PREFIX_efi __efi_ +#endif + +#endif /* _IPXE_EFI_NAP_H */ diff --git a/src/include/ipxe/efi/efi_null.h b/src/include/ipxe/efi/efi_null.h index d23d36349..e81545485 100644 --- a/src/include/ipxe/efi/efi_null.h +++ b/src/include/ipxe/efi/efi_null.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> #include <ipxe/efi/Protocol/AppleNetBoot.h> diff --git a/src/include/ipxe/efi/efi_path.h b/src/include/ipxe/efi/efi_path.h index 57fce4028..f68d782fb 100644 --- a/src/include/ipxe/efi/efi_path.h +++ b/src/include/ipxe/efi/efi_path.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> #include <ipxe/efi/efi.h> @@ -43,6 +44,7 @@ efi_path_prev ( EFI_DEVICE_PATH_PROTOCOL *path, extern EFI_DEVICE_PATH_PROTOCOL * efi_path_end ( EFI_DEVICE_PATH_PROTOCOL *path ); extern size_t efi_path_len ( EFI_DEVICE_PATH_PROTOCOL *path ); +extern int efi_path_check ( EFI_DEVICE_PATH_PROTOCOL *path, size_t max ); extern void * efi_path_mac ( EFI_DEVICE_PATH_PROTOCOL *path ); extern unsigned int efi_path_vlan ( EFI_DEVICE_PATH_PROTOCOL *path ); extern int efi_path_guid ( EFI_DEVICE_PATH_PROTOCOL *path, union uuid *uuid ); @@ -58,6 +60,10 @@ extern EFI_DEVICE_PATH_PROTOCOL * efi_fcp_path ( struct fcp_description *desc ); extern EFI_DEVICE_PATH_PROTOCOL * efi_ib_srp_path ( struct ib_srp_device *ib_srp ); extern EFI_DEVICE_PATH_PROTOCOL * efi_usb_path ( struct usb_function *func ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_load_path ( EFI_LOAD_OPTION *load, + size_t len ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_boot_path ( unsigned int number ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_current_boot_path ( void ); extern EFI_DEVICE_PATH_PROTOCOL * efi_describe ( struct interface *interface ); #define efi_describe_TYPE( object_type ) \ diff --git a/src/include/ipxe/efi/efi_pci.h b/src/include/ipxe/efi/efi_pci.h index 2ea1a8f0e..670fb7d7a 100644 --- a/src/include/ipxe/efi/efi_pci.h +++ b/src/include/ipxe/efi/efi_pci.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/pci.h> #include <ipxe/efi/efi.h> @@ -25,9 +26,6 @@ struct efi_pci_device { EFI_PCI_IO_PROTOCOL *io; }; -extern int efipci_open ( EFI_HANDLE device, UINT32 attributes, - struct efi_pci_device *efipci ); -extern void efipci_close ( EFI_HANDLE device ); extern int efipci_info ( EFI_HANDLE device, struct efi_pci_device *efipci ); #endif /* _IPXE_EFI_PCI_H */ diff --git a/src/include/ipxe/efi/efi_pci_api.h b/src/include/ipxe/efi/efi_pci_api.h index cf5e1d020..474555871 100644 --- a/src/include/ipxe/efi/efi_pci_api.h +++ b/src/include/ipxe/efi/efi_pci_api.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef PCIAPI_EFI #define PCIAPI_PREFIX_efi @@ -33,17 +34,14 @@ extern int efipci_write ( struct pci_device *pci, unsigned long location, unsigned long value ); /** - * Find next PCI bus:dev.fn address range in system + * Check if PCI bus probing is allowed * - * @v busdevfn Starting PCI bus:dev.fn address - * @v range PCI bus:dev.fn address range to fill in + * @v pci PCI device + * @ret ok Bus probing is allowed */ -static inline __always_inline void -PCIAPI_INLINE ( efi, pci_discover ) ( uint32_t busdevfn __unused, - struct pci_range *range ) { - - /* EFI does not want us to scan the PCI bus ourselves */ - range->count = 0; +static inline __always_inline int +PCIAPI_INLINE ( efi, pci_can_probe ) ( struct pci_device *pci __unused ) { + return 0; } /** diff --git a/src/include/ipxe/efi/efi_pxe.h b/src/include/ipxe/efi/efi_pxe.h index b356f3789..d9aac455c 100644 --- a/src/include/ipxe/efi/efi_pxe.h +++ b/src/include/ipxe/efi/efi_pxe.h @@ -10,6 +10,7 @@ #include <ipxe/netdevice.h> FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_pxe_install ( EFI_HANDLE handle, struct net_device *netdev ); extern void efi_pxe_uninstall ( EFI_HANDLE handle ); diff --git a/src/include/ipxe/efi/efi_reboot.h b/src/include/ipxe/efi/efi_reboot.h index 249cae8c5..8eb38f271 100644 --- a/src/include/ipxe/efi/efi_reboot.h +++ b/src/include/ipxe/efi/efi_reboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef REBOOT_EFI #define REBOOT_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_service.h b/src/include/ipxe/efi/efi_service.h index ca4c7b2a4..2c5bc8fe9 100644 --- a/src/include/ipxe/efi/efi_service.h +++ b/src/include/ipxe/efi/efi_service.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_shim.h b/src/include/ipxe/efi/efi_shim.h index 21f24315a..d205dec6d 100644 --- a/src/include/ipxe/efi/efi_shim.h +++ b/src/include/ipxe/efi/efi_shim.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/image.h> #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_siglist.h b/src/include/ipxe/efi/efi_siglist.h new file mode 100644 index 000000000..f2a2fcfd0 --- /dev/null +++ b/src/include/ipxe/efi/efi_siglist.h @@ -0,0 +1,22 @@ +#ifndef _IPXE_EFI_SIGLIST_H +#define _IPXE_EFI_SIGLIST_H + +/** @file + * + * PEM-encoded ASN.1 data + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stdint.h> +#include <ipxe/asn1.h> +#include <ipxe/image.h> + +extern int efisig_asn1 ( const void *data, size_t len, size_t offset, + struct asn1_cursor **cursor ); + +extern struct image_type efisig_image_type __image_type ( PROBE_NORMAL ); + +#endif /* _IPXE_EFI_SIGLIST_H */ diff --git a/src/include/ipxe/efi/efi_smbios.h b/src/include/ipxe/efi/efi_smbios.h index d890d5460..23af651a8 100644 --- a/src/include/ipxe/efi/efi_smbios.h +++ b/src/include/ipxe/efi/efi_smbios.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SMBIOS_EFI #define SMBIOS_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_snp.h b/src/include/ipxe/efi/efi_snp.h index 96373b57d..0822466db 100644 --- a/src/include/ipxe/efi/efi_snp.h +++ b/src/include/ipxe/efi/efi_snp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> #include <ipxe/netdevice.h> @@ -30,8 +31,8 @@ struct efi_snp_device { struct list_head list; /** The underlying iPXE network device */ struct net_device *netdev; - /** The underlying EFI device */ - struct efi_device *efidev; + /** EFI parent device handle (if any) */ + EFI_HANDLE parent; /** EFI device handle */ EFI_HANDLE handle; /** The SNP structure itself */ diff --git a/src/include/ipxe/efi/efi_strings.h b/src/include/ipxe/efi/efi_strings.h index a7adff827..36f5a7eb0 100644 --- a/src/include/ipxe/efi/efi_strings.h +++ b/src/include/ipxe/efi/efi_strings.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdint.h> diff --git a/src/include/ipxe/efi/efi_table.h b/src/include/ipxe/efi/efi_table.h new file mode 100644 index 000000000..714069e15 --- /dev/null +++ b/src/include/ipxe/efi/efi_table.h @@ -0,0 +1,38 @@ +#ifndef _IPXE_EFI_TABLE_H +#define _IPXE_EFI_TABLE_H + +/** @file + * + * EFI configuration tables + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/efi.h> + +/** An installable EFI configuration table type */ +struct efi_table { + /** Table GUID */ + EFI_GUID *guid; + /** + * Determine length of table + * + * @v data Configuration table data (presumed valid) + * @ret len Length of table + * + * EFI does not record the length of installed configuration + * tables. Consumers must understand the specific type of + * table in order to be able to determine its length from the + * contents. + */ + size_t ( * len ) ( const void *data ); +}; + +extern void * efi_find_table ( EFI_GUID *guid ); +extern int efi_install_table ( struct efi_table *table, const void *data, + void **backup ); +extern int efi_uninstall_table ( struct efi_table *table, void **backup ); + +#endif /* _IPXE_EFI_TABLE_H */ diff --git a/src/include/ipxe/efi/efi_time.h b/src/include/ipxe/efi/efi_time.h index 099994b57..8b2addc0f 100644 --- a/src/include/ipxe/efi/efi_time.h +++ b/src/include/ipxe/efi/efi_time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/efi/efi_uaccess.h b/src/include/ipxe/efi/efi_uaccess.h deleted file mode 100644 index 3cc750405..000000000 --- a/src/include/ipxe/efi/efi_uaccess.h +++ /dev/null @@ -1,103 +0,0 @@ -#ifndef _IPXE_EFI_UACCESS_H -#define _IPXE_EFI_UACCESS_H - -/** @file - * - * iPXE user access API for EFI - * - * EFI runs with flat physical addressing, so the various mappings - * between virtual addresses, I/O addresses and bus addresses are all - * no-ops. - */ - -FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); - -#ifdef UACCESS_EFI -#define UACCESS_PREFIX_efi -#else -#define UACCESS_PREFIX_efi __efi_ -#endif - -/** - * Convert physical address to user pointer - * - * @v phys_addr Physical address - * @ret userptr User pointer - */ -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, phys_to_user ) ( unsigned long phys_addr ) { - return phys_addr; -} - -/** - * Convert user buffer to physical address - * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret phys_addr Physical address - */ -static inline __always_inline unsigned long -UACCESS_INLINE ( efi, user_to_phys ) ( userptr_t userptr, off_t offset ) { - return ( userptr + offset ); -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, virt_to_user ) ( volatile const void *addr ) { - return trivial_virt_to_user ( addr ); -} - -static inline __always_inline void * -UACCESS_INLINE ( efi, user_to_virt ) ( userptr_t userptr, off_t offset ) { - return trivial_user_to_virt ( userptr, offset ); -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, userptr_add ) ( userptr_t userptr, off_t offset ) { - return trivial_userptr_add ( userptr, offset ); -} - -static inline __always_inline off_t -UACCESS_INLINE ( efi, userptr_sub ) ( userptr_t userptr, - userptr_t subtrahend ) { - return trivial_userptr_sub ( userptr, subtrahend ); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memcpy_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memcpy_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memmove_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memmove_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline int -UACCESS_INLINE ( efi, memcmp_user ) ( userptr_t first, off_t first_off, - userptr_t second, off_t second_off, - size_t len ) { - return trivial_memcmp_user ( first, first_off, second, second_off, len); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memset_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - trivial_memset_user ( buffer, offset, c, len ); -} - -static inline __always_inline size_t -UACCESS_INLINE ( efi, strlen_user ) ( userptr_t buffer, off_t offset ) { - return trivial_strlen_user ( buffer, offset ); -} - -static inline __always_inline off_t -UACCESS_INLINE ( efi, memchr_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - return trivial_memchr_user ( buffer, offset, c, len ); -} - -#endif /* _IPXE_EFI_UACCESS_H */ diff --git a/src/include/ipxe/efi/efi_umalloc.h b/src/include/ipxe/efi/efi_umalloc.h index 4eb2a5f9b..4d5c706ca 100644 --- a/src/include/ipxe/efi/efi_umalloc.h +++ b/src/include/ipxe/efi/efi_umalloc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef UMALLOC_EFI #define UMALLOC_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_usb.h b/src/include/ipxe/efi/efi_usb.h index 06baff529..cbcef0e52 100644 --- a/src/include/ipxe/efi/efi_usb.h +++ b/src/include/ipxe/efi/efi_usb.h @@ -7,6 +7,9 @@ * */ +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + #include <ipxe/list.h> #include <ipxe/efi/efi.h> #include <ipxe/efi/efi_driver.h> diff --git a/src/include/ipxe/efi/efi_utils.h b/src/include/ipxe/efi/efi_utils.h index 98659b150..29dc171d2 100644 --- a/src/include/ipxe/efi/efi_utils.h +++ b/src/include/ipxe/efi/efi_utils.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_veto.h b/src/include/ipxe/efi/efi_veto.h index c9ecbb05c..be48441ad 100644 --- a/src/include/ipxe/efi/efi_veto.h +++ b/src/include/ipxe/efi/efi_veto.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern void efi_veto ( void ); diff --git a/src/include/ipxe/efi/efi_watchdog.h b/src/include/ipxe/efi/efi_watchdog.h index 4a56b9a29..1801c6d6c 100644 --- a/src/include/ipxe/efi/efi_watchdog.h +++ b/src/include/ipxe/efi/efi_watchdog.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern struct retry_timer efi_watchdog; diff --git a/src/include/ipxe/efi/efi_wrap.h b/src/include/ipxe/efi/efi_wrap.h index 2747a9e33..7801c77d0 100644 --- a/src/include/ipxe/efi/efi_wrap.h +++ b/src/include/ipxe/efi/efi_wrap.h @@ -7,10 +7,15 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> -extern EFI_BOOT_SERVICES * efi_wrap_bs ( void ); -extern void efi_wrap ( EFI_HANDLE handle ); +extern void efi_wrap_bs ( EFI_BOOT_SERVICES *wrapped ); +extern void efi_wrap_rs ( EFI_RUNTIME_SERVICES *wrapped ); +extern void efi_wrap_systab ( int global ); +extern void efi_unwrap ( void ); + +extern void efi_wrap_image ( EFI_HANDLE handle ); #endif /* _IPXE_EFI_WRAP_H */ diff --git a/src/include/ipxe/efi/import.pl b/src/include/ipxe/efi/import.pl index 0a7669f43..9490e2f7b 100755 --- a/src/include/ipxe/efi/import.pl +++ b/src/include/ipxe/efi/import.pl @@ -71,17 +71,19 @@ sub try_import_file { push @dependencies, $2; } # Check for BSD licence statement - if ( /^\s*SPDX-License-Identifier: BSD-2-Clause-Patent$/ ) { + if ( /\s*SPDX-License-Identifier: BSD-2-Clause-Patent$/ ) { die "Licence detected after header guard\n" if $guard; $licence = "BSD2_PATENT"; } # Write out line print $outfh "$_\n"; - # Apply FILE_LICENCE() immediately after include guard + # Apply FILE_LICENCE()/FILE_SECBOOT() immediately after include guard if ( defined $maybe_guard && ! defined $guard ) { if ( /^\#define\s+${maybe_guard}$/ ) { $guard = $maybe_guard; - print $outfh "\nFILE_LICENCE ( $licence );\n" if $licence; + print $outfh "\n"; + print $outfh "FILE_LICENCE ( $licence );\n" if $licence; + print $outfh "FILE_SECBOOT ( PERMITTED );\n"; } undef $maybe_guard; } @@ -118,7 +120,9 @@ pod2usage ( 1 ) unless @ARGV == 1; my $edktop = shift; # Identify edk import directories -my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include" ]; +my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include", + "NetworkPkg/Include", "EmbeddedPkg/Include", + "OvmfPkg/Include" ]; foreach my $edkdir ( @$edkdirs ) { die "Directory \"$edktop\" does not appear to contain the EFI EDK2 " ."(missing \"$edkdir\")\n" unless -d catdir ( $edktop, $edkdir ); diff --git a/src/include/ipxe/efi/mnpnet.h b/src/include/ipxe/efi/mnpnet.h index 99d6cf083..1f2d0d1f6 100644 --- a/src/include/ipxe/efi/mnpnet.h +++ b/src/include/ipxe/efi/mnpnet.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct efi_device; struct net_device; diff --git a/src/include/ipxe/elf.h b/src/include/ipxe/elf.h index 033c3f7a8..8e51f710b 100644 --- a/src/include/ipxe/elf.h +++ b/src/include/ipxe/elf.h @@ -19,9 +19,10 @@ typedef Elf32_Phdr Elf_Phdr; typedef Elf32_Off Elf_Off; #define ELFCLASS ELFCLASS32 -extern int elf_segments ( struct image *image, Elf_Ehdr *ehdr, +extern int elf_segments ( struct image *image, const Elf_Ehdr *ehdr, int ( * process ) ( struct image *image, - Elf_Phdr *phdr, physaddr_t dest ), + const Elf_Phdr *phdr, + physaddr_t dest ), physaddr_t *entry, physaddr_t *max ); extern int elf_load ( struct image *image, physaddr_t *entry, physaddr_t *max ); diff --git a/src/include/ipxe/entropy.h b/src/include/ipxe/entropy.h index 82bb11826..8ec8f1047 100644 --- a/src/include/ipxe/entropy.h +++ b/src/include/ipxe/entropy.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <string.h> diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h index afc260ba3..8379adb13 100644 --- a/src/include/ipxe/errfile.h +++ b/src/include/ipxe/errfile.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <bits/errfile.h> @@ -83,6 +84,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_efi_path ( ERRFILE_CORE | 0x002b0000 ) #define ERRFILE_efi_mp ( ERRFILE_CORE | 0x002c0000 ) #define ERRFILE_efi_service ( ERRFILE_CORE | 0x002d0000 ) +#define ERRFILE_null_smbios ( ERRFILE_CORE | 0x002e0000 ) +#define ERRFILE_efi_open ( ERRFILE_CORE | 0x002f0000 ) +#define ERRFILE_efi_table ( ERRFILE_CORE | 0x00300000 ) +#define ERRFILE_efi_connect ( ERRFILE_CORE | 0x00310000 ) +#define ERRFILE_gpio ( ERRFILE_CORE | 0x00320000 ) +#define ERRFILE_spcr ( ERRFILE_CORE | 0x00330000 ) #define ERRFILE_eisa ( ERRFILE_DRIVER | 0x00000000 ) #define ERRFILE_isa ( ERRFILE_DRIVER | 0x00010000 ) @@ -106,6 +113,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_spi_bit ( ERRFILE_DRIVER | 0x00130000 ) #define ERRFILE_nvsvpd ( ERRFILE_DRIVER | 0x00140000 ) #define ERRFILE_uart ( ERRFILE_DRIVER | 0x00150000 ) +#define ERRFILE_ns16550 ( ERRFILE_DRIVER | 0x00160000 ) +#define ERRFILE_dwuart ( ERRFILE_DRIVER | 0x00170000 ) #define ERRFILE_3c509 ( ERRFILE_DRIVER | 0x00200000 ) #define ERRFILE_bnx2 ( ERRFILE_DRIVER | 0x00210000 ) @@ -224,10 +233,15 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_ecam ( ERRFILE_DRIVER | 0x00d30000 ) #define ERRFILE_pcibridge ( ERRFILE_DRIVER | 0x00d40000 ) #define ERRFILE_mnpnet ( ERRFILE_DRIVER | 0x00d50000 ) -#define ERRFILE_aqc1xx ( ERRFILE_DRIVER | 0x00df0000 ) -#define ERRFILE_atl_hw ( ERRFILE_DRIVER | 0x00d60000 ) -#define ERRFILE_atl2_hw ( ERRFILE_DRIVER | 0x00d70000 ) - +#define ERRFILE_gve ( ERRFILE_DRIVER | 0x00d60000 ) +#define ERRFILE_aqc1xx ( ERRFILE_DRIVER | 0x00d70000 ) +#define ERRFILE_atl_hw ( ERRFILE_DRIVER | 0x00d80000 ) +#define ERRFILE_atl2_hw ( ERRFILE_DRIVER | 0x00d90000 ) +#define ERRFILE_devtree ( ERRFILE_DRIVER | 0x00da0000 ) +#define ERRFILE_cgem ( ERRFILE_DRIVER | 0x00db0000 ) +#define ERRFILE_dwmac ( ERRFILE_DRIVER | 0x00dc0000 ) +#define ERRFILE_dwusb ( ERRFILE_DRIVER | 0x00dd0000 ) +#define ERRFILE_dwgpio ( ERRFILE_DRIVER | 0x00de0000 ) #define ERRFILE_aoe ( ERRFILE_NET | 0x00000000 ) #define ERRFILE_arp ( ERRFILE_NET | 0x00010000 ) @@ -322,6 +336,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_archive ( ERRFILE_IMAGE | 0x000a0000 ) #define ERRFILE_zlib ( ERRFILE_IMAGE | 0x000b0000 ) #define ERRFILE_gzip ( ERRFILE_IMAGE | 0x000c0000 ) +#define ERRFILE_efi_siglist ( ERRFILE_IMAGE | 0x000d0000 ) +#define ERRFILE_lkrn ( ERRFILE_IMAGE | 0x000e0000 ) +#define ERRFILE_initrd ( ERRFILE_IMAGE | 0x000f0000 ) #define ERRFILE_asn1 ( ERRFILE_OTHER | 0x00000000 ) #define ERRFILE_chap ( ERRFILE_OTHER | 0x00010000 ) @@ -368,7 +385,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_cms ( ERRFILE_OTHER | 0x002a0000 ) #define ERRFILE_imgtrust ( ERRFILE_OTHER | 0x002b0000 ) #define ERRFILE_menu_ui ( ERRFILE_OTHER | 0x002c0000 ) -#define ERRFILE_menu_cmd ( ERRFILE_OTHER | 0x002d0000 ) +#define ERRFILE_dynui_cmd ( ERRFILE_OTHER | 0x002d0000 ) #define ERRFILE_validator ( ERRFILE_OTHER | 0x002e0000 ) #define ERRFILE_ocsp ( ERRFILE_OTHER | 0x002f0000 ) #define ERRFILE_nslookup ( ERRFILE_OTHER | 0x00300000 ) @@ -420,6 +437,15 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_efi_settings ( ERRFILE_OTHER | 0x005e0000 ) #define ERRFILE_x25519 ( ERRFILE_OTHER | 0x005f0000 ) #define ERRFILE_des ( ERRFILE_OTHER | 0x00600000 ) +#define ERRFILE_editstring ( ERRFILE_OTHER | 0x00610000 ) +#define ERRFILE_widget_ui ( ERRFILE_OTHER | 0x00620000 ) +#define ERRFILE_form_ui ( ERRFILE_OTHER | 0x00630000 ) +#define ERRFILE_usb_cmd ( ERRFILE_OTHER | 0x00640000 ) +#define ERRFILE_usb_settings ( ERRFILE_OTHER | 0x00650000 ) +#define ERRFILE_weierstrass ( ERRFILE_OTHER | 0x00660000 ) +#define ERRFILE_efi_cacert ( ERRFILE_OTHER | 0x00670000 ) +#define ERRFILE_ecdhe ( ERRFILE_OTHER | 0x00680000 ) +#define ERRFILE_ecdsa ( ERRFILE_OTHER | 0x00690000 ) /** @} */ diff --git a/src/include/ipxe/errno/efi.h b/src/include/ipxe/errno/efi.h index 9f010f5fb..2db2d5cb6 100644 --- a/src/include/ipxe/errno/efi.h +++ b/src/include/ipxe/errno/efi.h @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> #include <ipxe/efi/Uefi/UefiBaseType.h> diff --git a/src/include/ipxe/errortab.h b/src/include/ipxe/errortab.h index 4fe81a6be..6c63bb6d1 100644 --- a/src/include/ipxe/errortab.h +++ b/src/include/ipxe/errortab.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> diff --git a/src/include/ipxe/eth_slow.h b/src/include/ipxe/eth_slow.h index 754ea6e1f..757bb83f0 100644 --- a/src/include/ipxe/eth_slow.h +++ b/src/include/ipxe/eth_slow.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** Slow protocols header */ struct eth_slow_header { diff --git a/src/include/ipxe/ethernet.h b/src/include/ipxe/ethernet.h index dd04e00ce..f1eb21dd0 100644 --- a/src/include/ipxe/ethernet.h +++ b/src/include/ipxe/ethernet.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/fakedhcp.h b/src/include/ipxe/fakedhcp.h index d016b5237..f23a98f2d 100644 --- a/src/include/ipxe/fakedhcp.h +++ b/src/include/ipxe/fakedhcp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/fault.h b/src/include/ipxe/fault.h index 356296c35..251567226 100644 --- a/src/include/ipxe/fault.h +++ b/src/include/ipxe/fault.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <config/fault.h> diff --git a/src/include/ipxe/fbcon.h b/src/include/ipxe/fbcon.h index a4c7a9ab3..75cda3390 100644 --- a/src/include/ipxe/fbcon.h +++ b/src/include/ipxe/fbcon.h @@ -8,11 +8,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/ansiesc.h> #include <ipxe/utf8.h> -#include <ipxe/uaccess.h> #include <ipxe/console.h> /** Character width, in pixels */ @@ -38,9 +38,9 @@ struct fbcon_font { * Get character glyph * * @v character Unicode character - * @v glyph Character glyph to fill in + * @ret glyph Character glyph */ - void ( * glyph ) ( unsigned int character, uint8_t *glyph ); + const uint8_t * ( * glyph ) ( unsigned int character ); }; /** A frame buffer geometry @@ -100,19 +100,19 @@ struct fbcon_text_cell { /** A frame buffer text array */ struct fbcon_text { /** Stored text cells */ - userptr_t start; + struct fbcon_text_cell *cells; }; /** A frame buffer background picture */ struct fbcon_picture { /** Start address */ - userptr_t start; + void *start; }; /** A frame buffer console */ struct fbcon { /** Start address */ - userptr_t start; + void *start; /** Length of one complete displayed screen */ size_t len; /** Pixel geometry */ @@ -149,7 +149,7 @@ struct fbcon { int show_cursor; }; -extern int fbcon_init ( struct fbcon *fbcon, userptr_t start, +extern int fbcon_init ( struct fbcon *fbcon, void *start, struct fbcon_geometry *pixel, struct fbcon_colour_map *map, struct fbcon_font *font, diff --git a/src/include/ipxe/fc.h b/src/include/ipxe/fc.h index 840d11f62..8c2bbe5e5 100644 --- a/src/include/ipxe/fc.h +++ b/src/include/ipxe/fc.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/fcels.h b/src/include/ipxe/fcels.h index 02f755115..8aa086106 100644 --- a/src/include/ipxe/fcels.h +++ b/src/include/ipxe/fcels.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/fc.h> diff --git a/src/include/ipxe/fcp.h b/src/include/ipxe/fcp.h index d86afab42..96aae37db 100644 --- a/src/include/ipxe/fcp.h +++ b/src/include/ipxe/fcp.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/fc.h> diff --git a/src/include/ipxe/fdt.h b/src/include/ipxe/fdt.h index 97efa100c..6aa078ff6 100644 --- a/src/include/ipxe/fdt.h +++ b/src/include/ipxe/fdt.h @@ -8,8 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> +#include <ipxe/image.h> struct net_device; @@ -72,17 +74,30 @@ struct fdt_prop { /** Alignment of structure block */ #define FDT_STRUCTURE_ALIGN ( sizeof ( fdt_token_t ) ) +/** Maximum alignment of any block */ +#define FDT_MAX_ALIGN 8 + +/** A memory reservation */ +struct fdt_reservation { + /** Starting address */ + uint64_t start; + /** Length of reservation */ + uint64_t size; +} __attribute__ (( packed )); + /** A device tree */ struct fdt { /** Tree data */ union { /** Tree header */ - const struct fdt_header *hdr; + struct fdt_header *hdr; /** Raw data */ - const void *raw; + void *raw; }; /** Length of tree */ size_t len; + /** Used length of tree */ + size_t used; /** Offset to structure block */ unsigned int structure; /** Length of structure block */ @@ -91,12 +106,108 @@ struct fdt { unsigned int strings; /** Length of strings block */ size_t strings_len; + /** Offset to memory reservation block */ + unsigned int reservations; + /** Reallocate device tree + * + * @v fdt Device tree + * @v len New length + * @ret rc Return status code + */ + int ( * realloc ) ( struct fdt *fdt, size_t len ); +}; + +/** A device tree token descriptor */ +struct fdt_descriptor { + /** Offset within structure block */ + unsigned int offset; + /** Next offset within structure block */ + unsigned int next; + /** Node or property name (if applicable) */ + const char *name; + /** Property data (if applicable) */ + const void *data; + /** Length of property data (if applicable) */ + size_t len; + /** Depth change */ + int depth; }; -extern int fdt_path ( const char *path, unsigned int *offset ); -extern int fdt_alias ( const char *name, unsigned int *offset ); -extern const char * fdt_string ( unsigned int offset, const char *name ); -extern int fdt_mac ( unsigned int offset, struct net_device *netdev ); -extern int register_fdt ( const struct fdt_header *hdr ); +/** A device tree region cell size specification */ +struct fdt_reg_cells { + /** Number of address cells */ + uint32_t address_cells; + /** Number of size cells */ + uint32_t size_cells; + /** Number of address cells plus number of size cells */ + unsigned int stride; +}; + +/** Default number of address cells, if not specified */ +#define FDT_DEFAULT_ADDRESS_CELLS 2 + +/** Default number of size cells, if not specified */ +#define FDT_DEFAULT_SIZE_CELLS 1 + +extern struct image_tag fdt_image __image_tag; +extern struct fdt sysfdt; + +/** + * Get memory reservations + * + * @v fdt Device tree + * @ret rsv Memory reservations + */ +static inline const struct fdt_reservation * +fdt_reservations ( struct fdt *fdt ) { + + return ( fdt->raw + fdt->reservations ); +} + +/** Iterate over memory reservations */ +#define for_each_fdt_reservation( rsv, fdt ) \ + for ( rsv = fdt_reservations ( (fdt) ) ; \ + ( (rsv)->start || (rsv)->size ) ; rsv++ ) + +extern int fdt_describe ( struct fdt *fdt, unsigned int offset, + struct fdt_descriptor *desc ); +extern int fdt_parent ( struct fdt *fdt, unsigned int offset, + unsigned int *parent ); +extern int fdt_path ( struct fdt *fdt, const char *path, + unsigned int *offset ); +extern int fdt_alias ( struct fdt *fdt, const char *name, + unsigned int *offset ); +extern const char * fdt_strings ( struct fdt *fdt, unsigned int offset, + const char *name, unsigned int *count ); +extern const char * fdt_string ( struct fdt *fdt, unsigned int offset, + const char *name ); +extern int fdt_cells ( struct fdt *fdt, unsigned int offset, const char *name, + unsigned int index, unsigned int count, + uint64_t *value ); +extern int fdt_u64 ( struct fdt *fdt, unsigned int offset, const char *name, + uint64_t *value ); +extern int fdt_u32 ( struct fdt *fdt, unsigned int offset, const char *name, + uint32_t *value ); +extern uint32_t fdt_phandle ( struct fdt *fdt, unsigned int offset ); +extern void fdt_reg_cells ( struct fdt *fdt, unsigned int offset, + struct fdt_reg_cells *regs ); +extern int fdt_parent_reg_cells ( struct fdt *fdt, unsigned int offset, + struct fdt_reg_cells *regs ); +extern int fdt_reg_count ( struct fdt *fdt, unsigned int offset, + struct fdt_reg_cells *regs ); +extern int fdt_reg_address ( struct fdt *fdt, unsigned int offset, + struct fdt_reg_cells *regs, unsigned int index, + uint64_t *address ); +extern int fdt_reg_size ( struct fdt *fdt, unsigned int offset, + struct fdt_reg_cells *regs, unsigned int index, + uint64_t *size ); +extern int fdt_reg ( struct fdt *fdt, unsigned int offset, uint64_t *region ); +extern int fdt_mac ( struct fdt *fdt, unsigned int offset, + struct net_device *netdev ); +extern int fdt_parse ( struct fdt *fdt, struct fdt_header *hdr, + size_t max_len ); +extern int fdt_create ( struct fdt_header **hdr, const char *cmdline, + physaddr_t initrd, size_t initrd_len ); +extern void fdt_remove ( struct fdt_header *hdr ); #endif /* _IPXE_FDT_H */ diff --git a/src/include/ipxe/fdtmem.h b/src/include/ipxe/fdtmem.h new file mode 100644 index 000000000..1bbc38ff9 --- /dev/null +++ b/src/include/ipxe/fdtmem.h @@ -0,0 +1,35 @@ +#ifndef _IPXE_FDTMEM_H +#define _IPXE_FDTMEM_H + +/** @file + * + * Flattened Device Tree memory map + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stdint.h> + +#ifdef MEMMAP_FDT +#define MEMMAP_PREFIX_fdt +#else +#define MEMMAP_PREFIX_fdt __fdt_ +#endif + +/** + * Synchronise in-use regions with the externally visible system memory map + * + */ +static inline __attribute__ (( always_inline )) void +MEMMAP_INLINE ( fdt, memmap_sync ) ( void ) { + /* Nothing to do */ +} + +struct fdt_header; + +extern physaddr_t fdtmem_relocate ( struct fdt_header *hdr, physaddr_t max ); +extern int fdtmem_register ( struct fdt_header *hdr, physaddr_t max ); + +#endif /* _IPXE_FDTMEM_H */ diff --git a/src/include/ipxe/features.h b/src/include/ipxe/features.h index e86a2d226..2d1ef3b7b 100644 --- a/src/include/ipxe/features.h +++ b/src/include/ipxe/features.h @@ -12,6 +12,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** * @defgroup featurecat Feature categories diff --git a/src/include/ipxe/fragment.h b/src/include/ipxe/fragment.h index 0069e5e08..474ad5e1c 100644 --- a/src/include/ipxe/fragment.h +++ b/src/include/ipxe/fragment.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/list.h> diff --git a/src/include/ipxe/gcm.h b/src/include/ipxe/gcm.h index 2c785a977..5635a1031 100644 --- a/src/include/ipxe/gcm.h +++ b/src/include/ipxe/gcm.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/gdbserial.h b/src/include/ipxe/gdbserial.h index e1040c94e..62cc16014 100644 --- a/src/include/ipxe/gdbserial.h +++ b/src/include/ipxe/gdbserial.h @@ -9,12 +9,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); -#include <stdint.h> - struct gdb_transport; -extern struct gdb_transport * gdbserial_configure ( unsigned int port, - unsigned int baud, - uint8_t lcr ); +extern struct gdb_transport * gdbserial_configure ( const char *port, + unsigned int baud ); #endif /* _IPXE_GDBSERIAL_H */ diff --git a/src/include/ipxe/gdbstub.h b/src/include/ipxe/gdbstub.h index 13ca33ddb..2240cca42 100644 --- a/src/include/ipxe/gdbstub.h +++ b/src/include/ipxe/gdbstub.h @@ -11,7 +11,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> #include <ipxe/tables.h> -#include <gdbmach.h> +#include <bits/gdbmach.h> /** * A transport mechanism for the GDB protocol diff --git a/src/include/ipxe/gpio.h b/src/include/ipxe/gpio.h new file mode 100644 index 000000000..fa9e19089 --- /dev/null +++ b/src/include/ipxe/gpio.h @@ -0,0 +1,199 @@ +#ifndef _IPXE_GPIO_H +#define _IPXE_GPIO_H + +/** @file + * + * General purpose I/O + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <stdint.h> +#include <ipxe/list.h> +#include <ipxe/refcnt.h> +#include <ipxe/device.h> + +/** A GPIO pin */ +struct gpio { + /** GPIO controller */ + struct gpios *gpios; + /** Pin index */ + unsigned int index; + /** Configuration */ + unsigned int config; +}; + +/** GPIO is active low + * + * This bit is chosen to match the devicetree standard usage. + */ +#define GPIO_CFG_ACTIVE_LOW 0x01 + +/** GPIO is an output */ +#define GPIO_CFG_OUTPUT 0x0100 + +/** A GPIO controller */ +struct gpios { + /** Reference count */ + struct refcnt refcnt; + /** List of GPIO controllers */ + struct list_head list; + /** Generic device */ + struct device *dev; + /** Number of GPIOs */ + unsigned int count; + + /** Individual GPIOs */ + struct gpio *gpio; + /** GPIO operations */ + struct gpio_operations *op; + + /** Driver-private data */ + void *priv; +}; + +/** GPIO operations */ +struct gpio_operations { + /** + * Get current GPIO input value + * + * @v gpios GPIO controller + * @v gpio GPIO pin + * @ret active Pin is in the active state + */ + int ( * in ) ( struct gpios *gpios, struct gpio *gpio ); + /** + * Set current GPIO output value + * + * @v gpios GPIO controller + * @v gpio GPIO pin + * @v active Set pin to active state + */ + void ( * out ) ( struct gpios *gpios, struct gpio *gpio, int active ); + /** + * Configure GPIO pin + * + * @v gpios GPIO controller + * @v gpio GPIO pin + * @v config Configuration + * @ret rc Return status code + */ + int ( * config ) ( struct gpios *gpios, struct gpio *gpio, + unsigned int config ); +}; + +extern struct gpio_operations null_gpio_operations; + +/** + * Get reference to GPIO controller + * + * @v gpios GPIO controller + * @ret gpios GPIO controller + */ +static inline __attribute__ (( always_inline )) struct gpios * +gpios_get ( struct gpios *gpios ) { + ref_get ( &gpios->refcnt ); + return gpios; +} + +/** + * Drop reference to GPIO controller + * + * @v gpios GPIO controller + */ +static inline __attribute__ (( always_inline )) void +gpios_put ( struct gpios *gpios ) { + ref_put ( &gpios->refcnt ); +} + +/** + * Get reference to GPIO pin + * + * @v gpio GPIO pin + * @ret gpio GPIO pin + */ +static inline __attribute__ (( always_inline )) struct gpio * +gpio_get ( struct gpio *gpio ) { + gpios_get ( gpio->gpios ); + return gpio; +} + +/** + * Drop reference to GPIO ping + * + * @v gpio GPIO pin + */ +static inline __attribute__ (( always_inline )) void +gpio_put ( struct gpio *gpio ) { + gpios_put ( gpio->gpios ); +} + +/** + * Initialise a GPIO controller + * + * @v gpios GPIO controller + * @v op GPIO operations + */ +static inline __attribute__ (( always_inline )) void +gpios_init ( struct gpios *gpios, struct gpio_operations *op ) { + gpios->op = op; +} + +/** + * Stop using a GPIO controller + * + * @v gpios GPIO controller + * + * Drivers should call this method immediately before the final call + * to gpios_put(). + */ +static inline __attribute__ (( always_inline )) void +gpios_nullify ( struct gpios *gpios ) { + gpios->op = &null_gpio_operations; +} + +/** + * Get current GPIO input value + * + * @v gpio GPIO pin + * @ret active Pin is in the active state + */ +static inline int gpio_in ( struct gpio *gpio ) { + struct gpios *gpios = gpio->gpios; + + return gpios->op->in ( gpios, gpio ); +} + +/** + * Set current GPIO output value + * + * @v gpio GPIO pin + * @v active Set pin to active state + */ +static inline void gpio_out ( struct gpio *gpio, int active ) { + struct gpios *gpios = gpio->gpios; + + gpios->op->out ( gpios, gpio, active ); +} + +/** + * Configure GPIO pin + * + * @v gpio GPIO pin + * @v config Configuration + * @ret rc Return status code + */ +static inline int gpio_config ( struct gpio *gpio, unsigned int config ) { + struct gpios *gpios = gpio->gpios; + + return gpios->op->config ( gpios, gpio, config ); +} + +extern struct gpios * alloc_gpios ( unsigned int count, size_t priv_len ); +extern int gpios_register ( struct gpios *gpios ); +extern void gpios_unregister ( struct gpios *gpios ); +extern struct gpios * gpios_find ( unsigned int bus_type, + unsigned int location ); + +#endif /* _IPXE_GPIO_H */ diff --git a/src/include/ipxe/hash_df.h b/src/include/ipxe/hash_df.h index e57682446..61c3420ce 100644 --- a/src/include/ipxe/hash_df.h +++ b/src/include/ipxe/hash_df.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/hidemem.h b/src/include/ipxe/hidemem.h deleted file mode 100644 index cc8d5ee37..000000000 --- a/src/include/ipxe/hidemem.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef _IPXE_HIDEMEM_H -#define _IPXE_HIDEMEM_H - -/** - * @file - * - * Hidden memory regions - * - */ - -FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); - -#include <stdint.h> - -extern void hide_umalloc ( physaddr_t start, physaddr_t end ); - -#endif /* _IPXE_HIDEMEM_H */ diff --git a/src/include/ipxe/hmac.h b/src/include/ipxe/hmac.h index cf9d08677..12312c540 100644 --- a/src/include/ipxe/hmac.h +++ b/src/include/ipxe/hmac.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/crypto.h> diff --git a/src/include/ipxe/hmac_drbg.h b/src/include/ipxe/hmac_drbg.h index a0f22da75..e9113807c 100644 --- a/src/include/ipxe/hmac_drbg.h +++ b/src/include/ipxe/hmac_drbg.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/http.h b/src/include/ipxe/http.h index 5a9baddcb..e84a75237 100644 --- a/src/include/ipxe/http.h +++ b/src/include/ipxe/http.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> @@ -426,7 +427,9 @@ struct http_transaction { /** Transmit process */ struct process process; /** Reconnection timer */ - struct retry_timer timer; + struct retry_timer retry; + /** Idle connection watchdog timer */ + struct retry_timer watchdog; /** Request URI */ struct uri *uri; diff --git a/src/include/ipxe/ib_mad.h b/src/include/ipxe/ib_mad.h index 134274026..dcc432558 100644 --- a/src/include/ipxe/ib_mad.h +++ b/src/include/ipxe/ib_mad.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/ib_packet.h> diff --git a/src/include/ipxe/ib_packet.h b/src/include/ipxe/ib_packet.h index 747f96399..087e86d5a 100644 --- a/src/include/ipxe/ib_packet.h +++ b/src/include/ipxe/ib_packet.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct ib_device; struct ib_queue_pair; diff --git a/src/include/ipxe/ib_srp.h b/src/include/ipxe/ib_srp.h index 4b6df8d3b..9bd272a3b 100644 --- a/src/include/ipxe/ib_srp.h +++ b/src/include/ipxe/ib_srp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD2 ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/acpi.h> diff --git a/src/include/ipxe/ibft.h b/src/include/ipxe/ibft.h index 51ce781a6..9534c1e8a 100644 --- a/src/include/ipxe/ibft.h +++ b/src/include/ipxe/ibft.h @@ -29,6 +29,7 @@ */ FILE_LICENCE ( BSD2 ); +FILE_SECBOOT ( PERMITTED ); /** @file * diff --git a/src/include/ipxe/icmp.h b/src/include/ipxe/icmp.h index 803f8e019..a62e63ee8 100644 --- a/src/include/ipxe/icmp.h +++ b/src/include/ipxe/icmp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/iobuf.h> diff --git a/src/include/ipxe/icmpv6.h b/src/include/ipxe/icmpv6.h index 0474ddca8..7d0c5ba14 100644 --- a/src/include/ipxe/icmpv6.h +++ b/src/include/ipxe/icmpv6.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/if_arp.h b/src/include/ipxe/if_arp.h index 9d7b03fe8..31d7d8b73 100644 --- a/src/include/ipxe/if_arp.h +++ b/src/include/ipxe/if_arp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/if_ether.h b/src/include/ipxe/if_ether.h index c1168b10e..a7d0e55f9 100644 --- a/src/include/ipxe/if_ether.h +++ b/src/include/ipxe/if_ether.h @@ -2,6 +2,7 @@ #define _IPXE_IF_ETHER_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/image.h b/src/include/ipxe/image.h index bfbf23687..d9abe11ec 100644 --- a/src/include/ipxe/image.h +++ b/src/include/ipxe/image.h @@ -9,10 +9,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> #include <ipxe/list.h> -#include <ipxe/uaccess.h> #include <ipxe/refcnt.h> struct uri; @@ -30,15 +30,28 @@ struct image { /** URI of image */ struct uri *uri; - /** Name */ + /** Name + * + * If the @c IMAGE_STATIC_NAME flag is set, then this is a + * statically allocated string. + */ char *name; /** Flags */ unsigned int flags; /** Command line to pass to image */ char *cmdline; - /** Raw file image */ - userptr_t data; + /** Raw file image + * + * If the @c IMAGE_STATIC flag is set, then this is a + * statically allocated image. + */ + union { + /** Read-only data */ + const void *data; + /** Writable data */ + void *rwdata; + }; /** Length of raw file image */ size_t len; @@ -72,6 +85,12 @@ struct image { /** Image will be hidden from enumeration */ #define IMAGE_HIDDEN 0x0008 +/** Image is statically allocated */ +#define IMAGE_STATIC 0x0010 + +/** Image name is statically allocated */ +#define IMAGE_STATIC_NAME 0x0020 + /** An executable image type */ struct image_type { /** Name of this image type */ @@ -185,12 +204,15 @@ static inline struct image * first_image ( void ) { return list_first_entry ( &images, struct image, list ); } +extern void free_image ( struct refcnt *refcnt ); extern struct image * alloc_image ( struct uri *uri ); extern int image_set_uri ( struct image *image, struct uri *uri ); extern int image_set_name ( struct image *image, const char *name ); +extern char * image_strip_suffix ( struct image *image ); extern int image_set_cmdline ( struct image *image, const char *cmdline ); extern int image_set_len ( struct image *image, size_t len ); -extern int image_set_data ( struct image *image, userptr_t data, size_t len ); +extern int image_set_data ( struct image *image, const void *data, + size_t len ); extern int register_image ( struct image *image ); extern void unregister_image ( struct image *image ); extern struct image * find_image ( const char *name ); @@ -199,7 +221,7 @@ extern int image_exec ( struct image *image ); extern int image_replace ( struct image *replacement ); extern int image_select ( struct image *image ); extern int image_set_trust ( int require_trusted, int permanent ); -extern struct image * image_memory ( const char *name, userptr_t data, +extern struct image * image_memory ( const char *name, const void *data, size_t len ); extern const char * image_argument ( struct image *image, const char *key ); extern int image_pixbuf ( struct image *image, struct pixel_buffer **pixbuf ); diff --git a/src/include/ipxe/in.h b/src/include/ipxe/in.h index 3044d6316..f91ab306a 100644 --- a/src/include/ipxe/in.h +++ b/src/include/ipxe/in.h @@ -2,6 +2,7 @@ #define _IPXE_IN_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> @@ -33,6 +34,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define IN_IS_MULTICAST( addr ) \ ( ( (addr) & htonl ( 0xf0000000 ) ) == htonl ( 0xe0000000 ) ) +#define IN_IS_SMALL( mask ) ( (mask) & htonl ( 0x00000003 ) ) + /** * IP address structure */ diff --git a/src/include/ipxe/infiniband.h b/src/include/ipxe/infiniband.h index 379bc109e..8022ab606 100644 --- a/src/include/ipxe/infiniband.h +++ b/src/include/ipxe/infiniband.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/init.h b/src/include/ipxe/init.h index 32927e3a6..00946fe83 100644 --- a/src/include/ipxe/init.h +++ b/src/include/ipxe/init.h @@ -2,6 +2,7 @@ #define _IPXE_INIT_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> @@ -12,6 +13,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * call to initialise(). */ struct init_fn { + const char *name; void ( * initialise ) ( void ); }; diff --git a/src/include/ipxe/initrd.h b/src/include/ipxe/initrd.h new file mode 100644 index 000000000..50788597b --- /dev/null +++ b/src/include/ipxe/initrd.h @@ -0,0 +1,46 @@ +#ifndef _IPXE_INITRD_H +#define _IPXE_INITRD_H + +/** @file + * + * Initial ramdisk (initrd) reshuffling + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stdint.h> +#include <ipxe/memmap.h> + +/** Initial ramdisk chunk alignment */ +#define INITRD_ALIGN 4096 + +extern void initrd_reshuffle ( void ); +extern int initrd_region ( size_t len, struct memmap_region *region ); +extern size_t initrd_load_all ( void *address ); + +/** + * Align initrd length + * + * @v len Length + * @ret len Aligned length + */ +static inline __attribute__ (( always_inline )) size_t +initrd_align ( size_t len ) { + + return ( ( len + INITRD_ALIGN - 1 ) & ~( INITRD_ALIGN - 1 ) ); +} + +/** + * Get required length for initrds + * + * @ret len Required length + */ +static inline __attribute__ (( always_inline )) size_t +initrd_len ( void ) { + + return initrd_load_all ( NULL ); +} + +#endif /* _IPXE_INITRD_H */ diff --git a/src/include/ipxe/interface.h b/src/include/ipxe/interface.h index d2fa8190c..87fd3c62f 100644 --- a/src/include/ipxe/interface.h +++ b/src/include/ipxe/interface.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdarg.h> diff --git a/src/include/ipxe/io.h b/src/include/ipxe/io.h index fe1388191..1bb49370c 100644 --- a/src/include/ipxe/io.h +++ b/src/include/ipxe/io.h @@ -17,6 +17,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/api.h> @@ -330,6 +331,66 @@ void outl ( uint32_t data, volatile uint32_t *io_addr ); IOAPI_WRITE ( outl, uint32_t, data, io_addr, "IO", 8 ) /** + * Read byte from I/O-mapped or memory-mapped device + * + * @v io_addr I/O address + * @ret data Value read + */ +uint8_t ioread8 ( volatile uint8_t *io_addr ); +#define ioread8( io_addr ) \ + IOAPI_READ ( ioread8, uint8_t, io_addr, "IO/MEM", 2 ) + +/** + * Read 16-bit word from I/O-mapped or memory-mapped device + * + * @v io_addr I/O address + * @ret data Value read + */ +uint16_t ioread16 ( volatile uint16_t *io_addr ); +#define ioread16( io_addr ) \ + IOAPI_READ ( ioread16, uint16_t, io_addr, "IO/MEM", 4 ) + +/** + * Read 32-bit dword from I/O-mapped or memory-mapped device + * + * @v io_addr I/O address + * @ret data Value read + */ +uint32_t ioread32 ( volatile uint32_t *io_addr ); +#define ioread32( io_addr ) \ + IOAPI_READ ( ioread32, uint32_t, io_addr, "IO/MEM", 8 ) + +/** + * Write byte to I/O-mapped or memory-mapped device + * + * @v data Value to write + * @v io_addr I/O address + */ +void iowrite8 ( uint8_t data, volatile uint8_t *io_addr ); +#define iowrite8( data, io_addr ) \ + IOAPI_WRITE ( iowrite8, uint8_t, data, io_addr, "IO/MEM", 2 ) + +/** + * Write 16-bit word to I/O-mapped or memory-mapped device + * + * @v data Value to write + * @v io_addr I/O address + */ +void iowrite16 ( uint16_t data, volatile uint16_t *io_addr ); +#define iowrite16( data, io_addr ) \ + IOAPI_WRITE ( iowrite16, uint16_t, data, io_addr, "IO/MEM", 4 ) + +/** + * Write 32-bit dword to I/O-mapped or memory-mapped device + * + * @v data Value to write + * @v io_addr I/O address + */ +void iowrite32 ( uint32_t data, volatile uint32_t *io_addr ); +#define iowrite32( data, io_addr ) \ + IOAPI_WRITE ( iowrite32, uint32_t, data, io_addr, "IO/MEM", 8 ) + +/** * Read bytes from I/O-mapped device * * @v io_addr I/O address @@ -484,30 +545,4 @@ void mb ( void ); #define rmb() mb() #define wmb() mb() -/** A usable memory region */ -struct memory_region { - /** Physical start address */ - uint64_t start; - /** Physical end address */ - uint64_t end; -}; - -/** Maximum number of memory regions we expect to encounter */ -#define MAX_MEMORY_REGIONS 8 - -/** A memory map */ -struct memory_map { - /** Memory regions */ - struct memory_region regions[MAX_MEMORY_REGIONS]; - /** Number of used regions */ - unsigned int count; -}; - -/** - * Get memory map - * - * @v memmap Memory map to fill in - */ -void get_memmap ( struct memory_map *memmap ); - #endif /* _IPXE_IO_H */ diff --git a/src/include/ipxe/iobuf.h b/src/include/ipxe/iobuf.h index 3e079c064..2ff24e50f 100644 --- a/src/include/ipxe/iobuf.h +++ b/src/include/ipxe/iobuf.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <assert.h> @@ -15,11 +16,15 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/dma.h> /** - * Minimum I/O buffer length + * Minimum I/O buffer length and alignment * * alloc_iob() will round up the allocated length to this size if * necessary. This is used on behalf of hardware that is not capable * of auto-padding. + * + * This length must be at least as large as the largest cacheline size + * that we expect to encounter, to allow for platforms where DMA + * devices are not in the same coherency domain as the CPU cache. */ #define IOB_ZLEN 128 @@ -226,8 +231,7 @@ static inline void iob_populate ( struct io_buffer *iobuf, static inline __always_inline int iob_map ( struct io_buffer *iobuf, struct dma_device *dma, size_t len, int flags ) { - return dma_map ( dma, &iobuf->map, virt_to_phys ( iobuf->data ), - len, flags ); + return dma_map ( dma, &iobuf->map, iobuf->data, len, flags ); } /** @@ -273,7 +277,7 @@ static inline __always_inline physaddr_t iob_dma ( struct io_buffer *iobuf ) { * @ret rc Return status code */ static inline __always_inline void iob_unmap ( struct io_buffer *iobuf ) { - dma_unmap ( &iobuf->map ); + dma_unmap ( &iobuf->map, iob_len ( iobuf ) ); } extern struct io_buffer * __malloc alloc_iob_raw ( size_t len, size_t align, diff --git a/src/include/ipxe/iomap.h b/src/include/ipxe/iomap.h index b8ded38ef..23153641e 100644 --- a/src/include/ipxe/iomap.h +++ b/src/include/ipxe/iomap.h @@ -10,11 +10,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/api.h> #include <config/ioapi.h> -#include <ipxe/uaccess.h> /** * Calculate static inline I/O mapping API function name diff --git a/src/include/ipxe/iomap_virt.h b/src/include/ipxe/iomap_virt.h index 4962b7c37..a2564ec76 100644 --- a/src/include/ipxe/iomap_virt.h +++ b/src/include/ipxe/iomap_virt.h @@ -8,6 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stddef.h> +#include <ipxe/uaccess.h> #ifdef IOMAP_VIRT #define IOMAP_PREFIX_virt diff --git a/src/include/ipxe/ip.h b/src/include/ipxe/ip.h index 285be6dcd..3a5c3e175 100644 --- a/src/include/ipxe/ip.h +++ b/src/include/ipxe/ip.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/in.h> @@ -54,26 +55,91 @@ struct ipv4_pseudo_header { uint16_t len; }; -/** An IPv4 address/routing table entry */ +/** An IPv4 address/routing table entry + * + * Routing table entries are maintained in order of specificity. For + * a given destination address, the first matching table entry will be + * used as the egress route. + */ struct ipv4_miniroute { /** List of miniroutes */ struct list_head list; - /** Network device */ + /** Network device + * + * When this routing table entry is matched, this is the + * egress network device to be used. + */ struct net_device *netdev; - /** IPv4 address */ + /** IPv4 address + * + * When this routing table entry is matched, this is the + * source address to be used. + * + * The presence of this routing table entry also indicates + * that this address is a valid local destination address for + * the matching network device. + */ struct in_addr address; - /** Subnet mask */ + /** Subnet network address + * + * A subnet is a range of addresses defined by a network + * address and subnet mask. A destination address with all of + * the subnet mask bits in common with the network address is + * within the subnet and therefore matches this routing table + * entry. + */ + struct in_addr network; + /** Subnet mask + * + * An address with all of these bits in common with the + * network address matches this routing table entry. + */ struct in_addr netmask; - /** Gateway address */ + /** Gateway address, or zero + * + * When this routing table entry is matched and this address + * is non-zero, it will be used as the next-hop address. + * + * When this routing table entry is matched and this address + * is zero, the subnet is local (on-link) and the next-hop + * address will be the original destination address. + */ struct in_addr gateway; + /** Host mask + * + * An address in a local subnet with all of these bits set to + * zero represents the network address, and an address in a + * local subnet with all of these bits set to one represents + * the local directed broadcast address. All other addresses + * in a local subnet are valid host addresses. + * + * For most local subnets, this is the inverse of the subnet + * mask. In a small subnet (/31 or /32) there is no network + * address or directed broadcast address, and all addresses in + * the subnet are valid host addresses. + * + * When this routing table entry is matched and the subnet is + * local, a next-hop address with all of these bits set to one + * will be treated as a local broadcast address. All other + * next-hop addresses will be treated as unicast addresses. + * + * When this routing table entry is matched and the subnet is + * non-local, the next-hop address is always a unicast + * address. The host mask for non-local subnets is therefore + * set to @c INADDR_NONE to allow the same logic to be used as + * for local subnets. + */ + struct in_addr hostmask; }; extern struct list_head ipv4_miniroutes; extern struct net_protocol ipv4_protocol __net_protocol; +extern struct ipv4_miniroute * ipv4_route ( unsigned int scope_id, + struct in_addr *dest ); extern int ipv4_has_any_addr ( struct net_device *netdev ); extern int parse_ipv4_setting ( const struct setting_type *type, const char *value, void *buf, size_t len ); diff --git a/src/include/ipxe/ipstat.h b/src/include/ipxe/ipstat.h index b34ed5fcf..b02673dcd 100644 --- a/src/include/ipxe/ipstat.h +++ b/src/include/ipxe/ipstat.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> diff --git a/src/include/ipxe/ipv6.h b/src/include/ipxe/ipv6.h index 4dd43f16d..bd7181e69 100644 --- a/src/include/ipxe/ipv6.h +++ b/src/include/ipxe/ipv6.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <string.h> diff --git a/src/include/ipxe/iscsi.h b/src/include/ipxe/iscsi.h index a25eec257..e890e62ad 100644 --- a/src/include/ipxe/iscsi.h +++ b/src/include/ipxe/iscsi.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/socket.h> diff --git a/src/include/ipxe/iso9660.h b/src/include/ipxe/iso9660.h index 34cb8f0a1..6727c7721 100644 --- a/src/include/ipxe/iso9660.h +++ b/src/include/ipxe/iso9660.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/isqrt.h b/src/include/ipxe/isqrt.h index 68255d1bc..4308cebd2 100644 --- a/src/include/ipxe/isqrt.h +++ b/src/include/ipxe/isqrt.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern unsigned long isqrt ( unsigned long value ); diff --git a/src/include/ipxe/job.h b/src/include/ipxe/job.h index c01bd1740..088012ba7 100644 --- a/src/include/ipxe/job.h +++ b/src/include/ipxe/job.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> diff --git a/src/include/ipxe/jumpscroll.h b/src/include/ipxe/jumpscroll.h index 7a5b111c1..0eec1b47b 100644 --- a/src/include/ipxe/jumpscroll.h +++ b/src/include/ipxe/jumpscroll.h @@ -8,6 +8,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stdint.h> /** A jump scroller */ struct jump_scroller { @@ -22,6 +25,35 @@ struct jump_scroller { }; /** + * Construct scroll movement + * + * @v delta Change in scroller position + * @ret move Scroll movement + */ +#define SCROLL( delta ) ( ( unsigned int ) ( uint16_t ) ( int16_t ) (delta) ) + +/** + * Extract change in scroller position + * + * @v move Scroll movement + * @ret delta Change in scroller position + */ +#define SCROLL_DELTA( scroll ) ( ( int16_t ) ( (scroll) & 0x0000ffffUL ) ) + +/** Scroll movement flags */ +#define SCROLL_FLAGS 0xffff0000UL +#define SCROLL_WRAP 0x80000000UL /**< Wrap around scrolling */ + +/** Do not scroll */ +#define SCROLL_NONE SCROLL ( 0 ) + +/** Scroll up by one line */ +#define SCROLL_UP SCROLL ( -1 ) + +/** Scroll down by one line */ +#define SCROLL_DOWN SCROLL ( +1 ) + +/** * Check if jump scroller is currently on first page * * @v scroll Jump scroller @@ -43,8 +75,9 @@ static inline int jump_scroll_is_last ( struct jump_scroller *scroll ) { return ( ( scroll->first + scroll->rows ) >= scroll->count ); } -extern int jump_scroll_key ( struct jump_scroller *scroll, int key ); -extern int jump_scroll_move ( struct jump_scroller *scroll, int move ); +extern unsigned int jump_scroll_key ( struct jump_scroller *scroll, int key ); +extern unsigned int jump_scroll_move ( struct jump_scroller *scroll, + unsigned int move ); extern int jump_scroll ( struct jump_scroller *scroll ); #endif /* _IPXE_JUMPSCROLL_H */ diff --git a/src/include/ipxe/keymap.h b/src/include/ipxe/keymap.h index 49a8915ef..cdb83e03b 100644 --- a/src/include/ipxe/keymap.h +++ b/src/include/ipxe/keymap.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/keys.h b/src/include/ipxe/keys.h index 49e65fa4c..b2a62744e 100644 --- a/src/include/ipxe/keys.h +++ b/src/include/ipxe/keys.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* * Symbolic names for some standard ASCII characters @@ -47,6 +48,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define LF CTRL_J #define CR CTRL_M #define ESC 0x1b +#define DEL 0x7f /* * Special keys outside the normal Unicode range diff --git a/src/include/ipxe/label.h b/src/include/ipxe/label.h new file mode 100644 index 000000000..48e36cb2f --- /dev/null +++ b/src/include/ipxe/label.h @@ -0,0 +1,42 @@ +#ifndef _IPXE_LABEL_H +#define _IPXE_LABEL_H + +/** @file + * + * Text label widget + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <curses.h> +#include <ipxe/widget.h> + +/** A text label widget */ +struct label { + /** Text widget */ + struct widget widget; + /** Label text */ + const char *text; +}; + +extern struct widget_operations label_operations; + +/** + * Initialise text label widget + * + * @v label Text label widget + * @v row Row + * @v col Starting column + * @v width Width + * @v text Label text + */ +static inline __attribute__ (( always_inline )) void +init_label ( struct label *label, unsigned int row, unsigned int col, + unsigned int width, const char *text ) { + + init_widget ( &label->widget, &label_operations, row, col, width, 0 ); + label->text = text; +} + +#endif /* _IPXE_LABEL_H */ diff --git a/src/include/ipxe/linebuf.h b/src/include/ipxe/linebuf.h index 630278a04..b46168415 100644 --- a/src/include/ipxe/linebuf.h +++ b/src/include/ipxe/linebuf.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stddef.h> diff --git a/src/include/ipxe/lineconsole.h b/src/include/ipxe/lineconsole.h index 31117e73c..b02822dcf 100644 --- a/src/include/ipxe/lineconsole.h +++ b/src/include/ipxe/lineconsole.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/ansiesc.h> diff --git a/src/include/ipxe/linux/linux_acpi.h b/src/include/ipxe/linux/linux_acpi.h index a2c33ce2c..f6dbc9252 100644 --- a/src/include/ipxe/linux/linux_acpi.h +++ b/src/include/ipxe/linux/linux_acpi.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef ACPI_LINUX #define ACPI_PREFIX_linux diff --git a/src/include/ipxe/linux/linux_nap.h b/src/include/ipxe/linux/linux_nap.h index d072886c7..329124e52 100644 --- a/src/include/ipxe/linux/linux_nap.h +++ b/src/include/ipxe/linux/linux_nap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef NAP_LINUX #define NAP_PREFIX_linux diff --git a/src/include/ipxe/linux/linux_pci.h b/src/include/ipxe/linux/linux_pci.h index ec6ff8b1c..b0fddc41a 100644 --- a/src/include/ipxe/linux/linux_pci.h +++ b/src/include/ipxe/linux/linux_pci.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef PCIAPI_LINUX #define PCIAPI_PREFIX_linux @@ -23,6 +24,17 @@ extern int linux_pci_write ( struct pci_device *pci, unsigned long where, unsigned long value, size_t len ); /** + * Check if PCI bus probing is allowed + * + * @v pci PCI device + * @ret ok Bus probing is allowed + */ +static inline __always_inline int +PCIAPI_INLINE ( linux, pci_can_probe ) ( struct pci_device *pci __unused ) { + return 1; +} + +/** * Find next PCI bus:dev.fn address range in system * * @v busdevfn Starting PCI bus:dev.fn address diff --git a/src/include/ipxe/linux/linux_smbios.h b/src/include/ipxe/linux/linux_smbios.h index 16c6d8acd..32f006b66 100644 --- a/src/include/ipxe/linux/linux_smbios.h +++ b/src/include/ipxe/linux/linux_smbios.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SMBIOS_LINUX #define SMBIOS_PREFIX_linux diff --git a/src/include/ipxe/linux/linux_time.h b/src/include/ipxe/linux/linux_time.h index 872ef5ade..cf02452d7 100644 --- a/src/include/ipxe/linux/linux_time.h +++ b/src/include/ipxe/linux/linux_time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef TIME_LINUX #define TIME_PREFIX_linux diff --git a/src/include/ipxe/linux/linux_uaccess.h b/src/include/ipxe/linux/linux_uaccess.h index a642b6163..c3119a60e 100644 --- a/src/include/ipxe/linux/linux_uaccess.h +++ b/src/include/ipxe/linux/linux_uaccess.h @@ -5,18 +5,15 @@ * * iPXE user access API for Linux * - * We run with no distinction between internal and external addresses, - * so can use trivial_virt_to_user() et al. - * * We have no concept of the underlying physical addresses, since * these are not exposed to userspace. We provide a stub - * implementation of user_to_phys() since this is required by - * alloc_memblock(). We provide no implementation of phys_to_user(); - * any code attempting to access physical addresses will therefore - * (correctly) fail to link. + * implementation of virt_to_phys() since this is required by the heap + * allocator to determine physical address alignment. We provide a + * matching stub implementation of phys_to_virt(). */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef UACCESS_LINUX #define UACCESS_PREFIX_linux @@ -25,97 +22,37 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #endif /** - * Convert user pointer to physical address + * Convert virtual address to physical address * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret phys_addr Physical address + * @v virt Virtual address + * @ret phys Physical address */ -static inline __always_inline unsigned long -UACCESS_INLINE ( linux, user_to_phys ) ( userptr_t userptr, off_t offset ) { +static inline __always_inline physaddr_t +UACCESS_INLINE ( linux, virt_to_phys ) ( volatile const void *virt ) { /* We do not know the real underlying physical address. We * provide this stub implementation only because it is - * required by alloc_memblock() (which allocates memory with - * specified physical address alignment). We assume that the - * low-order bits of virtual addresses match the low-order - * bits of physical addresses, and so simply returning the - * virtual address will suffice for the purpose of determining + * required in order to allocate memory with a specified + * physical address alignment. We assume that the low-order + * bits of virtual addresses match the low-order bits of + * physical addresses, and so simply returning the virtual + * address will suffice for the purpose of determining * alignment. */ - return ( userptr + offset ); + return ( ( physaddr_t ) virt ); } /** - * Convert physical address to user pointer + * Convert physical address to virtual address * - * @v phys_addr Physical address - * @ret userptr User pointer + * @v phys Physical address + * @ret virt Virtual address */ -static inline __always_inline userptr_t -UACCESS_INLINE ( linux, phys_to_user ) ( physaddr_t phys_addr ) { - - /* For symmetry with the stub user_to_phys() */ - return phys_addr; -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( linux, virt_to_user ) ( volatile const void *addr ) { - return trivial_virt_to_user ( addr ); -} - static inline __always_inline void * -UACCESS_INLINE ( linux, user_to_virt ) ( userptr_t userptr, off_t offset ) { - return trivial_user_to_virt ( userptr, offset ); -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( linux, userptr_add ) ( userptr_t userptr, off_t offset ) { - return trivial_userptr_add ( userptr, offset ); -} - -static inline __always_inline off_t -UACCESS_INLINE ( linux, userptr_sub ) ( userptr_t userptr, - userptr_t subtrahend ) { - return trivial_userptr_sub ( userptr, subtrahend ); -} - -static inline __always_inline void -UACCESS_INLINE ( linux, memcpy_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memcpy_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline void -UACCESS_INLINE ( linux, memmove_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memmove_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline int -UACCESS_INLINE ( linux, memcmp_user ) ( userptr_t first, off_t first_off, - userptr_t second, off_t second_off, - size_t len ) { - return trivial_memcmp_user ( first, first_off, second, second_off, len); -} - -static inline __always_inline void -UACCESS_INLINE ( linux, memset_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - trivial_memset_user ( buffer, offset, c, len ); -} - -static inline __always_inline size_t -UACCESS_INLINE ( linux, strlen_user ) ( userptr_t buffer, off_t offset ) { - return trivial_strlen_user ( buffer, offset ); -} +UACCESS_INLINE ( linux, phys_to_virt ) ( physaddr_t phys ) { -static inline __always_inline off_t -UACCESS_INLINE ( linux, memchr_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - return trivial_memchr_user ( buffer, offset, c, len ); + /* For symmetry with the stub virt_to_phys() */ + return ( ( void * ) phys ); } #endif /* _IPXE_LINUX_UACCESS_H */ diff --git a/src/include/ipxe/linux/linux_umalloc.h b/src/include/ipxe/linux/linux_umalloc.h index 1811d0bc6..c1669b42a 100644 --- a/src/include/ipxe/linux/linux_umalloc.h +++ b/src/include/ipxe/linux/linux_umalloc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef UMALLOC_LINUX #define UMALLOC_PREFIX_linux diff --git a/src/include/ipxe/linux_sysfs.h b/src/include/ipxe/linux_sysfs.h index d97b649c0..fbe1e6e8a 100644 --- a/src/include/ipxe/linux_sysfs.h +++ b/src/include/ipxe/linux_sysfs.h @@ -9,8 +9,6 @@ FILE_LICENCE ( GPL2_OR_LATER ); -#include <ipxe/uaccess.h> - -extern int linux_sysfs_read ( const char *filename, userptr_t *data ); +extern int linux_sysfs_read ( const char *filename, void **data ); #endif /* _IPXE_LINUX_SYSFS_H */ diff --git a/src/include/ipxe/list.h b/src/include/ipxe/list.h index 2f02e71f0..4282d8455 100644 --- a/src/include/ipxe/list.h +++ b/src/include/ipxe/list.h @@ -10,6 +10,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <assert.h> diff --git a/src/include/ipxe/lkrn.h b/src/include/ipxe/lkrn.h new file mode 100644 index 000000000..88b4d0485 --- /dev/null +++ b/src/include/ipxe/lkrn.h @@ -0,0 +1,105 @@ +#ifndef _IPXE_LKRN_H +#define _IPXE_LKRN_H + +/** @file + * + * Linux kernel images + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <stdint.h> + +/** Kernel image header */ +struct lkrn_header { + /** Executable code */ + uint32_t code[2]; + /** Image load offset */ + uint64_t text_offset; + /** Image size */ + uint64_t image_size; + /** Flags */ + uint64_t flags; + /** Reserved */ + uint8_t reserved_a[24]; + /** Magic */ + uint32_t magic; + /** Reserved */ + uint8_t reserved_b[4]; +} __attribute__ (( packed )); + +/** Kernel magic value */ +#define LKRN_MAGIC( a, b, c, d ) \ + ( ( (a) << 0 ) | ( (b) << 8 ) | ( (c) << 16 ) | ( (d) << 24 ) ) + +/** Kernel magic value for AArch64 */ +#define LKRN_MAGIC_AARCH64 LKRN_MAGIC ( 'A', 'R', 'M', 0x64 ) + +/** Kernel magic value for RISC-V */ +#define LKRN_MAGIC_RISCV LKRN_MAGIC ( 'R', 'S', 'C', 0x05 ) + +/** Kernel image context */ +struct lkrn_context { + /** Load offset */ + size_t offset; + /** File size */ + size_t filesz; + /** Memory size */ + size_t memsz; + + /** Start of RAM */ + physaddr_t ram; + /** Entry point */ + physaddr_t entry; + /** Initial ramdisk (if any) */ + physaddr_t initrd; + /** Device tree */ + physaddr_t fdt; +}; + +/** Compressed kernel image header */ +struct zimg_header { + /** Reserved */ + uint8_t reserved_a[4]; + /** Magic */ + uint32_t magic; + /** Offset to payload */ + uint32_t offset; + /** Length of payload */ + uint32_t len; + /** Reserved */ + uint8_t reserved_b[8]; + /** Compression type */ + uint32_t type; +} __attribute__ (( packed )); + +/** Compressed kernel image magic value */ +#define ZIMG_MAGIC LKRN_MAGIC ( 'z', 'i', 'm', 'g' ) + +/** Compressed kernel image context */ +struct zimg_context { + /** Offset to compressed data */ + size_t offset; + /** Length of compressed data */ + size_t len; + /** Compression type */ + union { + /** Raw type */ + uint32_t raw; + /** Printable string */ + char string[5]; + } type; +}; + +#include <bits/lkrn.h> + +/** + * Jump to kernel entry point + * + * @v entry Kernel entry point + * @v fdt Device tree + */ +void lkrn_jump ( physaddr_t entry, physaddr_t fdt ); + +#endif /* _IPXE_LKRN_H */ diff --git a/src/include/ipxe/lldp.h b/src/include/ipxe/lldp.h index 9951d3b8f..7d4e7f6cf 100644 --- a/src/include/ipxe/lldp.h +++ b/src/include/ipxe/lldp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/login_ui.h b/src/include/ipxe/login_ui.h index 07b1dd49e..5e092b311 100644 --- a/src/include/ipxe/login_ui.h +++ b/src/include/ipxe/login_ui.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int login_ui ( int nouser ); diff --git a/src/include/ipxe/malloc.h b/src/include/ipxe/malloc.h index 180ca001d..fac46bd00 100644 --- a/src/include/ipxe/malloc.h +++ b/src/include/ipxe/malloc.h @@ -10,6 +10,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* * Prototypes for the standard functions (malloc() et al) are in @@ -18,66 +19,75 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * */ #include <stdlib.h> +#include <ipxe/list.h> #include <ipxe/tables.h> #include <valgrind/memcheck.h> -extern size_t freemem; -extern size_t usedmem; -extern size_t maxusedmem; - -extern void * __malloc alloc_memblock ( size_t size, size_t align, - size_t offset ); -extern void free_memblock ( void *ptr, size_t size ); -extern void mpopulate ( void *start, size_t len ); -extern void mdumpfree ( void ); - /** - * Allocate memory with specified physical alignment and offset - * - * @v size Requested size - * @v align Physical alignment - * @v offset Offset from physical alignment - * @ret ptr Memory, or NULL + * Address for zero-length memory blocks * - * @c align must be a power of two. @c size may not be zero. - */ -static inline void * __malloc malloc_phys_offset ( size_t size, - size_t phys_align, - size_t offset ) { - void * ptr = alloc_memblock ( size, phys_align, offset ); - if ( ptr && size ) - VALGRIND_MALLOCLIKE_BLOCK ( ptr, size, 0, 0 ); - return ptr; -} - -/** - * Allocate memory with specified physical alignment + * @c malloc(0) or @c realloc(ptr,0) will return the special value @c + * NOWHERE. Calling @c free(NOWHERE) will have no effect. * - * @v size Requested size - * @v align Physical alignment - * @ret ptr Memory, or NULL + * This is consistent with the ANSI C standards, which state that + * "either NULL or a pointer suitable to be passed to free()" must be + * returned in these cases. Using a special non-NULL value means that + * the caller can take a NULL return value to indicate failure, + * without first having to check for a requested size of zero. * - * @c align must be a power of two. @c size may not be zero. + * Code outside of the memory allocators themselves does not ever need + * to refer to the actual value of @c NOWHERE; this is an internal + * definition. */ -static inline void * __malloc malloc_phys ( size_t size, size_t phys_align ) { - return malloc_phys_offset ( size, phys_align, 0 ); -} +#define NOWHERE ( ( void * ) ~( ( intptr_t ) 0 ) ) -/** - * Free memory allocated with malloc_phys() - * - * @v ptr Memory allocated by malloc_phys(), or NULL - * @v size Size of memory, as passed to malloc_phys() - * - * Memory allocated with malloc_phys() can only be freed with - * free_phys(); it cannot be freed with the standard free(). - * - * If @c ptr is NULL, no action is taken. - */ -static inline void free_phys ( void *ptr, size_t size ) { - VALGRIND_FREELIKE_BLOCK ( ptr, 0 ); - free_memblock ( ptr, size ); -} +/** A heap */ +struct heap { + /** List of free memory blocks */ + struct list_head blocks; + + /** Alignment for free memory blocks */ + size_t align; + /** Alignment for size-tracked allocations */ + size_t ptr_align; + + /** Total amount of free memory */ + size_t freemem; + /** Total amount of used memory */ + size_t usedmem; + /** Maximum amount of used memory */ + size_t maxusedmem; + + /** + * Attempt to grow heap (optional) + * + * @v size Failed allocation size + * @ret grown Heap has grown: retry allocations + */ + unsigned int ( * grow ) ( size_t size ); + /** + * Allow heap to shrink (optional) + * + * @v ptr Start of free block + * @v size Size of free block + * @ret shrunk Heap has shrunk: discard block + * + * Note that the discarded block will be accessed once after + * this method returns, in order to clear the free block + * metadata. + */ + unsigned int ( * shrink ) ( void *ptr, size_t size ); +}; + +extern void * heap_realloc ( struct heap *heap, void *old_ptr, + size_t new_size ); +extern void heap_dump ( struct heap *heap ); +extern void heap_populate ( struct heap *heap, void *start, size_t len ); + +extern void * __malloc malloc_phys_offset ( size_t size, size_t phys_align, + size_t offset ); +extern void * __malloc malloc_phys ( size_t size, size_t phys_align ); +extern void free_phys ( void *ptr, size_t size ); /** A cache discarder */ struct cache_discarder { diff --git a/src/include/ipxe/md4.h b/src/include/ipxe/md4.h index 9f6cb8a5f..60512993b 100644 --- a/src/include/ipxe/md4.h +++ b/src/include/ipxe/md4.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/md5.h b/src/include/ipxe/md5.h index 527ad3658..275e63824 100644 --- a/src/include/ipxe/md5.h +++ b/src/include/ipxe/md5.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/memblock.h b/src/include/ipxe/memblock.h deleted file mode 100644 index 2bb38c460..000000000 --- a/src/include/ipxe/memblock.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef _IPXE_MEMBLOCK_H -#define _IPXE_MEMBLOCK_H - -/** @file - * - * Largest memory block - * - */ - -FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); - -#include <stdint.h> -#include <ipxe/uaccess.h> - -extern size_t largest_memblock ( userptr_t *start ); - -#endif /* _IPXE_MEMBLOCK_H */ diff --git a/src/include/ipxe/memmap.h b/src/include/ipxe/memmap.h new file mode 100644 index 000000000..4a768f867 --- /dev/null +++ b/src/include/ipxe/memmap.h @@ -0,0 +1,236 @@ +#ifndef _IPXE_MEMMAP_H +#define _IPXE_MEMMAP_H + +/** @file + * + * System memory map + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stddef.h> +#include <stdint.h> +#include <ipxe/api.h> +#include <ipxe/tables.h> +#include <config/ioapi.h> + +/** + * Calculate static inline memory map API function name + * + * @v _prefix Subsystem prefix + * @v _api_func API function + * @ret _subsys_func Subsystem API function + */ +#define MEMMAP_INLINE( _subsys, _api_func ) \ + SINGLE_API_INLINE ( MEMMAP_PREFIX_ ## _subsys, _api_func ) + +/** + * Provide a memory map API implementation + * + * @v _prefix Subsystem prefix + * @v _api_func API function + * @v _func Implementing function + */ +#define PROVIDE_MEMMAP( _subsys, _api_func, _func ) \ + PROVIDE_SINGLE_API ( MEMMAP_PREFIX_ ## _subsys, _api_func, _func ) + +/** + * Provide a static inline memory map API implementation + * + * @v _prefix Subsystem prefix + * @v _api_func API function + */ +#define PROVIDE_MEMMAP_INLINE( _subsys, _api_func ) \ + PROVIDE_SINGLE_API_INLINE ( MEMMAP_PREFIX_ ## _subsys, _api_func ) + +/** A memory region descriptor */ +struct memmap_region { + /** Minimum address in region */ + uint64_t min; + /** Maximum address in region */ + uint64_t max; + /** Region flags */ + unsigned int flags; + /** Region name (for debug messages) */ + const char *name; +}; + +#define MEMMAP_FL_MEMORY 0x0001 /**< Contains memory */ +#define MEMMAP_FL_RESERVED 0x0002 /**< Is reserved */ +#define MEMMAP_FL_USED 0x0004 /**< Is in use by iPXE */ +#define MEMMAP_FL_INACCESSIBLE 0x0008 /**< Outside of addressable range */ + +/** + * Initialise memory region descriptor + * + * @v min Minimum address + * @v region Region descriptor to fill in + */ +static inline __attribute__ (( always_inline )) void +memmap_init ( uint64_t min, struct memmap_region *region ) { + + region->min = min; + region->max = ~( ( uint64_t ) 0 ); + region->flags = 0; + region->name = NULL; +} + +/** + * Check if memory region is usable + * + * @v region Region descriptor + * @ret is_usable Memory region is usable + */ +static inline __attribute__ (( always_inline )) int +memmap_is_usable ( const struct memmap_region *region ) { + + return ( region->flags == MEMMAP_FL_MEMORY ); +} + +/** + * Get remaining size of memory region (from the described address upwards) + * + * @v region Region descriptor + * @ret size Size of memory region + */ +static inline __attribute__ (( always_inline )) uint64_t +memmap_size ( const struct memmap_region *region ) { + + /* Calculate size, assuming overflow is known to be impossible */ + return ( region->max - region->min + 1 ); +} + +/** An in-use memory region */ +struct used_region { + /** Region name */ + const char *name; + /** Start address */ + physaddr_t start; + /** Length of region */ + size_t size; +}; + +/** In-use memory region table */ +#define USED_REGIONS __table ( struct used_region, "used_regions" ) + +/** Declare an in-use memory region */ +#define __used_region __table_entry ( USED_REGIONS, 01 ) + +/* Include all architecture-independent ACPI API headers */ +#include <ipxe/null_memmap.h> +#include <ipxe/fdtmem.h> + +/* Include all architecture-dependent ACPI API headers */ +#include <bits/memmap.h> + +/** + * Describe memory region from system memory map + * + * @v min Minimum address + * @v hide Hide in-use regions from the memory map + * @v region Region descriptor to fill in + */ +void memmap_describe ( uint64_t min, int hide, struct memmap_region *region ); + +/** + * Synchronise in-use regions with the externally visible system memory map + * + * In environments such as x86 BIOS, we need to patch the global + * system memory map to hide our in-use regions, since there is no + * other way to communicate this information to external code. + */ +void memmap_sync ( void ); + +/** + * Update an in-use memory region + * + * @v used In-use memory region + * @v start Start address + * @v size Length of region + */ +static inline __attribute__ (( always_inline )) void +memmap_use ( struct used_region *used, physaddr_t start, size_t size ) { + + /* Record region */ + used->start = start; + used->size = size; + + /* Synchronise externally visible memory map */ + memmap_sync(); +} + +/** + * Iterate over memory regions from a given starting address + * + * @v region Region descriptor + * @v start Starting address + * @v hide Hide in-use regions from the memory map + */ +#define for_each_memmap_from( region, start, hide ) \ + for ( (region)->min = (start), (region)->max = 0 ; \ + ( ( ( (region)->max + 1 ) != 0 ) && \ + ( memmap_describe ( (region)->min, (hide), \ + (region) ), 1 ) ) ; \ + (region)->min = ( (region)->max + 1 ) ) + +/** + * Iterate over memory regions + * + * @v region Region descriptor + * @v hide Hide in-use regions from the memory map + */ +#define for_each_memmap( region, hide ) \ + for_each_memmap_from ( (region), 0, (hide) ) + +#define DBG_MEMMAP_IF( level, region ) do { \ + const char *name = (region)->name; \ + unsigned int flags = (region)->flags; \ + \ + DBG_IF ( level, "MEMMAP (%s%s%s%s) [%#08llx,%#08llx]%s%s\n", \ + ( ( flags & MEMMAP_FL_MEMORY ) ? "M" : "-" ), \ + ( ( flags & MEMMAP_FL_RESERVED ) ? "R" : "-" ), \ + ( ( flags & MEMMAP_FL_USED ) ? "U" : "-" ), \ + ( ( flags & MEMMAP_FL_INACCESSIBLE ) ? "X" : "-" ), \ + ( ( unsigned long long ) (region)->min ), \ + ( ( unsigned long long ) (region)->max ), \ + ( name ? " " : "" ), ( name ? name : "" ) ); \ + } while ( 0 ) + +#define DBGC_MEMMAP_IF( level, id, ... ) do { \ + DBG_AC_IF ( level, id ); \ + DBG_MEMMAP_IF ( level, __VA_ARGS__ ); \ + DBG_DC_IF ( level ); \ + } while ( 0 ) + +#define DBGC_MEMMAP( ... ) DBGC_MEMMAP_IF ( LOG, ##__VA_ARGS__ ) +#define DBGC2_MEMMAP( ... ) DBGC_MEMMAP_IF ( EXTRA, ##__VA_ARGS__ ) +#define DBGCP_MEMMAP( ... ) DBGC_MEMMAP_IF ( PROFILE, ##__VA_ARGS__ ) + +/** + * Dump system memory map (for debugging) + * + * @v hide Hide in-use regions from the memory map + */ +static inline void memmap_dump_all ( int hide ) { + struct memmap_region region; + + /* Do nothing unless debugging is enabled */ + if ( ! DBG_LOG ) + return; + + /* Describe all memory regions */ + DBGC ( &memmap_describe, "MEMMAP with in-use regions %s:\n", + ( hide ? "hidden" : "ignored" ) ); + for_each_memmap ( ®ion, hide ) + DBGC_MEMMAP ( &memmap_describe, ®ion ); +} + +extern void memmap_update ( struct memmap_region *region, uint64_t start, + uint64_t size, unsigned int flags, + const char *name ); +extern void memmap_update_used ( struct memmap_region *region ); +extern size_t memmap_largest ( physaddr_t *start ); + +#endif /* _IPXE_MEMMAP_H */ diff --git a/src/include/ipxe/menu.h b/src/include/ipxe/menu.h deleted file mode 100644 index 33965cfdf..000000000 --- a/src/include/ipxe/menu.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef _IPXE_MENU_H -#define _IPXE_MENU_H - -/** @file - * - * Menu selection - * - */ - -FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); - -#include <ipxe/list.h> - -/** A menu */ -struct menu { - /** List of menus */ - struct list_head list; - /** Name */ - const char *name; - /** Title */ - const char *title; - /** Menu items */ - struct list_head items; - /** Hidden menu items, accessible via hotkey only */ - struct list_head hidden_items; -}; - -/** A menu item */ -struct menu_item { - /** List of menu items */ - struct list_head list; - /** Label */ - const char *label; - /** Text */ - const char *text; - /** Shortcut key */ - int shortcut; - /** Is default item */ - int is_default; -}; - -extern struct menu * create_menu ( const char *name, const char *title ); -extern struct menu_item * add_menu_item ( struct menu *menu, const char *label, - const char *text, int shortcut, - int is_default, int is_hidden ); -extern void destroy_menu ( struct menu *menu ); -extern struct menu * find_menu ( const char *name ); -extern int show_menu ( struct menu *menu, unsigned long timeout, - const char *select, struct menu_item **selected ); - -#endif /* _IPXE_MENU_H */ diff --git a/src/include/ipxe/message.h b/src/include/ipxe/message.h new file mode 100644 index 000000000..997135d70 --- /dev/null +++ b/src/include/ipxe/message.h @@ -0,0 +1,17 @@ +#ifndef _IPXE_MESSAGE_H +#define _IPXE_MESSAGE_H + +/** @file + * + * Message printing + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +extern void msg ( unsigned int row, const char *fmt, ... ); +extern void clearmsg ( unsigned int row ); +extern void alert ( unsigned int row, const char *fmt, ... ); + +#endif /* _IPXE_MESSAGE_H */ diff --git a/src/include/ipxe/mii.h b/src/include/ipxe/mii.h index 89fc92a4a..061aeb24e 100644 --- a/src/include/ipxe/mii.h +++ b/src/include/ipxe/mii.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <mii.h> #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/monojob.h b/src/include/ipxe/monojob.h index 1661d91c2..cda27616a 100644 --- a/src/include/ipxe/monojob.h +++ b/src/include/ipxe/monojob.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct interface; diff --git a/src/include/ipxe/nap.h b/src/include/ipxe/nap.h index f4de778c4..eff5ad5b9 100644 --- a/src/include/ipxe/nap.h +++ b/src/include/ipxe/nap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/api.h> #include <config/nap.h> @@ -43,6 +44,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /* Include all architecture-independent I/O API headers */ #include <ipxe/null_nap.h> +#include <ipxe/efi/efi_nap.h> #include <ipxe/linux/linux_nap.h> /* Include all architecture-dependent I/O API headers */ @@ -52,6 +54,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * Sleep until next CPU interrupt * */ +void cpu_halt ( void ); + +/** + * Sleep with interrupts enabled until next CPU interrupt + * + */ void cpu_nap ( void ); #endif /* _IPXE_NAP_H */ diff --git a/src/include/ipxe/ndp.h b/src/include/ipxe/ndp.h index 1815236f5..0c8a9a27d 100644 --- a/src/include/ipxe/ndp.h +++ b/src/include/ipxe/ndp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/in.h> @@ -189,15 +190,13 @@ extern struct neighbour_discovery ndp_discovery; * @v netdev Network device * @v net_dest Destination network-layer address * @v net_source Source network-layer address - * @v ll_source Source link-layer address * @ret rc Return status code */ static inline int ndp_tx ( struct io_buffer *iobuf, struct net_device *netdev, - const void *net_dest, const void *net_source, - const void *ll_source ) { + const void *net_dest, const void *net_source ) { return neighbour_tx ( iobuf, netdev, &ipv6_protocol, net_dest, - &ndp_discovery, net_source, ll_source ); + &ndp_discovery, net_source ); } /** NDP settings block name */ diff --git a/src/include/ipxe/neighbour.h b/src/include/ipxe/neighbour.h index 1c1d1b6ca..d400bb93a 100644 --- a/src/include/ipxe/neighbour.h +++ b/src/include/ipxe/neighbour.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> @@ -49,9 +50,9 @@ struct neighbour { /** Link-layer destination address */ uint8_t ll_dest[MAX_LL_ADDR_LEN]; - /** Neighbour discovery protocol (if any) */ + /** Neighbour discovery protocol (if discovery is ongoing) */ struct neighbour_discovery *discovery; - /** Network-layer source address (if any) */ + /** Network-layer source address (for discovery requests) */ uint8_t net_source[MAX_NET_ADDR_LEN]; /** Retransmission timer */ struct retry_timer timer; @@ -60,16 +61,11 @@ struct neighbour { struct list_head tx_queue; }; -/** - * Test if neighbour cache entry has a valid link-layer address - * - * @v neighbour Neighbour cache entry - * @ret has_ll_dest Neighbour cache entry has a valid link-layer address - */ -static inline __attribute__ (( always_inline )) int -neighbour_has_ll_dest ( struct neighbour *neighbour ) { - return ( ! timer_running ( &neighbour->timer ) ); -} +/** A neighbour transmission delay pseudo-header */ +struct neighbour_delay { + /** Original transmission time (in ticks) */ + unsigned long start; +}; extern struct list_head neighbours; @@ -77,7 +73,7 @@ extern int neighbour_tx ( struct io_buffer *iobuf, struct net_device *netdev, struct net_protocol *net_protocol, const void *net_dest, struct neighbour_discovery *discovery, - const void *net_source, const void *ll_source ); + const void *net_source ); extern int neighbour_update ( struct net_device *netdev, struct net_protocol *net_protocol, const void *net_dest, const void *ll_dest ); diff --git a/src/include/ipxe/netbios.h b/src/include/ipxe/netbios.h index c11552556..80f791738 100644 --- a/src/include/ipxe/netbios.h +++ b/src/include/ipxe/netbios.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern const char * netbios_domain ( char **username ); diff --git a/src/include/ipxe/netdevice.h b/src/include/ipxe/netdevice.h index caa83b44b..62f0dd1f7 100644 --- a/src/include/ipxe/netdevice.h +++ b/src/include/ipxe/netdevice.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/list.h> @@ -457,6 +458,9 @@ struct net_device { /** Network device poll is in progress */ #define NETDEV_POLL_IN_PROGRESS 0x0020 +/** Network device must be polled even when closed */ +#define NETDEV_INSOMNIAC 0x0040 + /** Link-layer protocol table */ #define LL_PROTOCOLS __table ( struct ll_protocol, "ll_protocols" ) @@ -693,6 +697,17 @@ netdev_rx_frozen ( struct net_device *netdev ) { return ( netdev->state & NETDEV_RX_FROZEN ); } +/** + * Check whether or not network device must be polled even while closed + * + * @v netdev Network device + * @ret insomniac Network device must be polled even while closed + */ +static inline __attribute__ (( always_inline )) int +netdev_insomniac ( struct net_device *netdev ) { + return ( netdev->state & NETDEV_INSOMNIAC ); +} + extern void * netdev_priv ( struct net_device *netdev, struct net_driver *driver ); extern void netdev_rx_freeze ( struct net_device *netdev ); diff --git a/src/include/ipxe/ns16550.h b/src/include/ipxe/ns16550.h new file mode 100644 index 000000000..156249292 --- /dev/null +++ b/src/include/ipxe/ns16550.h @@ -0,0 +1,120 @@ +#ifndef _IPXE_NS16550_H +#define _IPXE_NS16550_H + +/** @file + * + * 16550-compatible UART + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <ipxe/uart.h> + +/** Length of register region */ +#define NS16550_LEN 8 + +/** Transmitter holding register */ +#define NS16550_THR 0x00 + +/** Receiver buffer register */ +#define NS16550_RBR 0x00 + +/** Interrupt enable register */ +#define NS16550_IER 0x01 + +/** FIFO control register */ +#define NS16550_FCR 0x02 +#define NS16550_FCR_FE 0x01 /**< FIFO enable */ + +/** Line control register */ +#define NS16550_LCR 0x03 +#define NS16550_LCR_WLS0 0x01 /**< Word length select bit 0 */ +#define NS16550_LCR_WLS1 0x02 /**< Word length select bit 1 */ +#define NS16550_LCR_STB 0x04 /**< Number of stop bits */ +#define NS16550_LCR_PEN 0x08 /**< Parity enable */ +#define NS16550_LCR_EPS 0x10 /**< Even parity select */ +#define NS16550_LCR_DLAB 0x80 /**< Divisor latch access bit */ + +#define NS16550_LCR_WORD_LEN(x) ( ( (x) - 5 ) << 0 ) /**< Word length */ +#define NS16550_LCR_STOP_BITS(x) ( ( (x) - 1 ) << 2 ) /**< Stop bits */ +#define NS16550_LCR_PARITY(x) ( ( (x) - 0 ) << 3 ) /**< Parity */ + +/** + * Calculate line control register value + * + * @v word_len Word length (5-8) + * @v parity Parity (0=none, 1=odd, 3=even) + * @v stop_bits Stop bits (1-2) + * @ret lcr Line control register value + */ +#define NS16550_LCR_WPS( word_len, parity, stop_bits ) \ + ( NS16550_LCR_WORD_LEN ( (word_len) ) | \ + NS16550_LCR_PARITY ( (parity) ) | \ + NS16550_LCR_STOP_BITS ( (stop_bits) ) ) + +/** Default LCR value: 8 data bits, no parity, one stop bit */ +#define NS16550_LCR_8N1 NS16550_LCR_WPS ( 8, 0, 1 ) + +/** Modem control register */ +#define NS16550_MCR 0x04 +#define NS16550_MCR_DTR 0x01 /**< Data terminal ready */ +#define NS16550_MCR_RTS 0x02 /**< Request to send */ + +/** Line status register */ +#define NS16550_LSR 0x05 +#define NS16550_LSR_DR 0x01 /**< Data ready */ +#define NS16550_LSR_THRE 0x20 /**< Transmitter holding reg. empty */ +#define NS16550_LSR_TEMT 0x40 /**< Transmitter empty */ + +/** Scratch register */ +#define NS16550_SCR 0x07 + +/** Divisor latch (least significant byte) */ +#define NS16550_DLL 0x00 + +/** Divisor latch (most significant byte) */ +#define NS16550_DLM 0x01 + +/** A 16550-compatible UART */ +struct ns16550_uart { + /** Register base address */ + void *base; + /** Register shift */ + unsigned int shift; + /** Input clock frequency */ + unsigned int clock; + /** Baud rate divisor */ + uint16_t divisor; +}; + +/** Post-division clock cycles per data bit */ +#define NS16550_CLK_BIT 16 + +/** Default input clock rate (1.8432 MHz) */ +#define NS16550_CLK_DEFAULT 1843200 + +#include <bits/ns16550.h> + +/** Dummy COM1 UART for non-x86 platforms + * + * The architecture-independent config/serial.h header has long + * included the line + * + * #define COMCONSOLE COM1 + * + * which is meaningless on non-x86 platforms where there is no COM1 + * port. Allow COM1 to be treated as equivalent to "no UART" on + * non-x86 platforms, to avoid breaking existing build configurations. + */ +#ifndef COM1 +#define COM1 NULL +#endif + +void ns16550_write ( struct ns16550_uart *ns16550, unsigned int address, + uint8_t data ); +uint8_t ns16550_read ( struct ns16550_uart *ns16550, unsigned int address ); + +extern struct uart_operations ns16550_operations; + +#endif /* _IPXE_NS16550_H */ diff --git a/src/include/ipxe/ntlm.h b/src/include/ipxe/ntlm.h index b0436c9ac..867f5ddc3 100644 --- a/src/include/ipxe/ntlm.h +++ b/src/include/ipxe/ntlm.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/ntp.h b/src/include/ipxe/ntp.h index f5b3d2326..7f83c6d4f 100644 --- a/src/include/ipxe/ntp.h +++ b/src/include/ipxe/ntp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/in.h> diff --git a/src/include/ipxe/null_acpi.h b/src/include/ipxe/null_acpi.h index cedb02839..dd3992630 100644 --- a/src/include/ipxe/null_acpi.h +++ b/src/include/ipxe/null_acpi.h @@ -8,6 +8,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stddef.h> #ifdef ACPI_NULL #define ACPI_PREFIX_null @@ -15,11 +18,11 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ACPI_PREFIX_null __null_ #endif -static inline __attribute__ (( always_inline )) userptr_t +static inline __attribute__ (( always_inline )) const struct acpi_header * ACPI_INLINE ( null, acpi_find ) ( uint32_t signature __unused, unsigned int index __unused ) { - return UNULL; + return NULL; } #endif /* _IPXE_NULL_ACPI_H */ diff --git a/src/include/ipxe/null_memmap.h b/src/include/ipxe/null_memmap.h new file mode 100644 index 000000000..122280d14 --- /dev/null +++ b/src/include/ipxe/null_memmap.h @@ -0,0 +1,45 @@ +#ifndef _IPXE_NULL_MEMMAP_H +#define _IPXE_NULL_MEMMAP_H + +#include <stdint.h> + +/** @file + * + * Null system memory map API + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef MEMMAP_NULL +#define MEMMAP_PREFIX_null +#else +#define MEMMAP_PREFIX_null __null_ +#endif + +/** + * Describe memory region from system memory map + * + * @v min Minimum address + * @v hide Hide in-use regions from the memory map + * @v region Region descriptor to fill in + */ +static inline __attribute__ (( always_inline )) void +MEMMAP_INLINE ( null, memmap_describe ) ( uint64_t min, int hide __unused, + struct memmap_region *region ) { + + /* Initialise region as empty */ + memmap_init ( min, region ); +} + +/** + * Synchronise in-use regions with the externally visible system memory map + * + */ +static inline __attribute__ (( always_inline )) void +MEMMAP_INLINE ( null, memmap_sync ) ( void ) { + /* Nothing to do */ +} + +#endif /* _IPXE_NULL_MEMMAP_H */ diff --git a/src/include/ipxe/null_nap.h b/src/include/ipxe/null_nap.h index 17145b48b..3f4fc13ae 100644 --- a/src/include/ipxe/null_nap.h +++ b/src/include/ipxe/null_nap.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef NAP_NULL #define NAP_PREFIX_null diff --git a/src/include/ipxe/null_pci.h b/src/include/ipxe/null_pci.h new file mode 100644 index 000000000..1e7b4da60 --- /dev/null +++ b/src/include/ipxe/null_pci.h @@ -0,0 +1,156 @@ +#ifndef _IPXE_NULL_PCI_H +#define _IPXE_NULL_PCI_H + +#include <stdint.h> + +/** @file + * + * Null PCI API + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef PCIAPI_NULL +#define PCIAPI_PREFIX_null +#else +#define PCIAPI_PREFIX_null __null_ +#endif + +struct pci_device; + +/** + * Check if PCI bus probing is allowed + * + * @v pci PCI device + * @ret ok Bus probing is allowed + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_can_probe ) ( struct pci_device *pci __unused ) { + return 0; +} + +/** + * Find next PCI bus:dev.fn address range in system + * + * @v busdevfn Starting PCI bus:dev.fn address + * @v range PCI bus:dev.fn address range to fill in + */ +static inline __always_inline void +PCIAPI_INLINE ( null, pci_discover ) ( uint32_t busdevfn __unused, + struct pci_range *range ) { + + range->start = 0; + range->count = 0; +} + +/** + * Read byte from PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value read + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_read_config_byte ) ( struct pci_device *pci __unused, + unsigned int where __unused, + uint8_t *value ) { + *value = 0xff; + return 0; +} + +/** + * Read word from PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value read + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_read_config_word ) ( struct pci_device *pci __unused, + unsigned int where __unused, + uint16_t *value ) { + *value = 0xffff; + return 0; +} + +/** + * Read dword from PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value read + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_read_config_dword ) ( struct pci_device *pci __unused, + unsigned int where __unused, + uint32_t *value ) { + *value = 0xffffffff; + return 0; +} + +/** + * Write byte to PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value to be written + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_write_config_byte ) ( struct pci_device *pci __unused, + unsigned int where __unused, + uint8_t value __unused ) { + return 0; +} + +/** + * Write word to PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value to be written + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_write_config_word ) ( struct pci_device *pci __unused, + unsigned int where __unused, + uint16_t value __unused ) { + return 0; +} + +/** + * Write dword to PCI configuration space via PCI BIOS + * + * @v pci PCI device + * @v where Location within PCI configuration space + * @v value Value to be written + * @ret rc Return status code + */ +static inline __always_inline int +PCIAPI_INLINE ( null, pci_write_config_dword ) ( struct pci_device *pci + __unused, + unsigned int where __unused, + uint32_t value __unused ) { + return 0; +} + +/** + * Map PCI bus address as an I/O address + * + * @v bus_addr PCI bus address + * @v len Length of region + * @ret io_addr I/O address, or NULL on error + */ +static inline __always_inline void * +PCIAPI_INLINE ( null, pci_ioremap ) ( struct pci_device *pci __unused, + unsigned long bus_addr __unused, + size_t len __unused ) { + return NULL; +} + +#endif /* _IPXE_NULL_PCI_H */ diff --git a/src/include/ipxe/null_reboot.h b/src/include/ipxe/null_reboot.h index 5de38afc0..47539300a 100644 --- a/src/include/ipxe/null_reboot.h +++ b/src/include/ipxe/null_reboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef REBOOT_NULL #define REBOOT_PREFIX_null diff --git a/src/include/ipxe/null_sanboot.h b/src/include/ipxe/null_sanboot.h index b0e36b8b0..d455edbd6 100644 --- a/src/include/ipxe/null_sanboot.h +++ b/src/include/ipxe/null_sanboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SANBOOT_NULL #define SANBOOT_PREFIX_null diff --git a/src/include/ipxe/null_smbios.h b/src/include/ipxe/null_smbios.h new file mode 100644 index 000000000..474398b3c --- /dev/null +++ b/src/include/ipxe/null_smbios.h @@ -0,0 +1,19 @@ +#ifndef _IPXE_NULL_SMBIOS_H +#define _IPXE_NULL_SMBIOS_H + +/** @file + * + * Null SMBIOS API + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef SMBIOS_NULL +#define SMBIOS_PREFIX_null +#else +#define SMBIOS_PREFIX_null __null_ +#endif + +#endif /* _IPXE_NULL_SMBIOS_H */ diff --git a/src/include/ipxe/null_time.h b/src/include/ipxe/null_time.h index d2b15194b..db85769f7 100644 --- a/src/include/ipxe/null_time.h +++ b/src/include/ipxe/null_time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef TIME_NULL #define TIME_PREFIX_null @@ -15,9 +16,4 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define TIME_PREFIX_null __null_ #endif -static inline __always_inline time_t -TIME_INLINE ( null, time_now ) ( void ) { - return 0; -} - #endif /* _IPXE_NULL_TIME_H */ diff --git a/src/include/ipxe/nvo.h b/src/include/ipxe/nvo.h index 7a3c7a3db..39e3a707d 100644 --- a/src/include/ipxe/nvo.h +++ b/src/include/ipxe/nvo.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/dhcpopts.h> diff --git a/src/include/ipxe/nvs.h b/src/include/ipxe/nvs.h index 5789f4c0d..1b02acea6 100644 --- a/src/include/ipxe/nvs.h +++ b/src/include/ipxe/nvs.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/ocsp.h b/src/include/ipxe/ocsp.h index 9eb70b2cc..9302506f8 100644 --- a/src/include/ipxe/ocsp.h +++ b/src/include/ipxe/ocsp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdarg.h> #include <time.h> @@ -76,7 +77,7 @@ struct ocsp_response { /** Signature algorithm */ struct asn1_algorithm *algorithm; /** Signature value */ - struct asn1_bit_string signature; + struct asn1_cursor signature; /** Signing certificate */ struct x509_certificate *signer; }; diff --git a/src/include/ipxe/open.h b/src/include/ipxe/open.h index 64e12d177..f429cadbe 100644 --- a/src/include/ipxe/open.h +++ b/src/include/ipxe/open.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdarg.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/p256.h b/src/include/ipxe/p256.h new file mode 100644 index 000000000..14d429cd9 --- /dev/null +++ b/src/include/ipxe/p256.h @@ -0,0 +1,20 @@ +#ifndef _IPXE_P256_H +#define _IPXE_P256_H + +/** @file + * + * NIST P-256 elliptic curve + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/weierstrass.h> + +/** P-256 value length */ +#define P256_LEN ( 256 / 8 ) + +extern struct elliptic_curve p256_curve; + +#endif /* _IPXE_P256_H */ diff --git a/src/include/ipxe/p384.h b/src/include/ipxe/p384.h new file mode 100644 index 000000000..2fdd8d13c --- /dev/null +++ b/src/include/ipxe/p384.h @@ -0,0 +1,20 @@ +#ifndef _IPXE_P384_H +#define _IPXE_P384_H + +/** @file + * + * NIST P-384 elliptic curve + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/weierstrass.h> + +/** P-384 value length */ +#define P384_LEN ( 384 / 8 ) + +extern struct elliptic_curve p384_curve; + +#endif /* _IPXE_P384_H */ diff --git a/src/include/ipxe/params.h b/src/include/ipxe/params.h index 61e46e029..64008380e 100644 --- a/src/include/ipxe/params.h +++ b/src/include/ipxe/params.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/parseopt.h b/src/include/ipxe/parseopt.h index 61010f22a..dec230b0f 100644 --- a/src/include/ipxe/parseopt.h +++ b/src/include/ipxe/parseopt.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stddef.h> @@ -16,7 +17,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); struct net_device; struct net_device_configurator; -struct menu; +struct dynamic_ui; struct parameters; /** A command-line option descriptor */ @@ -142,7 +143,7 @@ extern int parse_netdev ( char *text, struct net_device **netdev ); extern int parse_netdev_configurator ( char *text, struct net_device_configurator **configurator ); -extern int parse_menu ( char *text, struct menu **menu ); +extern int parse_dynui ( char *text, struct dynamic_ui **dynui ); extern int parse_flag ( char *text __unused, int *flag ); extern int parse_key ( char *text, unsigned int *key ); extern int parse_settings ( char *text, struct settings **settings ); diff --git a/src/include/ipxe/pccrc.h b/src/include/ipxe/pccrc.h index 7f0963428..6d0e3f194 100644 --- a/src/include/ipxe/pccrc.h +++ b/src/include/ipxe/pccrc.h @@ -8,10 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> -#include <ipxe/uaccess.h> #include <ipxe/crypto.h> /****************************************************************************** @@ -300,7 +300,7 @@ struct peerdist_info_v2_segment { /** Raw content information */ struct peerdist_raw { /** Data buffer */ - userptr_t data; + const void *data; /** Length of data buffer */ size_t len; }; @@ -435,7 +435,7 @@ struct peerdist_info_operations { extern struct digest_algorithm sha512_trunc_algorithm; -extern int peerdist_info ( userptr_t data, size_t len, +extern int peerdist_info ( const void *data, size_t len, struct peerdist_info *info ); extern int peerdist_info_segment ( const struct peerdist_info *info, struct peerdist_info_segment *segment, diff --git a/src/include/ipxe/pccrd.h b/src/include/ipxe/pccrd.h index 3daa92f29..453ef666d 100644 --- a/src/include/ipxe/pccrd.h +++ b/src/include/ipxe/pccrd.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** PeerDist discovery port */ #define PEERDIST_DISCOVERY_PORT 3702 diff --git a/src/include/ipxe/pccrr.h b/src/include/ipxe/pccrr.h index 1ea86c40d..92522d0b7 100644 --- a/src/include/ipxe/pccrr.h +++ b/src/include/ipxe/pccrr.h @@ -10,9 +10,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> -#include <ipxe/uaccess.h> /** Magic retrieval URI path */ #define PEERDIST_MAGIC_PATH "/116B50EB-ECE2-41ac-8429-9F9E963361B7/" @@ -350,27 +350,4 @@ struct peerdist_msg_blk { /** Retrieval protocol block fetch response type */ #define PEERDIST_MSG_BLK_TYPE 0x00000005UL -/** - * Parse retrieval protocol block fetch response - * - * @v raw Raw data - * @v raw_len Length of raw data - * @v digestsize Digest size - * @v blksize Cipher block size - * @v blk Structure to fill in - * @ret rc Return status code - */ -#define peerdist_msg_blk( raw, raw_len, digestsize, blksize, blk ) ( { \ - assert ( sizeof ( (blk)->segment.id ) == (digestsize) ); \ - assert ( sizeof ( (blk)->block.data ) == 0 ); \ - assert ( sizeof ( (blk)->vrf.data ) == 0 ); \ - assert ( sizeof ( (blk)->iv.data ) == blksize ); \ - peerdist_msg_blk_untyped ( (raw), (raw_len), (digestsize), \ - (blksize), blk ); \ - } ) - -extern int peerdist_msg_blk_untyped ( userptr_t raw, size_t raw_len, - size_t digestsize, size_t blksize, - void *out ); - #endif /* _IPXE_PCCRR_H */ diff --git a/src/include/ipxe/pci.h b/src/include/ipxe/pci.h index 8c6d9e4e2..44095afe2 100644 --- a/src/include/ipxe/pci.h +++ b/src/include/ipxe/pci.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/device.h> @@ -151,7 +152,11 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** Memory base and limit */ #define PCI_MEM_BASE 0x20 #define PCI_MEM_LIMIT 0x22 -#define PCI_MEM_MASK 0x000f +#define PCI_MEM_MASK 0x000fUL +#define PCI_PREFMEM_BASE 0x24 +#define PCI_PREFMEM_LIMIT 0x26 +#define PCI_PREFMEM_BASE_HI 0x28 +#define PCI_PREFMEM_LIMIT_HI 0x2c /** Construct PCI class * @@ -314,6 +319,9 @@ struct pci_driver { extern void adjust_pci_device ( struct pci_device *pci ); extern unsigned long pci_bar_start ( struct pci_device *pci, unsigned int reg ); +extern void pci_bar_set ( struct pci_device *pci, unsigned int reg, + unsigned long start ); +extern unsigned long pci_bar_size ( struct pci_device *pci, unsigned int reg ); extern int pci_read_config ( struct pci_device *pci ); extern int pci_find_next ( struct pci_device *pci, uint32_t *busdevfn ); extern int pci_find_driver ( struct pci_device *pci ); @@ -322,7 +330,6 @@ extern void pci_remove ( struct pci_device *pci ); extern int pci_find_capability ( struct pci_device *pci, int capability ); extern int pci_find_next_capability ( struct pci_device *pci, int pos, int capability ); -extern unsigned long pci_bar_size ( struct pci_device *pci, unsigned int reg ); extern void pci_reset ( struct pci_device *pci, unsigned int exp ); /** diff --git a/src/include/ipxe/pci_io.h b/src/include/ipxe/pci_io.h index 4c035b18b..e67832fec 100644 --- a/src/include/ipxe/pci_io.h +++ b/src/include/ipxe/pci_io.h @@ -8,9 +8,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/api.h> +#include <ipxe/tables.h> #include <ipxe/iomap.h> #include <config/ioapi.h> @@ -59,7 +61,9 @@ struct pci_range { PROVIDE_SINGLE_API_INLINE ( PCIAPI_PREFIX_ ## _subsys, _api_func ) /* Include all architecture-independent I/O API headers */ +#include <ipxe/null_pci.h> #include <ipxe/ecam_io.h> +#include <ipxe/pcicloud.h> #include <ipxe/efi/efi_pci_api.h> #include <ipxe/linux/linux_pci.h> @@ -67,6 +71,14 @@ struct pci_range { #include <bits/pci_io.h> /** + * Check if PCI bus probing is allowed + * + * @v pci PCI device + * @ret ok Bus probing is allowed + */ +int pci_can_probe ( struct pci_device *pci ); + +/** * Find next PCI bus:dev.fn address range in system * * @v busdevfn Starting PCI bus:dev.fn address @@ -153,6 +165,7 @@ void * pci_ioremap ( struct pci_device *pci, unsigned long bus_addr, /** A runtime selectable PCI I/O API */ struct pci_api { const char *name; + typeof ( pci_can_probe ) ( * pci_can_probe ); typeof ( pci_discover ) ( * pci_discover ); typeof ( pci_read_config_byte ) ( * pci_read_config_byte ); typeof ( pci_read_config_word ) ( * pci_read_config_word ); @@ -163,23 +176,47 @@ struct pci_api { typeof ( pci_ioremap ) ( * pci_ioremap ); }; +/** Runtime selectable PCI API table */ +#define PCI_APIS __table ( struct pci_api, "pci_apis" ) + +/** + * Declare a runtime selectable PCI API + * + * In the common case of a non-runtime-selectable PCI I/O API, allow + * the runtime API code to be garbage-collected at link time to save + * space. + */ +#ifdef PCIAPI_CLOUD +#define __pci_api( priority ) __table_entry ( PCI_APIS, priority ) +#else +#define __pci_api( priority ) +#endif + +/* PCI runtime selectable API priorities */ +#define PCIAPI_PRIORITY_EFI 01 /**< EFI PCI I/O protocols */ +#define PCIAPI_PRIORITY_ECAM 02 /**< ACPI ECAM */ +#define PCIAPI_PRIORITY_PCBIOS 03 /**< PCI BIOS calls */ +#define PCIAPI_PRIORITY_DIRECT 04 /**< Direct Type 1 accesses */ + /** Provide a runtime selectable PCI I/O API */ -#define PCIAPI_RUNTIME( _subsys ) { \ - .name = #_subsys, \ - .pci_discover = PCIAPI_INLINE ( _subsys, pci_discover ), \ - .pci_read_config_byte = \ - PCIAPI_INLINE ( _subsys, pci_read_config_byte ), \ - .pci_read_config_word = \ - PCIAPI_INLINE ( _subsys, pci_read_config_word ), \ - .pci_read_config_dword = \ - PCIAPI_INLINE ( _subsys, pci_read_config_dword ), \ - .pci_write_config_byte = \ - PCIAPI_INLINE ( _subsys, pci_write_config_byte ), \ - .pci_write_config_word = \ - PCIAPI_INLINE ( _subsys, pci_write_config_word ), \ - .pci_write_config_dword = \ - PCIAPI_INLINE ( _subsys, pci_write_config_dword ), \ - .pci_ioremap = PCIAPI_INLINE ( _subsys, pci_ioremap ), \ +#define PROVIDE_PCIAPI_RUNTIME( subsys, priority ) \ + struct pci_api pciapi_ ## subsys __pci_api ( priority ) = { \ + .name = #subsys, \ + .pci_can_probe = PCIAPI_INLINE ( subsys, pci_can_probe ), \ + .pci_discover = PCIAPI_INLINE ( subsys, pci_discover ), \ + .pci_read_config_byte = \ + PCIAPI_INLINE ( subsys, pci_read_config_byte ), \ + .pci_read_config_word = \ + PCIAPI_INLINE ( subsys, pci_read_config_word ), \ + .pci_read_config_dword = \ + PCIAPI_INLINE ( subsys, pci_read_config_dword ), \ + .pci_write_config_byte = \ + PCIAPI_INLINE ( subsys, pci_write_config_byte ), \ + .pci_write_config_word = \ + PCIAPI_INLINE ( subsys, pci_write_config_word ), \ + .pci_write_config_dword = \ + PCIAPI_INLINE ( subsys, pci_write_config_dword ), \ + .pci_ioremap = PCIAPI_INLINE ( subsys, pci_ioremap ), \ } #endif /* _IPXE_PCI_IO_H */ diff --git a/src/include/ipxe/pcibackup.h b/src/include/ipxe/pcibackup.h index e5249df99..a25421d7d 100644 --- a/src/include/ipxe/pcibackup.h +++ b/src/include/ipxe/pcibackup.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/pcibridge.h b/src/include/ipxe/pcibridge.h index c57a81067..3a278a0ca 100644 --- a/src/include/ipxe/pcibridge.h +++ b/src/include/ipxe/pcibridge.h @@ -34,6 +34,10 @@ struct pci_bridge { uint32_t membase; /** Memory limit */ uint32_t memlimit; + /** Prefetchable memory base */ + uint64_t prefmembase; + /** Prefetchable memory limit */ + uint64_t prefmemlimit; /** List of bridges */ struct list_head list; }; diff --git a/src/include/ipxe/pcicloud.h b/src/include/ipxe/pcicloud.h new file mode 100644 index 000000000..19d5147be --- /dev/null +++ b/src/include/ipxe/pcicloud.h @@ -0,0 +1,19 @@ +#ifndef _IPXE_PCICLOUD_H +#define _IPXE_PCICLOUD_H + +/** @file + * + * Cloud VM PCI configuration space access + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef PCIAPI_CLOUD +#define PCIAPI_PREFIX_cloud +#else +#define PCIAPI_PREFIX_cloud __cloud_ +#endif + +#endif /* _IPXE_PCICLOUD_H */ diff --git a/src/include/ipxe/pcimsix.h b/src/include/ipxe/pcimsix.h index aa2aaf017..a7a6899a9 100644 --- a/src/include/ipxe/pcimsix.h +++ b/src/include/ipxe/pcimsix.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/pci.h> @@ -40,6 +41,10 @@ struct pci_msix { void *table; /** Pending bit array */ void *pba; + /** Dummy message target */ + uint32_t *msg; + /** Dummy message target mapping */ + struct dma_mapping map; }; extern int pci_msix_enable ( struct pci_device *pci, struct pci_msix *msix ); diff --git a/src/include/ipxe/peerblk.h b/src/include/ipxe/peerblk.h index f16f207b0..596c78b57 100644 --- a/src/include/ipxe/peerblk.h +++ b/src/include/ipxe/peerblk.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/peerdisc.h b/src/include/ipxe/peerdisc.h index 45d592e76..9a8f13ecf 100644 --- a/src/include/ipxe/peerdisc.h +++ b/src/include/ipxe/peerdisc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/peermux.h b/src/include/ipxe/peermux.h index 54acbfec9..849488d0a 100644 --- a/src/include/ipxe/peermux.h +++ b/src/include/ipxe/peermux.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/list.h> diff --git a/src/include/ipxe/pem.h b/src/include/ipxe/pem.h index d88ec5b6f..95c55408b 100644 --- a/src/include/ipxe/pem.h +++ b/src/include/ipxe/pem.h @@ -8,9 +8,9 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> -#include <ipxe/uaccess.h> #include <ipxe/asn1.h> #include <ipxe/image.h> @@ -20,7 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** Post-encapsulation boundary marker */ #define PEM_END "-----END" -extern int pem_asn1 ( userptr_t data, size_t len, size_t offset, +extern int pem_asn1 ( const void *data, size_t len, size_t offset, struct asn1_cursor **cursor ); extern struct image_type pem_image_type __image_type ( PROBE_NORMAL ); diff --git a/src/include/ipxe/pending.h b/src/include/ipxe/pending.h index be6ed05a1..1ed10df18 100644 --- a/src/include/ipxe/pending.h +++ b/src/include/ipxe/pending.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** A pending operation */ struct pending_operation { diff --git a/src/include/ipxe/ping.h b/src/include/ipxe/ping.h index c55bd1ab2..7a45f1ab7 100644 --- a/src/include/ipxe/ping.h +++ b/src/include/ipxe/ping.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/iobuf.h> #include <ipxe/tcpip.h> diff --git a/src/include/ipxe/pinger.h b/src/include/ipxe/pinger.h index 227f002dc..ade12ec12 100644 --- a/src/include/ipxe/pinger.h +++ b/src/include/ipxe/pinger.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/interface.h> diff --git a/src/include/ipxe/pixbuf.h b/src/include/ipxe/pixbuf.h index 615744812..e2cbcdca7 100644 --- a/src/include/ipxe/pixbuf.h +++ b/src/include/ipxe/pixbuf.h @@ -8,10 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <ipxe/refcnt.h> -#include <ipxe/uaccess.h> /** A pixel buffer */ struct pixel_buffer { @@ -22,7 +22,9 @@ struct pixel_buffer { /** Height */ unsigned int height; /** 32-bit (8:8:8:8) xRGB pixel data, in host-endian order */ - userptr_t data; + uint32_t *data; + /** Total number of pixels */ + unsigned int pixels; /** Total length */ size_t len; }; @@ -49,6 +51,22 @@ pixbuf_put ( struct pixel_buffer *pixbuf ) { ref_put ( &pixbuf->refcnt ); } +/** + * Get pixel + * + * @v pixbuf Pixel buffer + * @v x X position + * @v y Y position + * @ret pixel Pixel + */ +static inline __attribute__ (( always_inline )) uint32_t * +pixbuf_pixel ( struct pixel_buffer *pixbuf, unsigned int x, unsigned int y ) { + unsigned int index; + + index = ( ( y * pixbuf->width ) + x ); + return &pixbuf->data[index]; +} + extern struct pixel_buffer * alloc_pixbuf ( unsigned int width, unsigned int height ); diff --git a/src/include/ipxe/png.h b/src/include/ipxe/png.h index 3505eefc8..31cac0534 100644 --- a/src/include/ipxe/png.h +++ b/src/include/ipxe/png.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> diff --git a/src/include/ipxe/pnm.h b/src/include/ipxe/pnm.h index 860968cbc..43f52cbdd 100644 --- a/src/include/ipxe/pnm.h +++ b/src/include/ipxe/pnm.h @@ -10,7 +10,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> -#include <ipxe/uaccess.h> #include <ipxe/image.h> /** PNM signature */ diff --git a/src/include/ipxe/pool.h b/src/include/ipxe/pool.h index 81ff57d75..fbd8567a9 100644 --- a/src/include/ipxe/pool.h +++ b/src/include/ipxe/pool.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> #include <ipxe/list.h> diff --git a/src/include/ipxe/posix_io.h b/src/include/ipxe/posix_io.h index 1a73b5e86..693e0ae34 100644 --- a/src/include/ipxe/posix_io.h +++ b/src/include/ipxe/posix_io.h @@ -10,7 +10,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> -#include <ipxe/uaccess.h> /** Minimum file descriptor that will ever be allocated */ #define POSIX_FD_MIN ( 1 ) @@ -22,8 +21,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); typedef uint32_t fd_set; extern int open ( const char *uri_string ); -extern ssize_t read_user ( int fd, userptr_t buffer, - off_t offset, size_t len ); +extern ssize_t read ( int fd, void *buf, size_t len ); extern int select ( fd_set *readfds, int wait ); extern ssize_t fsize ( int fd ); extern int close ( int fd ); @@ -72,16 +70,4 @@ FD_ISSET ( int fd, fd_set *set ) { return ( *set & ( 1 << fd ) ); } -/** - * Read data from file - * - * @v fd File descriptor - * @v buf Data buffer - * @v len Maximum length to read - * @ret len Actual length read, or negative error number - */ -static inline ssize_t read ( int fd, void *buf, size_t len ) { - return read_user ( fd, virt_to_user ( buf ), 0, len ); -} - #endif /* _IPXE_POSIX_IO_H */ diff --git a/src/include/ipxe/privkey.h b/src/include/ipxe/privkey.h index a65cf6106..56f23143e 100644 --- a/src/include/ipxe/privkey.h +++ b/src/include/ipxe/privkey.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/asn1.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/process.h b/src/include/ipxe/process.h index d5e13aa04..0ec94f9bc 100644 --- a/src/include/ipxe/process.h +++ b/src/include/ipxe/process.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> #include <ipxe/refcnt.h> diff --git a/src/include/ipxe/profile.h b/src/include/ipxe/profile.h index 2c69e1208..c7e6d54f2 100644 --- a/src/include/ipxe/profile.h +++ b/src/include/ipxe/profile.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <bits/profile.h> #include <ipxe/tables.h> @@ -60,6 +61,8 @@ struct profiler { #define __profiler #endif +unsigned long profile_timestamp ( void ); + extern unsigned long profile_excluded; extern void profile_update ( struct profiler *profiler, unsigned long sample ); diff --git a/src/include/ipxe/quiesce.h b/src/include/ipxe/quiesce.h index 00b530b83..a43628de0 100644 --- a/src/include/ipxe/quiesce.h +++ b/src/include/ipxe/quiesce.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> diff --git a/src/include/ipxe/random_nz.h b/src/include/ipxe/random_nz.h index 4c433fa38..2de1a1a33 100644 --- a/src/include/ipxe/random_nz.h +++ b/src/include/ipxe/random_nz.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/rbg.h b/src/include/ipxe/rbg.h index 758238a65..0b65a408c 100644 --- a/src/include/ipxe/rbg.h +++ b/src/include/ipxe/rbg.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/drbg.h> @@ -16,28 +17,13 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); struct random_bit_generator { /** DRBG state */ struct drbg_state state; + /** Startup has been attempted */ + int started; }; extern struct random_bit_generator rbg; -/** - * Generate bits using RBG - * - * @v additional Additional input - * @v additional_len Length of additional input - * @v prediction_resist Prediction resistance is required - * @v data Output buffer - * @v len Length of output buffer - * @ret rc Return status code - * - * This is the RBG_Generate function defined in ANS X9.82 Part 4 - * (April 2011 Draft) Section 9.1.2.2. - */ -static inline int rbg_generate ( const void *additional, size_t additional_len, - int prediction_resist, void *data, - size_t len ) { - return drbg_generate ( &rbg.state, additional, additional_len, - prediction_resist, data, len ); -} +extern int rbg_generate ( const void *additional, size_t additional_len, + int prediction_resist, void *data, size_t len ); #endif /* _IPXE_RBG_H */ diff --git a/src/include/ipxe/reboot.h b/src/include/ipxe/reboot.h index 33606d9d5..361988ff1 100644 --- a/src/include/ipxe/reboot.h +++ b/src/include/ipxe/reboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/api.h> #include <config/reboot.h> @@ -51,9 +52,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** * Reboot system * - * @v warm Perform a warm reboot + * @v flags Reboot flags */ -void reboot ( int warm ); +void reboot ( int flags ); + +#define REBOOT_WARM 0x00000001 /**< Perform a warm reboot */ +#define REBOOT_SETUP 0x00000002 /**< Reboot to firmware setup */ /** * Power off system diff --git a/src/include/ipxe/refcnt.h b/src/include/ipxe/refcnt.h index 7f489abc9..dff67bf58 100644 --- a/src/include/ipxe/refcnt.h +++ b/src/include/ipxe/refcnt.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <assert.h> diff --git a/src/include/ipxe/resolv.h b/src/include/ipxe/resolv.h index ff48d35ca..3f26577c6 100644 --- a/src/include/ipxe/resolv.h +++ b/src/include/ipxe/resolv.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/retry.h b/src/include/ipxe/retry.h index 76d45fbd0..6817bf4c9 100644 --- a/src/include/ipxe/retry.h +++ b/src/include/ipxe/retry.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> diff --git a/src/include/ipxe/rndis.h b/src/include/ipxe/rndis.h index e8ece1e85..bd64eddfe 100644 --- a/src/include/ipxe/rndis.h +++ b/src/include/ipxe/rndis.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/rootcert.h b/src/include/ipxe/rootcert.h index d4be2e1bc..f07c612ff 100644 --- a/src/include/ipxe/rootcert.h +++ b/src/include/ipxe/rootcert.h @@ -8,9 +8,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/x509.h> +extern const int allow_trust_override; extern struct x509_root root_certificates; #endif /* _IPXE_ROOTCERT_H */ diff --git a/src/include/ipxe/rotate.h b/src/include/ipxe/rotate.h index 4dea09aeb..77a87dffd 100644 --- a/src/include/ipxe/rotate.h +++ b/src/include/ipxe/rotate.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/rsa.h b/src/include/ipxe/rsa.h index a1b5e0c03..c5ae919ae 100644 --- a/src/include/ipxe/rsa.h +++ b/src/include/ipxe/rsa.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdarg.h> #include <ipxe/crypto.h> @@ -55,31 +56,6 @@ struct rsa_digestinfo_prefix { /** Declare an RSA digestInfo prefix */ #define __rsa_digestinfo_prefix __table_entry ( RSA_DIGESTINFO_PREFIXES, 01 ) -/** An RSA context */ -struct rsa_context { - /** Allocated memory */ - void *dynamic; - /** Modulus */ - bigint_element_t *modulus0; - /** Modulus size */ - unsigned int size; - /** Modulus length */ - size_t max_len; - /** Exponent */ - bigint_element_t *exponent0; - /** Exponent size */ - unsigned int exponent_size; - /** Input buffer */ - bigint_element_t *input0; - /** Output buffer */ - bigint_element_t *output0; - /** Temporary working space for modular exponentiation */ - void *tmp; -}; - -/** RSA context size */ -#define RSA_CTX_SIZE sizeof ( struct rsa_context ) - extern struct pubkey_algorithm rsa_algorithm; #endif /* _IPXE_RSA_H */ diff --git a/src/include/ipxe/sanboot.h b/src/include/ipxe/sanboot.h index e44367cdb..ea44191c2 100644 --- a/src/include/ipxe/sanboot.h +++ b/src/include/ipxe/sanboot.h @@ -10,6 +10,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/api.h> #include <ipxe/refcnt.h> @@ -261,9 +262,9 @@ extern struct san_device * sandev_next ( unsigned int drive ); extern int sandev_reopen ( struct san_device *sandev ); extern int sandev_reset ( struct san_device *sandev ); extern int sandev_read ( struct san_device *sandev, uint64_t lba, - unsigned int count, userptr_t buffer ); + unsigned int count, void *buffer ); extern int sandev_write ( struct san_device *sandev, uint64_t lba, - unsigned int count, userptr_t buffer ); + unsigned int count, void *buffer ); extern struct san_device * alloc_sandev ( struct uri **uris, unsigned int count, size_t priv_size ); extern int register_sandev ( struct san_device *sandev, unsigned int drive, diff --git a/src/include/ipxe/sbat.h b/src/include/ipxe/sbat.h index 4b74670ed..b708215c1 100644 --- a/src/include/ipxe/sbat.h +++ b/src/include/ipxe/sbat.h @@ -19,6 +19,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** * A single line within an SBAT CSV file diff --git a/src/include/ipxe/script.h b/src/include/ipxe/script.h index 7e7a9a3a4..59a42c66f 100644 --- a/src/include/ipxe/script.h +++ b/src/include/ipxe/script.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/image.h> diff --git a/src/include/ipxe/scsi.h b/src/include/ipxe/scsi.h index 28b55b2d5..858f63547 100644 --- a/src/include/ipxe/scsi.h +++ b/src/include/ipxe/scsi.h @@ -2,7 +2,6 @@ #define _IPXE_SCSI_H #include <stdint.h> -#include <ipxe/uaccess.h> #include <ipxe/interface.h> /** @file @@ -12,6 +11,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** Maximum block for READ/WRITE (10) commands */ #define SCSI_MAX_BLOCK_10 0xffffffffULL @@ -252,14 +252,14 @@ struct scsi_cmd { /** CDB for this command */ union scsi_cdb cdb; /** Data-out buffer (may be NULL) */ - userptr_t data_out; + void *data_out; /** Data-out buffer length * * Must be zero if @c data_out is NULL */ size_t data_out_len; /** Data-in buffer (may be NULL) */ - userptr_t data_in; + void *data_in; /** Data-in buffer length * * Must be zero if @c data_in is NULL diff --git a/src/include/ipxe/segment.h b/src/include/ipxe/segment.h index 9d5ecbd9b..b37c93c93 100644 --- a/src/include/ipxe/segment.h +++ b/src/include/ipxe/segment.h @@ -10,8 +10,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); -#include <ipxe/uaccess.h> +#include <stdint.h> -extern int prep_segment ( userptr_t segment, size_t filesz, size_t memsz ); +extern int prep_segment ( void *segment, size_t filesz, size_t memsz ); #endif /* _IPXE_SEGMENT_H */ diff --git a/src/include/ipxe/serial.h b/src/include/ipxe/serial.h index 83be59c31..04347a89e 100644 --- a/src/include/ipxe/serial.h +++ b/src/include/ipxe/serial.h @@ -9,8 +9,64 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +#include <ipxe/api.h> #include <ipxe/uart.h> +#include <config/serial.h> -extern struct uart serial_console; +#ifdef SERIAL_NULL +#define SERIAL_PREFIX_null +#else +#define SERIAL_PREFIX_null __null_ +#endif + +/** + * Calculate static inline serial API function name + * + * @v _prefix Subsystem prefix + * @v _api_func API function + * @ret _subsys_func Subsystem API function + */ +#define SERIAL_INLINE( _subsys, _api_func ) \ + SINGLE_API_INLINE ( SERIAL_PREFIX_ ## _subsys, _api_func ) + +/** + * Provide a serial API implementation + * + * @v _prefix Subsystem prefix + * @v _api_func API function + * @v _func Implementing function + */ +#define PROVIDE_SERIAL( _subsys, _api_func, _func ) \ + PROVIDE_SINGLE_API ( SERIAL_PREFIX_ ## _subsys, _api_func, _func ) + +/** + * Provide a static inline serial API implementation + * + * @v _prefix Subsystem prefix + * @v _api_func API function + */ +#define PROVIDE_SERIAL_INLINE( _subsys, _api_func ) \ + PROVIDE_SINGLE_API_INLINE ( SERIAL_PREFIX_ ## _subsys, _api_func ) + +/** + * Get null serial console UART + * + * @ret uart Serial console UART, or NULL + */ +static inline __always_inline struct uart * +SERIAL_INLINE ( null, default_serial_console ) ( void ) { + return NULL; +} + +/** + * Get serial console UART + * + * @ret uart Serial console UART, or NULL + */ +struct uart * default_serial_console ( void ); + +extern struct uart *serial_console; + +extern struct uart * fixed_serial_console ( void ); #endif /* _IPXE_SERIAL_H */ diff --git a/src/include/ipxe/settings.h b/src/include/ipxe/settings.h index ccb5e99f1..585cb73ad 100644 --- a/src/include/ipxe/settings.h +++ b/src/include/ipxe/settings.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/tables.h> @@ -438,6 +439,8 @@ netmask_setting __setting ( SETTING_IP4, netmask ); extern const struct setting gateway_setting __setting ( SETTING_IP4, gateway ); extern const struct setting +static_route_setting __setting ( SETTING_IP4, static_routes ); +extern const struct setting dns_setting __setting ( SETTING_IP4_EXTRA, dns ); extern const struct setting ip6_setting __setting ( SETTING_IP6, ip6 ); diff --git a/src/include/ipxe/settings_ui.h b/src/include/ipxe/settings_ui.h index 0bf21935d..41e3351bc 100644 --- a/src/include/ipxe/settings_ui.h +++ b/src/include/ipxe/settings_ui.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct settings; diff --git a/src/include/ipxe/sha1.h b/src/include/ipxe/sha1.h index 9cbbebdee..33b07ecc3 100644 --- a/src/include/ipxe/sha1.h +++ b/src/include/ipxe/sha1.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/sha256.h b/src/include/ipxe/sha256.h index f226ad07b..e8a81b889 100644 --- a/src/include/ipxe/sha256.h +++ b/src/include/ipxe/sha256.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/sha512.h b/src/include/ipxe/sha512.h index 82a9e4e69..74cdb413c 100644 --- a/src/include/ipxe/sha512.h +++ b/src/include/ipxe/sha512.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/crypto.h> diff --git a/src/include/ipxe/shell.h b/src/include/ipxe/shell.h index 0d574e028..cbea7b319 100644 --- a/src/include/ipxe/shell.h +++ b/src/include/ipxe/shell.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** Shell stop states */ enum shell_stop_state { diff --git a/src/include/ipxe/smbios.h b/src/include/ipxe/smbios.h index 077a67a85..5e431504a 100644 --- a/src/include/ipxe/smbios.h +++ b/src/include/ipxe/smbios.h @@ -8,11 +8,11 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/api.h> #include <config/general.h> -#include <ipxe/uaccess.h> /** * Provide an SMBIOS API implementation @@ -25,6 +25,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); PROVIDE_SINGLE_API ( SMBIOS_PREFIX_ ## _subsys, _api_func, _func ) /* Include all architecture-independent SMBIOS API headers */ +#include <ipxe/null_smbios.h> #include <ipxe/efi/efi_smbios.h> #include <ipxe/linux/linux_smbios.h> @@ -125,16 +126,6 @@ struct smbios_header { uint16_t handle; } __attribute__ (( packed )); -/** SMBIOS structure descriptor */ -struct smbios_structure { - /** Copy of SMBIOS structure header */ - struct smbios_header header; - /** Offset of structure within SMBIOS */ - size_t offset; - /** Length of strings section */ - size_t strings_len; -}; - /** SMBIOS system information structure */ struct smbios_system_information { /** SMBIOS structure header */ @@ -206,7 +197,7 @@ struct smbios_enclosure_information { */ struct smbios { /** Start of SMBIOS structures */ - userptr_t address; + const void *address; /** Length of SMBIOS structures */ size_t len; /** Number of SMBIOS structures */ @@ -225,17 +216,14 @@ struct smbios { #define SMBIOS_VERSION( major, minor ) ( ( (major) << 8 ) | (minor) ) extern int find_smbios ( struct smbios *smbios ); -extern int find_smbios_entry ( userptr_t start, size_t len, - struct smbios_entry *entry ); -extern int find_smbios3_entry ( userptr_t start, size_t len, - struct smbios3_entry *entry ); -extern int find_smbios_structure ( unsigned int type, unsigned int instance, - struct smbios_structure *structure ); -extern int read_smbios_structure ( struct smbios_structure *structure, - void *data, size_t len ); -extern int read_smbios_string ( struct smbios_structure *structure, - unsigned int index, - void *data, size_t len ); +extern const struct smbios_entry * find_smbios_entry ( const void *start, + size_t len ); +extern const struct smbios3_entry * find_smbios3_entry ( const void *start, + size_t len ); +extern const struct smbios_header * smbios_structure ( unsigned int type, + unsigned int instance ); +extern const char * smbios_string ( const struct smbios_header *header, + unsigned int index ); extern int smbios_version ( void ); extern void smbios_clear ( void ); diff --git a/src/include/ipxe/socket.h b/src/include/ipxe/socket.h index 8c70ea4c0..f0e80a712 100644 --- a/src/include/ipxe/socket.h +++ b/src/include/ipxe/socket.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/spcr.h b/src/include/ipxe/spcr.h new file mode 100644 index 000000000..366092ade --- /dev/null +++ b/src/include/ipxe/spcr.h @@ -0,0 +1,91 @@ +#ifndef _IPXE_SPCR_H +#define _IPXE_SPCR_H + +/** @file + * + * ACPI Serial Port Console Redirection (SPCR) + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include <stdint.h> +#include <ipxe/acpi.h> + +/** Serial Port Console Redirection table signature */ +#define SPCR_SIGNATURE ACPI_SIGNATURE ( 'S', 'P', 'C', 'R' ) + +/** A Serial Port Console Redirection table */ +struct spcr_table { + /** ACPI header */ + struct acpi_header acpi; + /** Interface type */ + uint8_t type; + /** Reserved */ + uint8_t reserved_a[3]; + /** Base address */ + struct acpi_address base; + /** Reserved */ + uint8_t reserved_b[6]; + /** Baud rate + * + * 0: leave unchanged + * 1: 2400 = 115200 / 48 (not defined in standard) + * 2: 4800 = 115200 / 24 (not defined in standard) + * 3: 9600 = 115200 / 12 + * 4: 19200 = 115200 / 6 + * 5: 38400 = 115200 / 3 (not defined in standard) + * 6: 57600 = 115200 / 2 + * 7: 115200 = 115200 / 1 + */ + uint8_t baud; + /** Parity */ + uint8_t parity; + /** Stop bits */ + uint8_t stop; + /** Flow control */ + uint8_t flow; + /** Terminal type */ + uint8_t terminal; + /** Language */ + uint8_t lang; + /** PCI device ID */ + uint16_t pci_device_id; + /** PCI vendor ID */ + uint16_t pci_vendor_id; + /** PCI bus number */ + uint8_t pci_bus; + /** PCI device number */ + uint8_t pci_dev; + /** PCI function number */ + uint8_t pci_func; + /** Reserved */ + uint8_t reserved_c[4]; + /** PCI segment */ + uint8_t pci_segment; + /** Clock frequency */ + uint32_t clock; + /** Precise baud rate */ + uint32_t precise; + /** Reserved */ + uint8_t reserved_d[4]; +} __attribute__ (( packed )); + +/* SPCR interface types */ +#define SPCR_TYPE_16550 0x0000 /**< 16550-compatible */ +#define SPCR_TYPE_16450 0x0001 /**< 16450-compatible */ +#define SPCR_TYPE_16550_GAS 0x0012 /**< 16550-compatible */ + +/** SPCR baud rates */ +enum spcr_baud { + SPCR_BAUD_2400 = 1, + SPCR_BAUD_4800 = 2, + SPCR_BAUD_9600 = 3, + SPCR_BAUD_19200 = 4, + SPCR_BAUD_38400 = 5, + SPCR_BAUD_57600 = 6, + SPCR_BAUD_115200 = 7, + SPCR_BAUD_MAX +}; + +#endif /* _IPXE_SPCR_H */ diff --git a/src/include/ipxe/srp.h b/src/include/ipxe/srp.h index 1f66a22b2..c2450038f 100644 --- a/src/include/ipxe/srp.h +++ b/src/include/ipxe/srp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD2 ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> diff --git a/src/include/ipxe/stp.h b/src/include/ipxe/stp.h index 3d85e5ba4..b30e09d20 100644 --- a/src/include/ipxe/stp.h +++ b/src/include/ipxe/stp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/if_ether.h> diff --git a/src/include/ipxe/string.h b/src/include/ipxe/string.h index a8cbe8faa..593ced230 100644 --- a/src/include/ipxe/string.h +++ b/src/include/ipxe/string.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern unsigned int digit_value ( unsigned int digit ); diff --git a/src/include/ipxe/syslog.h b/src/include/ipxe/syslog.h index 138440d66..67f45fdb4 100644 --- a/src/include/ipxe/syslog.h +++ b/src/include/ipxe/syslog.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <syslog.h> diff --git a/src/include/ipxe/tables.h b/src/include/ipxe/tables.h index ac17f4b4b..d0f88cf56 100644 --- a/src/include/ipxe/tables.h +++ b/src/include/ipxe/tables.h @@ -2,6 +2,7 @@ #define _IPXE_TABLES_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** @page ifdef_harmful #ifdef considered harmful * diff --git a/src/include/ipxe/tcp.h b/src/include/ipxe/tcp.h index 1f65a3d92..14e8169e0 100644 --- a/src/include/ipxe/tcp.h +++ b/src/include/ipxe/tcp.h @@ -10,6 +10,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tcpip.h> @@ -439,6 +440,23 @@ static inline int tcp_in_window ( uint32_t seq, uint32_t start, */ #define TCP_FINISH_TIMEOUT ( 1 * TICKS_PER_SEC ) +/** TCP statistics */ +struct tcp_statistics { + /** Number of packets received */ + unsigned long in_segs; + /** Total number of packets discarded due to lack of memory */ + unsigned long in_discards; + /** Total number of packets received out of order */ + unsigned long in_out_of_order; + + /** Number of octets received (including duplicate data) */ + unsigned long in_octets; + /** Number of octets processed and passed to upper layer */ + unsigned long in_octets_good; +}; + extern struct tcpip_protocol tcp_protocol __tcpip_protocol; +extern struct tcp_statistics tcp_stats; + #endif /* _IPXE_TCP_H */ diff --git a/src/include/ipxe/tcpip.h b/src/include/ipxe/tcpip.h index 414daad53..cfee7aa1e 100644 --- a/src/include/ipxe/tcpip.h +++ b/src/include/ipxe/tcpip.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/socket.h> diff --git a/src/include/ipxe/tftp.h b/src/include/ipxe/tftp.h index e3661e1ac..fa029e234 100644 --- a/src/include/ipxe/tftp.h +++ b/src/include/ipxe/tftp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/time.h b/src/include/ipxe/time.h index 89bf90e03..1b6f5daff 100644 --- a/src/include/ipxe/time.h +++ b/src/include/ipxe/time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <sys/time.h> #include <ipxe/api.h> diff --git a/src/include/ipxe/timer.h b/src/include/ipxe/timer.h index a6dffaf1c..72ddc9d28 100644 --- a/src/include/ipxe/timer.h +++ b/src/include/ipxe/timer.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/tables.h> diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index cf3277820..b4a92a044 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/refcnt.h> @@ -96,10 +97,16 @@ struct tls_header { #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009d #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009e #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009f +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xc009 +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xc00a #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xc013 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xc014 +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xc023 +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xc024 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xc027 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xc028 +#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xc02b +#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xc02c #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030 @@ -113,6 +120,7 @@ struct tls_header { /* TLS signature algorithm identifiers */ #define TLS_RSA_ALGORITHM 1 +#define TLS_ECDSA_ALGORITHM 3 /* TLS server name extension */ #define TLS_SERVER_NAME 0 @@ -127,11 +135,16 @@ struct tls_header { /* TLS named curve extension */ #define TLS_NAMED_CURVE 10 +#define TLS_NAMED_CURVE_SECP256R1 23 +#define TLS_NAMED_CURVE_SECP384R1 24 #define TLS_NAMED_CURVE_X25519 29 /* TLS signature algorithms extension */ #define TLS_SIGNATURE_ALGORITHMS 13 +/* TLS extended master secret extension */ +#define TLS_EXTENDED_MASTER_SECRET 23 + /* TLS session ticket extension */ #define TLS_SESSION_TICKET 35 @@ -218,12 +231,19 @@ struct tls_cipher_suite { /** TLS named curved type */ #define TLS_NAMED_CURVE_TYPE 3 +/** TLS uncompressed curve point format */ +#define TLS_POINT_FORMAT_UNCOMPRESSED 4 + /** A TLS named curve */ struct tls_named_curve { /** Elliptic curve */ struct elliptic_curve *curve; /** Numeric code (in network-endian order) */ uint16_t code; + /** Curve point format byte (if any) */ + uint8_t format; + /** Pre-master secret length */ + uint8_t pre_master_secret_len; }; /** TLS named curve table */ @@ -240,8 +260,6 @@ struct tls_cipherspec { struct tls_cipher_suite *suite; /** Dynamically-allocated storage */ void *dynamic; - /** Public key encryption context */ - void *pubkey_ctx; /** Bulk encryption cipher context */ void *cipher_ctx; /** MAC secret */ @@ -250,6 +268,14 @@ struct tls_cipherspec { void *fixed_iv; }; +/** A TLS cipher specification pair */ +struct tls_cipherspec_pair { + /** Current cipher specification */ + struct tls_cipherspec active; + /** Next cipher specification */ + struct tls_cipherspec pending; +}; + /** A TLS signature and hash algorithm identifier */ struct tls_signature_hash_id { /** Hash algorithm */ @@ -335,11 +361,77 @@ struct tls_session { size_t ticket_len; /** Master secret */ uint8_t master_secret[48]; + /** Extended master secret flag */ + int extended_master_secret; /** List of connections */ struct list_head conn; }; +/** TLS transmit state */ +struct tls_tx { + /** Cipher specifications */ + struct tls_cipherspec_pair cipherspec; + /** Sequence number */ + uint64_t seq; + /** Pending transmissions */ + unsigned int pending; + /** Transmit process */ + struct process process; +}; + +/** TLS receive state */ +struct tls_rx { + /** Cipher specifications */ + struct tls_cipherspec_pair cipherspec; + /** Sequence number */ + uint64_t seq; + /** State machine current state */ + enum tls_rx_state state; + /** Current received record header */ + struct tls_header header; + /** Current received record header (static I/O buffer) */ + struct io_buffer iobuf; + /** List of received data buffers */ + struct list_head data; + /** Received handshake fragment */ + struct io_buffer *handshake; +}; + +/** TLS client state */ +struct tls_client { + /** Random bytes */ + struct tls_client_random random; + /** Private key (if used) */ + struct private_key *key; + /** Certificate chain (if used) */ + struct x509_chain *chain; + /** Security negotiation pending operation */ + struct pending_operation negotiation; +}; + +/** TLS server state */ +struct tls_server { + /** Random bytes */ + uint8_t random[32]; + /** Server Key Exchange record (if any) */ + void *exchange; + /** Server Key Exchange record length */ + size_t exchange_len; + /** Root of trust */ + struct x509_root *root; + /** Certificate chain */ + struct x509_chain *chain; + /** Public key (within server certificate) */ + struct asn1_cursor key; + /** Certificate validator */ + struct interface validator; + /** Certificate validation pending operation */ + struct pending_operation validation; + /** Security negotiation pending operation */ + struct pending_operation negotiation; +}; + /** A TLS connection */ struct tls_connection { /** Reference counter */ @@ -365,71 +457,39 @@ struct tls_connection { /** Protocol version */ uint16_t version; - /** Current TX cipher specification */ - struct tls_cipherspec tx_cipherspec; - /** Next TX cipher specification */ - struct tls_cipherspec tx_cipherspec_pending; - /** Current RX cipher specification */ - struct tls_cipherspec rx_cipherspec; - /** Next RX cipher specification */ - struct tls_cipherspec rx_cipherspec_pending; /** Master secret */ uint8_t master_secret[48]; - /** Server random bytes */ - uint8_t server_random[32]; - /** Client random bytes */ - struct tls_client_random client_random; - /** Server Key Exchange record (if any) */ - void *server_key; - /** Server Key Exchange record length */ - size_t server_key_len; /** Digest algorithm used for handshake verification */ struct digest_algorithm *handshake_digest; /** Digest algorithm context used for handshake verification */ uint8_t *handshake_ctx; - /** Private key */ - struct private_key *key; - /** Client certificate chain (if used) */ - struct x509_chain *certs; /** Secure renegotiation flag */ int secure_renegotiation; + /** Extended master secret flag */ + int extended_master_secret; /** Verification data */ struct tls_verify_data verify; - /** Root of trust */ - struct x509_root *root; - /** Server certificate chain */ - struct x509_chain *chain; - /** Certificate validator */ - struct interface validator; - - /** Client security negotiation pending operation */ - struct pending_operation client_negotiation; - /** Server security negotiation pending operation */ - struct pending_operation server_negotiation; - /** Certificate validation pending operation */ - struct pending_operation validation; + /** Transmit state */ + struct tls_tx tx; + /** Receive state */ + struct tls_rx rx; + /** Client state */ + struct tls_client client; + /** Server state */ + struct tls_server server; +}; - /** TX sequence number */ - uint64_t tx_seq; - /** TX pending transmissions */ - unsigned int tx_pending; - /** TX process */ - struct process process; +/** Advertised maximum fragment length */ +#define TLS_MAX_FRAGMENT_LENGTH_VALUE TLS_MAX_FRAGMENT_LENGTH_4096 - /** RX sequence number */ - uint64_t rx_seq; - /** RX state */ - enum tls_rx_state rx_state; - /** Current received record header */ - struct tls_header rx_header; - /** Current received record header (static I/O buffer) */ - struct io_buffer rx_header_iobuf; - /** List of received data buffers */ - struct list_head rx_data; - /** Received handshake fragment */ - struct io_buffer *rx_handshake; -}; +/** TX maximum fragment length + * + * TLS requires us to limit our transmitted records to the maximum + * fragment length that we attempt to negotiate, even if the server + * does not respect this choice. + */ +#define TLS_TX_BUFSIZE 4096 /** RX I/O buffer size * diff --git a/src/include/ipxe/uaccess.h b/src/include/ipxe/uaccess.h index a3f78566a..1b0dc9de7 100644 --- a/src/include/ipxe/uaccess.h +++ b/src/include/ipxe/uaccess.h @@ -6,186 +6,20 @@ * * Access to external ("user") memory * - * iPXE often needs to transfer data between internal and external - * buffers. On i386, the external buffers may require access via a - * different segment, and the buffer address cannot be encoded into a - * simple void * pointer. The @c userptr_t type encapsulates the - * information needed to identify an external buffer, and the - * copy_to_user() and copy_from_user() functions provide methods for - * transferring data between internal and external buffers. - * - * Note that userptr_t is an opaque type; in particular, performing - * arithmetic upon a userptr_t is not allowed. - * */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> -#include <string.h> #include <ipxe/api.h> #include <config/ioapi.h> -/** - * A pointer to a user buffer - * - */ -typedef unsigned long userptr_t; - -/** Equivalent of NULL for user pointers */ -#define UNULL ( ( userptr_t ) 0 ) - -/** - * @defgroup uaccess_trivial Trivial user access API implementations - * - * User access API implementations that can be used by environments in - * which virtual addresses allow access to all of memory. - * - * @{ - * - */ - -/** - * Convert virtual address to user pointer - * - * @v addr Virtual address - * @ret userptr User pointer - */ -static inline __always_inline userptr_t -trivial_virt_to_user ( volatile const void *addr ) { - return ( ( userptr_t ) addr ); -} - -/** - * Convert user pointer to virtual address - * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret addr Virtual address - * - * This operation is not available under all memory models. - */ -static inline __always_inline void * -trivial_user_to_virt ( userptr_t userptr, off_t offset ) { - return ( ( void * ) userptr + offset ); -} - -/** - * Add offset to user pointer - * - * @v userptr User pointer - * @v offset Offset - * @ret userptr New pointer value - */ -static inline __always_inline userptr_t -trivial_userptr_add ( userptr_t userptr, off_t offset ) { - return ( userptr + offset ); -} - -/** - * Subtract user pointers - * - * @v userptr User pointer - * @v subtrahend User pointer to be subtracted - * @ret offset Offset - */ -static inline __always_inline off_t -trivial_userptr_sub ( userptr_t userptr, userptr_t subtrahend ) { - return ( userptr - subtrahend ); -} - -/** - * Copy data between user buffers - * - * @v dest Destination - * @v dest_off Destination offset - * @v src Source - * @v src_off Source offset - * @v len Length - */ -static inline __always_inline void -trivial_memcpy_user ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, size_t len ) { - memcpy ( ( ( void * ) dest + dest_off ), - ( ( void * ) src + src_off ), len ); -} - -/** - * Copy data between user buffers, allowing for overlap - * - * @v dest Destination - * @v dest_off Destination offset - * @v src Source - * @v src_off Source offset - * @v len Length - */ -static inline __always_inline void -trivial_memmove_user ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, size_t len ) { - memmove ( ( ( void * ) dest + dest_off ), - ( ( void * ) src + src_off ), len ); -} - -/** - * Compare data between user buffers - * - * @v first First buffer - * @v first_off First buffer offset - * @v second Second buffer - * @v second_off Second buffer offset - * @v len Length - * @ret diff Difference - */ -static inline __always_inline int -trivial_memcmp_user ( userptr_t first, off_t first_off, - userptr_t second, off_t second_off, size_t len ) { - return memcmp ( ( ( void * ) first + first_off ), - ( ( void * ) second + second_off ), len ); -} - -/** - * Fill user buffer with a constant byte - * - * @v buffer User buffer - * @v offset Offset within buffer - * @v c Constant byte with which to fill - * @v len Length - */ -static inline __always_inline void -trivial_memset_user ( userptr_t buffer, off_t offset, int c, size_t len ) { - memset ( ( ( void * ) buffer + offset ), c, len ); -} - -/** - * Find length of NUL-terminated string in user buffer - * - * @v buffer User buffer - * @v offset Offset within buffer - * @ret len Length of string (excluding NUL) - */ -static inline __always_inline size_t -trivial_strlen_user ( userptr_t buffer, off_t offset ) { - return strlen ( ( void * ) buffer + offset ); -} - -/** - * Find character in user buffer - * - * @v buffer User buffer - * @v offset Starting offset within buffer - * @v c Character to search for - * @v len Length of user buffer - * @ret offset Offset of character, or <0 if not found - */ -static inline __always_inline off_t -trivial_memchr_user ( userptr_t buffer, off_t offset, int c, size_t len ) { - void *found; - - found = memchr ( ( ( void * ) buffer + offset ), c, len ); - return ( found ? ( found - ( void * ) buffer ) : -1 ); -} - -/** @} */ +#ifdef UACCESS_FLAT +#define UACCESS_PREFIX_flat +#else +#define UACCESS_PREFIX_flat __flat_ +#endif /** * Calculate static inline user access API function name @@ -216,181 +50,40 @@ trivial_memchr_user ( userptr_t buffer, off_t offset, int c, size_t len ) { #define PROVIDE_UACCESS_INLINE( _subsys, _api_func ) \ PROVIDE_SINGLE_API_INLINE ( UACCESS_PREFIX_ ## _subsys, _api_func ) +static inline __always_inline void * +UACCESS_INLINE ( flat, phys_to_virt ) ( physaddr_t phys ) { + return ( ( void * ) phys ); +} + +static inline __always_inline physaddr_t +UACCESS_INLINE ( flat, virt_to_phys ) ( volatile const void *virt ) { + return ( ( physaddr_t ) virt ); +} + /* Include all architecture-independent user access API headers */ -#include <ipxe/efi/efi_uaccess.h> +#include <ipxe/virt_offset.h> #include <ipxe/linux/linux_uaccess.h> /* Include all architecture-dependent user access API headers */ #include <bits/uaccess.h> /** - * Convert physical address to user pointer - * - * @v phys_addr Physical address - * @ret userptr User pointer - */ -userptr_t phys_to_user ( unsigned long phys_addr ); - -/** - * Convert user pointer to physical address - * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret phys_addr Physical address - */ -unsigned long user_to_phys ( userptr_t userptr, off_t offset ); - -/** - * Convert virtual address to user pointer - * - * @v addr Virtual address - * @ret userptr User pointer - */ -userptr_t virt_to_user ( volatile const void *addr ); - -/** - * Convert user pointer to virtual address - * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret addr Virtual address - * - * This operation is not available under all memory models. - */ -void * user_to_virt ( userptr_t userptr, off_t offset ); - -/** - * Add offset to user pointer - * - * @v userptr User pointer - * @v offset Offset - * @ret userptr New pointer value - */ -userptr_t userptr_add ( userptr_t userptr, off_t offset ); - -/** - * Subtract user pointers - * - * @v userptr User pointer - * @v subtrahend User pointer to be subtracted - * @ret offset Offset - */ -off_t userptr_sub ( userptr_t userptr, userptr_t subtrahend ); - -/** * Convert virtual address to a physical address * - * @v addr Virtual address - * @ret phys_addr Physical address + * @v virt Virtual address + * @ret phys Physical address */ -static inline __always_inline unsigned long -virt_to_phys ( volatile const void *addr ) { - return user_to_phys ( virt_to_user ( addr ), 0 ); -} +physaddr_t __attribute__ (( const )) +virt_to_phys ( volatile const void *virt ); /** * Convert physical address to a virtual address * - * @v addr Virtual address - * @ret phys_addr Physical address + * @v phys Physical address + * @ret virt Virtual address * * This operation is not available under all memory models. */ -static inline __always_inline void * phys_to_virt ( unsigned long phys_addr ) { - return user_to_virt ( phys_to_user ( phys_addr ), 0 ); -} - -/** - * Copy data between user buffers - * - * @v dest Destination - * @v dest_off Destination offset - * @v src Source - * @v src_off Source offset - * @v len Length - */ -void memcpy_user ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, size_t len ); - -/** - * Copy data to user buffer - * - * @v dest Destination - * @v dest_off Destination offset - * @v src Source - * @v len Length - */ -static inline __always_inline void -copy_to_user ( userptr_t dest, off_t dest_off, const void *src, size_t len ) { - memcpy_user ( dest, dest_off, virt_to_user ( src ), 0, len ); -} - -/** - * Copy data from user buffer - * - * @v dest Destination - * @v src Source - * @v src_off Source offset - * @v len Length - */ -static inline __always_inline void -copy_from_user ( void *dest, userptr_t src, off_t src_off, size_t len ) { - memcpy_user ( virt_to_user ( dest ), 0, src, src_off, len ); -} - -/** - * Copy data between user buffers, allowing for overlap - * - * @v dest Destination - * @v dest_off Destination offset - * @v src Source - * @v src_off Source offset - * @v len Length - */ -void memmove_user ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, size_t len ); - -/** - * Compare data between user buffers - * - * @v first First buffer - * @v first_off First buffer offset - * @v second Second buffer - * @v second_off Second buffer offset - * @v len Length - * @ret diff Difference - */ -int memcmp_user ( userptr_t first, off_t first_off, - userptr_t second, off_t second_off, size_t len ); - -/** - * Fill user buffer with a constant byte - * - * @v userptr User buffer - * @v offset Offset within buffer - * @v c Constant byte with which to fill - * @v len Length - */ -void memset_user ( userptr_t userptr, off_t offset, int c, size_t len ); - -/** - * Find length of NUL-terminated string in user buffer - * - * @v userptr User buffer - * @v offset Offset within buffer - * @ret len Length of string (excluding NUL) - */ -size_t strlen_user ( userptr_t userptr, off_t offset ); - -/** - * Find character in user buffer - * - * @v userptr User buffer - * @v offset Starting offset within buffer - * @v c Character to search for - * @v len Length of user buffer - * @ret offset Offset of character, or <0 if not found - */ -off_t memchr_user ( userptr_t userptr, off_t offset, int c, size_t len ); +void * __attribute__ (( const )) phys_to_virt ( physaddr_t phys ); #endif /* _IPXE_UACCESS_H */ diff --git a/src/include/ipxe/uart.h b/src/include/ipxe/uart.h index c63eae615..f2ecf3ce9 100644 --- a/src/include/ipxe/uart.h +++ b/src/include/ipxe/uart.h @@ -3,130 +3,175 @@ /** @file * - * 16550-compatible UART + * Generic UART * */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <stdint.h> +#include <ipxe/refcnt.h> +#include <ipxe/list.h> -/** Transmitter holding register */ -#define UART_THR 0x00 - -/** Receiver buffer register */ -#define UART_RBR 0x00 - -/** Interrupt enable register */ -#define UART_IER 0x01 +/** A generic UART */ +struct uart { + /** Reference count */ + struct refcnt refcnt; + /** Name */ + const char *name; + /** List of registered UARTs */ + struct list_head list; + + /** Baud rate (if specified) */ + unsigned int baud; + + /** UART operations */ + struct uart_operations *op; + /** Driver-private data */ + void *priv; +}; -/** FIFO control register */ -#define UART_FCR 0x02 -#define UART_FCR_FE 0x01 /**< FIFO enable */ +/** UART operations */ +struct uart_operations { + /** + * Transmit byte + * + * @v uart UART + * @v byte Byte to transmit + * @ret rc Return status code + */ + void ( * transmit ) ( struct uart *uart, uint8_t byte ); + /** + * Check if data is ready + * + * @v uart UART + * @ret ready Data is ready + */ + int ( * data_ready ) ( struct uart *uart ); + /** + * Receive byte + * + * @v uart UART + * @ret byte Received byte + */ + uint8_t ( * receive ) ( struct uart *uart ); + /** + * Initialise UART + * + * @v uart UART + * @ret rc Return status code + */ + int ( * init ) ( struct uart *uart ); + /** + * Flush transmitted data + * + * @v uart UART + */ + void ( * flush ) ( struct uart *uart ); +}; -/** Line control register */ -#define UART_LCR 0x03 -#define UART_LCR_WLS0 0x01 /**< Word length select bit 0 */ -#define UART_LCR_WLS1 0x02 /**< Word length select bit 1 */ -#define UART_LCR_STB 0x04 /**< Number of stop bits */ -#define UART_LCR_PEN 0x08 /**< Parity enable */ -#define UART_LCR_EPS 0x10 /**< Even parity select */ -#define UART_LCR_DLAB 0x80 /**< Divisor latch access bit */ +/** + * Transmit byte + * + * @v uart UART + * @v byte Byte to transmit + * @ret rc Return status code + */ +static inline __attribute__ (( always_inline )) void +uart_transmit ( struct uart *uart, uint8_t byte ) { -#define UART_LCR_WORD_LEN(x) ( ( (x) - 5 ) << 0 ) /**< Word length */ -#define UART_LCR_STOP_BITS(x) ( ( (x) - 1 ) << 2 ) /**< Stop bits */ -#define UART_LCR_PARITY(x) ( ( (x) - 0 ) << 3 ) /**< Parity */ + uart->op->transmit ( uart, byte ); +} /** - * Calculate line control register value + * Check if data is ready * - * @v word_len Word length (5-8) - * @v parity Parity (0=none, 1=odd, 3=even) - * @v stop_bits Stop bits (1-2) - * @ret lcr Line control register value + * @v uart UART + * @ret ready Data is ready */ -#define UART_LCR_WPS( word_len, parity, stop_bits ) \ - ( UART_LCR_WORD_LEN ( (word_len) ) | \ - UART_LCR_PARITY ( (parity) ) | \ - UART_LCR_STOP_BITS ( (stop_bits) ) ) - -/** Default LCR value: 8 data bits, no parity, one stop bit */ -#define UART_LCR_8N1 UART_LCR_WPS ( 8, 0, 1 ) +static inline __attribute__ (( always_inline )) int +uart_data_ready ( struct uart *uart ) { -/** Modem control register */ -#define UART_MCR 0x04 -#define UART_MCR_DTR 0x01 /**< Data terminal ready */ -#define UART_MCR_RTS 0x02 /**< Request to send */ + return uart->op->data_ready ( uart ); +} -/** Line status register */ -#define UART_LSR 0x05 -#define UART_LSR_DR 0x01 /**< Data ready */ -#define UART_LSR_THRE 0x20 /**< Transmitter holding register empty */ -#define UART_LSR_TEMT 0x40 /**< Transmitter empty */ +/** + * Receive byte + * + * @v uart UART + * @ret byte Received byte + */ +static inline __attribute__ (( always_inline )) uint8_t +uart_receive ( struct uart *uart ) { -/** Scratch register */ -#define UART_SCR 0x07 + return uart->op->receive ( uart ); +} -/** Divisor latch (least significant byte) */ -#define UART_DLL 0x00 +/** + * Initialise UART + * + * @v uart UART + * @ret rc Return status code + */ +static inline __attribute__ (( always_inline )) int +uart_init ( struct uart *uart ) { -/** Divisor latch (most significant byte) */ -#define UART_DLM 0x01 + return uart->op->init ( uart ); +} -/** Maximum baud rate */ -#define UART_MAX_BAUD 115200 +/** + * Flush transmitted data + * + * @v uart UART + */ +static inline __attribute__ (( always_inline )) void +uart_flush ( struct uart *uart ) { -/** A 16550-compatible UART */ -struct uart { - /** I/O port base address */ - void *base; - /** Baud rate divisor */ - uint16_t divisor; - /** Line control register */ - uint8_t lcr; -}; + uart->op->flush ( uart ); +} -/** Symbolic names for port indexes */ -enum uart_port { - COM1 = 1, - COM2 = 2, - COM3 = 3, - COM4 = 4, -}; +extern struct list_head uarts; +extern struct uart_operations null_uart_operations; -#include <bits/uart.h> +/** + * Get reference to UART + * + * @v uart UART + * @ret uart UART + */ +static inline __attribute__ (( always_inline )) struct uart * +uart_get ( struct uart *uart ) { -void uart_write ( struct uart *uart, unsigned int addr, uint8_t data ); -uint8_t uart_read ( struct uart *uart, unsigned int addr ); -int uart_select ( struct uart *uart, unsigned int port ); + ref_get ( &uart->refcnt ); + return uart; +} /** - * Check if received data is ready + * Drop reference to UART * * @v uart UART - * @ret ready Data is ready */ -static inline int uart_data_ready ( struct uart *uart ) { - uint8_t lsr; +static inline __attribute__ (( always_inline )) void +uart_put ( struct uart *uart ) { - lsr = uart_read ( uart, UART_LSR ); - return ( lsr & UART_LSR_DR ); + ref_put ( &uart->refcnt ); } /** - * Receive data + * Nullify UART * * @v uart UART - * @ret data Data */ -static inline uint8_t uart_receive ( struct uart *uart ) { +static inline __attribute__ (( always_inline )) void +uart_nullify ( struct uart *uart ) { - return uart_read ( uart, UART_RBR ); + uart->op = &null_uart_operations; } -extern void uart_transmit ( struct uart *uart, uint8_t data ); -extern void uart_flush ( struct uart *uart ); -extern int uart_exists ( struct uart *uart ); -extern int uart_init ( struct uart *uart, unsigned int baud, uint8_t lcr ); +extern struct uart * alloc_uart ( size_t priv_len ); +extern int uart_register ( struct uart *uart ); +extern int uart_register_fixed ( void ); +extern void uart_unregister ( struct uart *uart ); +extern struct uart * uart_find ( const char *name ); #endif /* _IPXE_UART_H */ diff --git a/src/include/ipxe/udp.h b/src/include/ipxe/udp.h index 7b0de4dc0..693b2a422 100644 --- a/src/include/ipxe/udp.h +++ b/src/include/ipxe/udp.h @@ -10,6 +10,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <ipxe/iobuf.h> diff --git a/src/include/ipxe/uheap.h b/src/include/ipxe/uheap.h new file mode 100644 index 000000000..0d37a649a --- /dev/null +++ b/src/include/ipxe/uheap.h @@ -0,0 +1,23 @@ +#ifndef _IPXE_UHEAP_H +#define _IPXE_UHEAP_H + +/** @file + * + * External ("user") heap + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef UMALLOC_UHEAP +#define UMALLOC_PREFIX_uheap +#else +#define UMALLOC_PREFIX_uheap __uheap_ +#endif + +extern physaddr_t uheap_limit; +extern physaddr_t uheap_start; +extern physaddr_t uheap_end; + +#endif /* _IPXE_UHEAP_H */ diff --git a/src/include/ipxe/umalloc.h b/src/include/ipxe/umalloc.h index 3892ef53b..c2a13dfdf 100644 --- a/src/include/ipxe/umalloc.h +++ b/src/include/ipxe/umalloc.h @@ -9,10 +9,12 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); +#include <stddef.h> #include <ipxe/api.h> +#include <ipxe/malloc.h> #include <config/umalloc.h> -#include <ipxe/uaccess.h> /** * Provide a user memory allocation API implementation @@ -25,6 +27,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); PROVIDE_SINGLE_API ( UMALLOC_PREFIX_ ## _subsys, _api_func, _func ) /* Include all architecture-independent I/O API headers */ +#include <ipxe/uheap.h> #include <ipxe/efi/efi_umalloc.h> #include <ipxe/linux/linux_umalloc.h> @@ -34,36 +37,36 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); /** * Reallocate external memory * - * @v userptr Memory previously allocated by umalloc(), or UNULL + * @v old_ptr Memory previously allocated by umalloc(), or NULL * @v new_size Requested size - * @ret userptr Allocated memory, or UNULL + * @ret new_ptr Allocated memory, or NULL * * Calling realloc() with a new size of zero is a valid way to free a * memory block. */ -userptr_t urealloc ( userptr_t userptr, size_t new_size ); +void * urealloc ( void *ptr, size_t new_size ); /** * Allocate external memory * * @v size Requested size - * @ret userptr Memory, or UNULL + * @ret ptr Memory, or NULL * * Memory is guaranteed to be aligned to a page boundary. */ -static inline __always_inline userptr_t umalloc ( size_t size ) { - return urealloc ( UNULL, size ); +static inline __always_inline void * umalloc ( size_t size ) { + return urealloc ( NULL, size ); } /** * Free external memory * - * @v userptr Memory allocated by umalloc(), or UNULL + * @v ptr Memory allocated by umalloc(), or NULL * - * If @c ptr is UNULL, no action is taken. + * If @c ptr is NULL, no action is taken. */ -static inline __always_inline void ufree ( userptr_t userptr ) { - urealloc ( userptr, 0 ); +static inline __always_inline void ufree ( void *ptr ) { + urealloc ( ptr, 0 ); } #endif /* _IPXE_UMALLOC_H */ diff --git a/src/include/ipxe/uri.h b/src/include/ipxe/uri.h index a94b525e1..0de0135e4 100644 --- a/src/include/ipxe/uri.h +++ b/src/include/ipxe/uri.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdlib.h> diff --git a/src/include/ipxe/usb.h b/src/include/ipxe/usb.h index 911247ede..9b8c7ae00 100644 --- a/src/include/ipxe/usb.h +++ b/src/include/ipxe/usb.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <byteswap.h> #include <ipxe/list.h> @@ -54,6 +55,20 @@ enum usb_speed { USB_SPEED_SUPER = USB_SPEED ( 5, 3 ), }; +/** Define a USB bus:device address + * + * @v bus Bus address + * @v dev Device address + * @ret busdev Bus:device address + */ +#define USB_BUSDEV( bus, dev ) ( ( (bus) << 8 ) | (dev) ) + +/** Extract USB bus address */ +#define USB_BUS( busdev ) ( (busdev) >> 8 ) + +/** Extract USB device address */ +#define USB_DEV( busdev ) ( (busdev) & 0xff ) + /** USB packet IDs */ enum usb_pid { /** IN PID */ @@ -956,6 +971,12 @@ struct usb_bus { /** Host controller operations set */ struct usb_host_operations *op; + /** Bus address + * + * This is an internal index used only to allow a USB device + * to be identified via a nominal bus:device address. + */ + unsigned int address; /** Largest transfer allowed on the bus */ size_t mtu; /** Address in-use mask @@ -1269,6 +1290,9 @@ extern struct usb_endpoint_companion_descriptor * usb_endpoint_companion_descriptor ( struct usb_configuration_descriptor *config, struct usb_endpoint_descriptor *desc ); +extern struct usb_device * find_usb ( struct usb_bus *bus, + unsigned int address ); + extern struct usb_hub * alloc_usb_hub ( struct usb_bus *bus, struct usb_device *usb, unsigned int ports, @@ -1285,11 +1309,13 @@ extern struct usb_bus * alloc_usb_bus ( struct device *dev, extern int register_usb_bus ( struct usb_bus *bus ); extern void unregister_usb_bus ( struct usb_bus *bus ); extern void free_usb_bus ( struct usb_bus *bus ); +extern struct usb_bus * find_usb_bus ( unsigned int address ); extern struct usb_bus * find_usb_bus_by_location ( unsigned int bus_type, unsigned int location ); extern int usb_alloc_address ( struct usb_bus *bus ); extern void usb_free_address ( struct usb_bus *bus, unsigned int address ); +extern int usb_find_next ( struct usb_device **usb, uint16_t *busdev ); extern unsigned int usb_route_string ( struct usb_device *usb ); extern struct usb_port * usb_root_hub_port ( struct usb_device *usb ); extern struct usb_port * usb_transaction_translator ( struct usb_device *usb ); diff --git a/src/include/ipxe/usbnet.h b/src/include/ipxe/usbnet.h index a7276eba5..937a26d9a 100644 --- a/src/include/ipxe/usbnet.h +++ b/src/include/ipxe/usbnet.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/usb.h> diff --git a/src/include/ipxe/utf8.h b/src/include/ipxe/utf8.h index 299c25511..10b2fcbd6 100644 --- a/src/include/ipxe/utf8.h +++ b/src/include/ipxe/utf8.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/uuid.h b/src/include/ipxe/uuid.h index 4874b7382..d0120741d 100644 --- a/src/include/ipxe/uuid.h +++ b/src/include/ipxe/uuid.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <byteswap.h> diff --git a/src/include/ipxe/validator.h b/src/include/ipxe/validator.h index 367e4045d..4d95766fa 100644 --- a/src/include/ipxe/validator.h +++ b/src/include/ipxe/validator.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> #include <ipxe/x509.h> diff --git a/src/include/ipxe/version.h b/src/include/ipxe/version.h index a43a33425..6be6096dc 100644 --- a/src/include/ipxe/version.h +++ b/src/include/ipxe/version.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <wchar.h> diff --git a/src/include/ipxe/virt_offset.h b/src/include/ipxe/virt_offset.h new file mode 100644 index 000000000..31c434fc5 --- /dev/null +++ b/src/include/ipxe/virt_offset.h @@ -0,0 +1,132 @@ +#ifndef _IPXE_VIRT_OFFSET_H +#define _IPXE_VIRT_OFFSET_H + +/** + * @file + * + * Virtual offset memory model + * + * No currently supported machine provides a full 64 bits of physical + * address space. When we have ownership of the page tables (or + * segmentation mechanism), we can therefore use the following model: + * + * - For 32-bit builds: set up a circular map so that all 32-bit + * virtual addresses are at a fixed offset from the 32-bit + * physical addresses. + * + * - For 64-bit builds: identity-map the required portion of the + * physical address space, place iPXE within the 32-bit physical + * address space, map iPXE using virtual addresses in the top part + * of the negative (kernel) address space, and optionally map the + * 32-bit physical address space with attributes suitable for + * coherent DMA accesses. + * + * In both cases, we can define "virt_offset" as "the value to be + * added to an address within iPXE's own image in order to obtain its + * physical address". With this definition: + * + * - For 32-bit builds: conversion between physical and virtual + * addresses is a straightforward addition or subtraction of + * virt_offset, since the whole 32-bit address space is circular. + * + * - For 64-bit builds: conversion from any valid physical address + * is a no-op (since all physical addresses are identity-mapped), + * and conversion from a virtual address to a physical address + * requires an addition of virt_offset if and only if the virtual + * address lies in the high negative portion of the address space + * (i.e. has the MSB set, but has the MSB clear after adding + * virt_offset). + * + * For x86_64-pcbios, we identity-map the low 4GB of address space + * since the only accesses required above 4GB are for MMIO (typically + * PCI devices with large memory BARs). + * + * For riscv64-sbi, we identity-map as much of the physical address + * space as can be mapped by the paging model (Sv39, Sv48, or Sv57) + * and create a coherent DMA mapping of the low 4GB. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef UACCESS_OFFSET +#define UACCESS_PREFIX_offset +#else +#define UACCESS_PREFIX_offset __offset_ +#endif + +/** Virtual address offset + * + * This is defined to be the value to be added to an address within + * iPXE's own image in order to obtain its physical address, as + * described above. + */ +extern const unsigned long virt_offset; + +/** Allow for architecture-specific overrides of virt_offset */ +#include <bits/virt_offset.h> + +/** + * Convert physical address to virtual address + * + * @v phys Physical address + * @ret virt Virtual address + */ +static inline __always_inline void * +UACCESS_INLINE ( offset, phys_to_virt ) ( unsigned long phys ) { + + /* In a 64-bit build, any valid physical address is directly + * usable as a virtual address, since physical addresses are + * identity-mapped. + */ + if ( sizeof ( physaddr_t ) > sizeof ( uint32_t ) ) + return ( ( void * ) phys ); + + /* In a 32-bit build: subtract virt_offset */ + return ( ( void * ) ( phys - virt_offset ) ); +} + +/** + * Convert virtual address to physical address + * + * @v virt Virtual address + * @ret phys Physical address + */ +static inline __always_inline physaddr_t +UACCESS_INLINE ( offset, virt_to_phys ) ( volatile const void *virt ) { + const physaddr_t msb = ( 1ULL << ( 8 * sizeof ( physaddr_t ) - 1 ) ); + physaddr_t addr = ( ( physaddr_t ) virt ); + + /* In a 64-bit build, any valid virtual address with the MSB + * clear is directly usable as a physical address, since it + * must lie within the identity-mapped portion. + * + * This test will typically reduce to a single "branch if less + * than zero" instruction. + */ + if ( ( sizeof ( physaddr_t ) > sizeof ( uint32_t ) ) && + ( ! ( addr & msb ) ) ) { + return addr; + } + + /* In a 32-bit build or in a 64-bit build with a virtual + * address with the MSB set: add virt_offset + */ + addr += virt_offset; + + /* In a 64-bit build with an address that still has the MSB + * set after adding virt_offset: truncate the original virtual + * address to form a 32-bit physical address. + * + * This test will also typically reduce to a single "branch if + * less than zero" instruction. + */ + if ( ( sizeof ( physaddr_t ) > sizeof ( uint32_t ) ) && + ( addr & msb ) ) { + return ( ( uint32_t ) ( physaddr_t ) virt ); + } + + return addr; +} + +#endif /* _IPXE_VIRT_OFFSET_H */ diff --git a/src/include/ipxe/vlan.h b/src/include/ipxe/vlan.h index 20bbc891d..a1cd76182 100644 --- a/src/include/ipxe/vlan.h +++ b/src/include/ipxe/vlan.h @@ -9,6 +9,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/netdevice.h> diff --git a/src/include/ipxe/vmbus.h b/src/include/ipxe/vmbus.h index 682441857..5eee230fe 100644 --- a/src/include/ipxe/vmbus.h +++ b/src/include/ipxe/vmbus.h @@ -13,7 +13,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/uuid.h> #include <ipxe/device.h> #include <ipxe/tables.h> -#include <ipxe/uaccess.h> #include <ipxe/iobuf.h> #include <ipxe/hyperv.h> @@ -634,7 +633,7 @@ vmbus_gpadl_is_obsolete ( unsigned int gpadl ) { return ( gpadl <= vmbus_obsolete_gpadl ); } -extern int vmbus_establish_gpadl ( struct vmbus_device *vmdev, userptr_t data, +extern int vmbus_establish_gpadl ( struct vmbus_device *vmdev, void *data, size_t len ); extern int vmbus_gpadl_teardown ( struct vmbus_device *vmdev, unsigned int gpadl ); diff --git a/src/include/ipxe/vsprintf.h b/src/include/ipxe/vsprintf.h index 9e6297715..8b25422d8 100644 --- a/src/include/ipxe/vsprintf.h +++ b/src/include/ipxe/vsprintf.h @@ -32,6 +32,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stdarg.h> diff --git a/src/include/ipxe/weierstrass.h b/src/include/ipxe/weierstrass.h new file mode 100644 index 000000000..ced99b4fc --- /dev/null +++ b/src/include/ipxe/weierstrass.h @@ -0,0 +1,187 @@ +#ifndef _IPXE_WEIERSTRASS_H +#define _IPXE_WEIERSTRASS_H + +/** @file + * + * Weierstrass elliptic curves + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/bigint.h> +#include <ipxe/crypto.h> + +/** Number of axes in Weierstrass curve point representation */ +#define WEIERSTRASS_AXES 2 + +/** + * Maximum multiple of field prime encountered during calculations + * + * Calculations are performed using values modulo a small multiple of + * the field prime, rather than modulo the field prime itself. This + * allows explicit reductions after additions, subtractions, and + * relaxed Montgomery multiplications to be omitted entirely, provided + * that we keep careful track of the field prime multiple for each + * intermediate value. + * + * Relaxed Montgomery multiplication will produce a result in the + * range t < (1+m/k)N, where m is this maximum multiple of the field + * prime, and k is the constant in R > kN representing the leading + * zero padding in the big integer representation of the field prime. + * We choose to set k=m so that multiplications will always produce a + * result in the range t < 2N. + * + * This is expressed as the base-two logarithm of the multiple + * (rounded up), to simplify compile-time calculations. + */ +#define WEIERSTRASS_MAX_MULTIPLE_LOG2 5 /* maximum reached is mod 20N */ + +/** + * Determine number of elements in scalar values for a Weierstrass curve + * + * @v len Length of field prime, in bytes + * @ret size Number of elements + */ +#define weierstrass_size( len ) \ + bigint_required_size ( (len) + \ + ( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \ + / 8 ) ) + +/** + * Define a Weierstrass projective co-ordinate type + * + * @v size Number of elements in scalar values + * @ret weierstrass_t Projective co-ordinate type + */ +#define weierstrass_t( size ) \ + union { \ + bigint_t ( size ) axis[3]; \ + struct { \ + bigint_t ( size ) x; \ + bigint_t ( size ) y; \ + bigint_t ( size ) z; \ + }; \ + bigint_t ( size * 2 ) xy; \ + bigint_t ( size * 3 ) all; \ + } + +/** Indexes for stored multiples of the field prime */ +enum weierstrass_multiple { + WEIERSTRASS_N = 0, + WEIERSTRASS_2N, + WEIERSTRASS_4N, + WEIERSTRASS_NUM_MULTIPLES +}; + +/** Number of cached in Montgomery form for each Weierstrass curve */ +#define WEIERSTRASS_NUM_MONT 3 + +/** Number of cached big integers for each Weierstrass curve */ +#define WEIERSTRASS_NUM_CACHED \ + ( WEIERSTRASS_NUM_MULTIPLES + \ + 1 /* fermat */ + 1 /* mont */ + \ + WEIERSTRASS_NUM_MONT ) + +/** + * A Weierstrass elliptic curve + * + * This is an elliptic curve y^2 = x^3 + ax + b + */ +struct weierstrass_curve { + /** Number of elements in scalar values */ + const unsigned int size; + /** Curve name */ + const char *name; + /** Length of raw scalar values */ + size_t len; + /** Field prime */ + const uint8_t *prime_raw; + /** Constant "a" */ + const uint8_t *a_raw; + /** Constant "b" */ + const uint8_t *b_raw; + /** Base point */ + const uint8_t *base; + + /** Cached field prime "N" (and multiples thereof) */ + bigint_element_t *prime[WEIERSTRASS_NUM_CACHED]; + /** Cached constant "N-2" (for Fermat's little theorem) */ + bigint_element_t *fermat; + /** Cached Montgomery constant (R^2 mod N) */ + bigint_element_t *square; + /** Cached constants in Montgomery form */ + union { + struct { + /** Cached constant "1", in Montgomery form */ + bigint_element_t *one; + /** Cached constant "a", in Montgomery form */ + bigint_element_t *a; + /** Cached constant "3b", in Montgomery form */ + bigint_element_t *b3; + }; + bigint_element_t *mont[WEIERSTRASS_NUM_MONT]; + }; +}; + +extern int weierstrass_is_infinity ( struct weierstrass_curve *curve, + const void *point ); +extern int weierstrass_multiply ( struct weierstrass_curve *curve, + const void *base, const void *scalar, + void *result ); +extern int weierstrass_add_once ( struct weierstrass_curve *curve, + const void *addend, const void *augend, + void *result ); + +/** Define a Weierstrass curve */ +#define WEIERSTRASS_CURVE( _name, _curve, _len, _prime, _a, _b, _base, \ + _order ) \ + static bigint_t ( weierstrass_size(_len) ) \ + _name ## _cache[WEIERSTRASS_NUM_CACHED]; \ + static struct weierstrass_curve _name ## _weierstrass = { \ + .size = weierstrass_size(_len), \ + .name = #_name, \ + .len = (_len), \ + .prime_raw = (_prime), \ + .a_raw = (_a), \ + .b_raw = (_b), \ + .base = (_base), \ + .prime = { \ + (_name ## _cache)[0].element, \ + (_name ## _cache)[1].element, \ + (_name ## _cache)[2].element, \ + }, \ + .fermat = (_name ## _cache)[3].element, \ + .square = (_name ## _cache)[4].element, \ + .one = (_name ## _cache)[5].element, \ + .a = (_name ## _cache)[6].element, \ + .b3 = (_name ## _cache)[7].element, \ + }; \ + static int _name ## _is_infinity ( const void *point) { \ + return weierstrass_is_infinity ( &_name ## _weierstrass,\ + point ); \ + } \ + static int _name ## _multiply ( const void *base, \ + const void *scalar, \ + void *result ) { \ + return weierstrass_multiply ( &_name ## _weierstrass, \ + base, scalar, result ); \ + } \ + static int _name ## _add ( const void *addend, \ + const void *augend, void *result) { \ + return weierstrass_add_once ( &_name ## _weierstrass, \ + addend, augend, result ); \ + } \ + struct elliptic_curve _curve = { \ + .name = #_name, \ + .pointsize = ( WEIERSTRASS_AXES * (_len) ), \ + .keysize = (_len), \ + .base = (_base), \ + .order = (_order), \ + .is_infinity = _name ## _is_infinity, \ + .multiply = _name ## _multiply, \ + .add = _name ## _add, \ + } + +#endif /* _IPXE_WEIERSTRASS_H */ diff --git a/src/include/ipxe/widget.h b/src/include/ipxe/widget.h new file mode 100644 index 000000000..6e61a8ca8 --- /dev/null +++ b/src/include/ipxe/widget.h @@ -0,0 +1,109 @@ +#ifndef _IPXE_WIDGET_H +#define _IPXE_WIDGET_H + +/** @file + * + * Text widgets + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <curses.h> + +/** A text widget */ +struct widget { + /** Widget operations */ + struct widget_operations *op; + + /** Row */ + unsigned int row; + /** Starting column */ + unsigned int col; + /** Width */ + unsigned int width; + /** Flags */ + unsigned int flags; +}; + +/** Text widget flags */ +enum widget_flags { + /** Widget may have input focus */ + WIDGET_EDITABLE = 0x0001, + /** Widget contains a secret */ + WIDGET_SECRET = 0x0002, +}; + +/** Text widget operations */ +struct widget_operations { + /** + * Draw widget + * + * @v widget Text widget + */ + void ( * draw ) ( struct widget *widget ); + /** + * Edit widget + * + * @v widget Text widget + * @v key Key pressed by user + * @ret key Key returned to application, or zero + * + * This will not update the display: you must call the draw() + * method to ensure that any changes to an editable widget are + * displayed to the user. + */ + int ( * edit ) ( struct widget *widget, int key ); +}; + +/** + * Initialise text widget + * + * @v widget Text widget + * @v op Text widget operations + * @v row Row + * @v col Starting column + * @v width Width + */ +static inline __attribute__ (( always_inline )) void +init_widget ( struct widget *widget, struct widget_operations *op, + unsigned int row, unsigned int col, unsigned int width, + unsigned int flags ) { + + widget->op = op; + widget->row = row; + widget->col = col; + widget->width = width; + widget->flags = flags; +} + +/** + * Draw text widget + * + * @v widget Text widget + */ +static inline __attribute__ (( always_inline )) void +draw_widget ( struct widget *widget ) { + + widget->op->draw ( widget ); +} + +/** + * Edit text widget + * + * @v widget Text widget + * @v key Key pressed by user + * @ret key Key returned to application, or zero + * + * This will not update the display: you must call draw_widget() to + * ensure that any changes to an editable widget are displayed to the + * user. + */ +static inline __attribute__ (( always_inline )) int +edit_widget ( struct widget *widget, int key ) { + + return widget->op->edit ( widget, key ); +} + +#endif /* _IPXE_WIDGET_H */ diff --git a/src/include/ipxe/x25519.h b/src/include/ipxe/x25519.h index fd7caeee9..ef294f7b2 100644 --- a/src/include/ipxe/x25519.h +++ b/src/include/ipxe/x25519.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/bigint.h> @@ -85,9 +86,10 @@ extern void x25519_multiply ( const union x25519_oct258 *multiplicand, extern void x25519_invert ( const union x25519_oct258 *invertend, union x25519_quad257 *result ); extern void x25519_reduce ( union x25519_quad257 *value ); -extern int x25519_key ( const struct x25519_value *base, - const struct x25519_value *scalar, - struct x25519_value *result ); +extern void x25519_key ( const struct x25519_value *base, + const struct x25519_value *scalar, + struct x25519_value *result ); +extern int x25519_is_zero ( const struct x25519_value *value ); extern struct elliptic_curve x25519_curve; diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 87323cec0..360e2b19a 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stddef.h> @@ -17,6 +18,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/list.h> struct image; +struct private_key; /** An X.509 serial number */ struct x509_serial { @@ -50,8 +52,8 @@ struct x509_public_key { struct asn1_cursor raw; /** Public key algorithm */ struct asn1_algorithm *algorithm; - /** Raw public key bit string */ - struct asn1_bit_string raw_bits; + /** Public key value */ + struct asn1_cursor value; }; /** An X.509 certificate subject */ @@ -69,7 +71,7 @@ struct x509_signature { /** Signature algorithm */ struct asn1_algorithm *algorithm; /** Signature value */ - struct asn1_bit_string value; + struct asn1_cursor value; }; /** An X.509 certificate basic constraints set */ @@ -201,6 +203,13 @@ struct x509_chain { struct refcnt refcnt; /** List of links */ struct list_head links; + /** Mark certificate as found + * + * @v store Certificate store + * @v cert X.509 certificate + */ + void ( * found ) ( struct x509_chain *store, + struct x509_certificate *cert ); }; /** An X.509 certificate */ @@ -413,6 +422,9 @@ extern int x509_certificate ( const void *data, size_t len, struct x509_certificate **cert ); extern int x509_is_valid ( struct x509_certificate *cert, struct x509_root *root ); +extern void x509_set_valid ( struct x509_certificate *cert, + struct x509_certificate *issuer, + struct x509_root *root ); extern int x509_validate ( struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root ); @@ -424,8 +436,19 @@ extern int x509_append ( struct x509_chain *chain, extern int x509_append_raw ( struct x509_chain *chain, const void *data, size_t len ); extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link ); +extern struct x509_certificate * x509_find ( struct x509_chain *store, + const struct asn1_cursor *raw ); +extern struct x509_certificate * +x509_find_subject ( struct x509_chain *store, + const struct asn1_cursor *subject ); +extern struct x509_certificate * +x509_find_issuer_serial ( struct x509_chain *store, + const struct asn1_cursor *issuer, + const struct asn1_cursor *serial ); +extern struct x509_certificate * x509_find_key ( struct x509_chain *store, + struct private_key *key ); extern int x509_auto_append ( struct x509_chain *chain, - struct x509_chain *certs ); + struct x509_chain *store ); extern int x509_validate_chain ( struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root ); diff --git a/src/include/ipxe/xen.h b/src/include/ipxe/xen.h index 0fb8b7625..9ddfcdf81 100644 --- a/src/include/ipxe/xen.h +++ b/src/include/ipxe/xen.h @@ -8,13 +8,13 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* Define Xen interface version before including any Xen header files */ #define __XEN_INTERFACE_VERSION__ 0x00040400 #include <stdint.h> #include <ipxe/bitops.h> -#include <ipxe/uaccess.h> #include <xen/xen.h> #include <xen/event_channel.h> diff --git a/src/include/ipxe/xenbus.h b/src/include/ipxe/xenbus.h index ec5782eed..d73f29781 100644 --- a/src/include/ipxe/xenbus.h +++ b/src/include/ipxe/xenbus.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/device.h> #include <ipxe/tables.h> diff --git a/src/include/ipxe/xenevent.h b/src/include/ipxe/xenevent.h index f0bd3465e..8be9e2b2f 100644 --- a/src/include/ipxe/xenevent.h +++ b/src/include/ipxe/xenevent.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/xen.h> #include <xen/event_channel.h> diff --git a/src/include/ipxe/xengrant.h b/src/include/ipxe/xengrant.h index fcb7a7157..8af27f3e3 100644 --- a/src/include/ipxe/xengrant.h +++ b/src/include/ipxe/xengrant.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <stdlib.h> diff --git a/src/include/ipxe/xenstore.h b/src/include/ipxe/xenstore.h index 892640755..c2079cec5 100644 --- a/src/include/ipxe/xenstore.h +++ b/src/include/ipxe/xenstore.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/xen.h> diff --git a/src/include/ipxe/xenver.h b/src/include/ipxe/xenver.h index b29dfb321..5d820a6e7 100644 --- a/src/include/ipxe/xenver.h +++ b/src/include/ipxe/xenver.h @@ -1,5 +1,5 @@ #ifndef _IPXE_XENVER_H -#define _IPXE_VENVER_H +#define _IPXE_XENVER_H /** @file * diff --git a/src/include/ipxe/xfer.h b/src/include/ipxe/xfer.h index 3a35fa924..c35be31d9 100644 --- a/src/include/ipxe/xfer.h +++ b/src/include/ipxe/xfer.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdarg.h> diff --git a/src/include/ipxe/xferbuf.h b/src/include/ipxe/xferbuf.h index cb0b1a0e8..aa0b2471f 100644 --- a/src/include/ipxe/xferbuf.h +++ b/src/include/ipxe/xferbuf.h @@ -8,10 +8,10 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <ipxe/iobuf.h> -#include <ipxe/uaccess.h> #include <ipxe/interface.h> #include <ipxe/xfer.h> @@ -36,41 +36,19 @@ struct xfer_buffer_operations { * @ret rc Return status code */ int ( * realloc ) ( struct xfer_buffer *xferbuf, size_t len ); - /** Write data to buffer - * - * @v xferbuf Data transfer buffer - * @v offset Starting offset - * @v data Data to write - * @v len Length of data - * - * This call is simply a wrapper for the appropriate - * memcpy()-like operation: the caller is responsible for - * ensuring that the write does not exceed the buffer length. - */ - void ( * write ) ( struct xfer_buffer *xferbuf, size_t offset, - const void *data, size_t len ); - /** Read data from buffer - * - * @v xferbuf Data transfer buffer - * @v offset Starting offset - * @v data Data to read - * @v len Length of data - * - * This call is simply a wrapper for the appropriate - * memcpy()-like operation: the caller is responsible for - * ensuring that the read does not exceed the buffer length. - */ - void ( * read ) ( struct xfer_buffer *xferbuf, size_t offset, - void *data, size_t len ); }; extern struct xfer_buffer_operations xferbuf_malloc_operations; extern struct xfer_buffer_operations xferbuf_umalloc_operations; +extern struct xfer_buffer_operations xferbuf_fixed_operations; +extern struct xfer_buffer_operations xferbuf_void_operations; /** * Initialise malloc()-based data transfer buffer * * @v xferbuf Data transfer buffer + * + * Data will be automatically allocated using malloc(). */ static inline __attribute__ (( always_inline )) void xferbuf_malloc_init ( struct xfer_buffer *xferbuf ) { @@ -81,14 +59,45 @@ xferbuf_malloc_init ( struct xfer_buffer *xferbuf ) { * Initialise umalloc()-based data transfer buffer * * @v xferbuf Data transfer buffer - * @v data User pointer + * + * Data will be automatically allocated using umalloc() (and may + * therefore alter the system memory map). */ static inline __attribute__ (( always_inline )) void -xferbuf_umalloc_init ( struct xfer_buffer *xferbuf, userptr_t *data ) { - xferbuf->data = data; +xferbuf_umalloc_init ( struct xfer_buffer *xferbuf ) { xferbuf->op = &xferbuf_umalloc_operations; } +/** + * Initialise fixed-size data transfer buffer + * + * @v xferbuf Data transfer buffer + * @v data Data buffer + * @v len Length of data buffer + * + * Data will be never be automatically allocated. + */ +static inline __attribute__ (( always_inline )) void +xferbuf_fixed_init ( struct xfer_buffer *xferbuf, void *data, size_t len ) { + xferbuf->data = data; + xferbuf->len = len; + xferbuf->op = &xferbuf_fixed_operations; +} + +/** + * Initialise void data transfer buffer + * + * @v xferbuf Data transfer buffer + * + * No data will be allocated, but the length will be recorded. This + * can be used to capture xfer_seek() results. + */ +static inline __attribute__ (( always_inline )) void +xferbuf_void_init ( struct xfer_buffer *xferbuf ) { + xferbuf->op = &xferbuf_void_operations; +} + +extern void xferbuf_detach ( struct xfer_buffer *xferbuf ); extern void xferbuf_free ( struct xfer_buffer *xferbuf ); extern int xferbuf_write ( struct xfer_buffer *xferbuf, size_t offset, const void *data, size_t len ); diff --git a/src/include/ipxe/xhci.h b/src/include/ipxe/xhci.h new file mode 100644 index 000000000..2f5c256a0 --- /dev/null +++ b/src/include/ipxe/xhci.h @@ -0,0 +1,1185 @@ +#ifndef _IPXE_XHCI_H +#define _IPXE_XHCI_H + +/** @file + * + * USB eXtensible Host Controller Interface (xHCI) driver + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <assert.h> +#include <ipxe/pci.h> +#include <ipxe/usb.h> + +/** Minimum alignment required for data structures + * + * With the exception of the scratchpad buffer pages (which are + * page-aligned), data structures used by xHCI generally require from + * 16 to 64 byte alignment and must not cross an (xHCI) page boundary. + * We simplify this requirement by aligning each structure on its own + * size, with a minimum of a 64 byte alignment. + */ +#define XHCI_MIN_ALIGN 64 + +/** Maximum transfer size */ +#define XHCI_MTU 65536 + +/** xHCI PCI BAR */ +#define XHCI_BAR PCI_BASE_ADDRESS_0 + +/** Capability register length */ +#define XHCI_CAP_CAPLENGTH 0x00 + +/** Host controller interface version number */ +#define XHCI_CAP_HCIVERSION 0x02 + +/** Structural parameters 1 */ +#define XHCI_CAP_HCSPARAMS1 0x04 + +/** Number of device slots */ +#define XHCI_HCSPARAMS1_SLOTS(params) ( ( (params) >> 0 ) & 0xff ) + +/** Number of interrupters */ +#define XHCI_HCSPARAMS1_INTRS(params) ( ( (params) >> 8 ) & 0x3ff ) + +/** Number of ports */ +#define XHCI_HCSPARAMS1_PORTS(params) ( ( (params) >> 24 ) & 0xff ) + +/** Structural parameters 2 */ +#define XHCI_CAP_HCSPARAMS2 0x08 + +/** Number of page-sized scratchpad buffers */ +#define XHCI_HCSPARAMS2_SCRATCHPADS(params) \ + ( ( ( (params) >> 16 ) & 0x3e0 ) | ( ( (params) >> 27 ) & 0x1f ) ) + +/** Capability parameters */ +#define XHCI_CAP_HCCPARAMS1 0x10 + +/** 64-bit addressing capability */ +#define XHCI_HCCPARAMS1_ADDR64(params) ( ( (params) >> 0 ) & 0x1 ) + +/** Context size shift */ +#define XHCI_HCCPARAMS1_CSZ_SHIFT(params) ( 5 + ( ( (params) >> 2 ) & 0x1 ) ) + +/** xHCI extended capabilities pointer */ +#define XHCI_HCCPARAMS1_XECP(params) ( ( ( (params) >> 16 ) & 0xffff ) << 2 ) + +/** Doorbell offset */ +#define XHCI_CAP_DBOFF 0x14 + +/** Runtime register space offset */ +#define XHCI_CAP_RTSOFF 0x18 + +/** xHCI extended capability ID */ +#define XHCI_XECP_ID(xecp) ( ( (xecp) >> 0 ) & 0xff ) + +/** Next xHCI extended capability pointer */ +#define XHCI_XECP_NEXT(xecp) ( ( ( (xecp) >> 8 ) & 0xff ) << 2 ) + +/** USB legacy support extended capability */ +#define XHCI_XECP_ID_LEGACY 1 + +/** USB legacy support BIOS owned semaphore */ +#define XHCI_USBLEGSUP_BIOS 0x02 + +/** USB legacy support BIOS ownership flag */ +#define XHCI_USBLEGSUP_BIOS_OWNED 0x01 + +/** USB legacy support OS owned semaphore */ +#define XHCI_USBLEGSUP_OS 0x03 + +/** USB legacy support OS ownership flag */ +#define XHCI_USBLEGSUP_OS_OWNED 0x01 + +/** USB legacy support control/status */ +#define XHCI_USBLEGSUP_CTLSTS 0x04 + +/** Supported protocol extended capability */ +#define XHCI_XECP_ID_SUPPORTED 2 + +/** Supported protocol revision */ +#define XHCI_SUPPORTED_REVISION 0x00 + +/** Supported protocol minor revision */ +#define XHCI_SUPPORTED_REVISION_VER(revision) ( ( (revision) >> 16 ) & 0xffff ) + +/** Supported protocol name */ +#define XHCI_SUPPORTED_NAME 0x04 + +/** Supported protocol ports */ +#define XHCI_SUPPORTED_PORTS 0x08 + +/** Supported protocol port offset */ +#define XHCI_SUPPORTED_PORTS_OFFSET(ports) ( ( (ports) >> 0 ) & 0xff ) + +/** Supported protocol port count */ +#define XHCI_SUPPORTED_PORTS_COUNT(ports) ( ( (ports) >> 8 ) & 0xff ) + +/** Supported protocol PSI count */ +#define XHCI_SUPPORTED_PORTS_PSIC(ports) ( ( (ports) >> 28 ) & 0x0f ) + +/** Supported protocol slot */ +#define XHCI_SUPPORTED_SLOT 0x0c + +/** Supported protocol slot type */ +#define XHCI_SUPPORTED_SLOT_TYPE(slot) ( ( (slot) >> 0 ) & 0x1f ) + +/** Supported protocol PSI */ +#define XHCI_SUPPORTED_PSI(index) ( 0x10 + ( (index) * 4 ) ) + +/** Supported protocol PSI value */ +#define XHCI_SUPPORTED_PSI_VALUE(psi) ( ( (psi) >> 0 ) & 0x0f ) + +/** Supported protocol PSI mantissa */ +#define XHCI_SUPPORTED_PSI_MANTISSA(psi) ( ( (psi) >> 16 ) & 0xffff ) + +/** Supported protocol PSI exponent */ +#define XHCI_SUPPORTED_PSI_EXPONENT(psi) ( ( (psi) >> 4 ) & 0x03 ) + +/** Default PSI values */ +enum xhci_default_psi_value { + /** Full speed (12Mbps) */ + XHCI_SPEED_FULL = 1, + /** Low speed (1.5Mbps) */ + XHCI_SPEED_LOW = 2, + /** High speed (480Mbps) */ + XHCI_SPEED_HIGH = 3, + /** Super speed */ + XHCI_SPEED_SUPER = 4, +}; + +/** USB command register */ +#define XHCI_OP_USBCMD 0x00 + +/** Run/stop */ +#define XHCI_USBCMD_RUN 0x00000001UL + +/** Host controller reset */ +#define XHCI_USBCMD_HCRST 0x00000002UL + +/** USB status register */ +#define XHCI_OP_USBSTS 0x04 + +/** Host controller halted */ +#define XHCI_USBSTS_HCH 0x00000001UL + +/** Page size register */ +#define XHCI_OP_PAGESIZE 0x08 + +/** Page size */ +#define XHCI_PAGESIZE(pagesize) ( (pagesize) << 12 ) + +/** Device notifcation control register */ +#define XHCI_OP_DNCTRL 0x14 + +/** Command ring control register */ +#define XHCI_OP_CRCR 0x18 + +/** Command ring cycle state */ +#define XHCI_CRCR_RCS 0x00000001UL + +/** Command abort */ +#define XHCI_CRCR_CA 0x00000004UL + +/** Command ring running */ +#define XHCI_CRCR_CRR 0x00000008UL + +/** Device context base address array pointer */ +#define XHCI_OP_DCBAAP 0x30 + +/** Configure register */ +#define XHCI_OP_CONFIG 0x38 + +/** Maximum device slots enabled */ +#define XHCI_CONFIG_MAX_SLOTS_EN(slots) ( (slots) << 0 ) + +/** Maximum device slots enabled mask */ +#define XHCI_CONFIG_MAX_SLOTS_EN_MASK \ + XHCI_CONFIG_MAX_SLOTS_EN ( 0xff ) + +/** Port status and control register */ +#define XHCI_OP_PORTSC(port) ( 0x400 - 0x10 + ( (port) << 4 ) ) + +/** Current connect status */ +#define XHCI_PORTSC_CCS 0x00000001UL + +/** Port enabled */ +#define XHCI_PORTSC_PED 0x00000002UL + +/** Port reset */ +#define XHCI_PORTSC_PR 0x00000010UL + +/** Port link state */ +#define XHCI_PORTSC_PLS(pls) ( (pls) << 5 ) + +/** Disabled port link state */ +#define XHCI_PORTSC_PLS_DISABLED XHCI_PORTSC_PLS ( 4 ) + +/** RxDetect port link state */ +#define XHCI_PORTSC_PLS_RXDETECT XHCI_PORTSC_PLS ( 5 ) + +/** Port link state mask */ +#define XHCI_PORTSC_PLS_MASK XHCI_PORTSC_PLS ( 0xf ) + +/** Port power */ +#define XHCI_PORTSC_PP 0x00000200UL + +/** Time to delay after enabling power to a port */ +#define XHCI_PORT_POWER_DELAY_MS 20 + +/** Port speed ID value */ +#define XHCI_PORTSC_PSIV(portsc) ( ( (portsc) >> 10 ) & 0xf ) + +/** Port indicator control */ +#define XHCI_PORTSC_PIC(indicators) ( (indicators) << 14 ) + +/** Port indicator control mask */ +#define XHCI_PORTSC_PIC_MASK XHCI_PORTSC_PIC ( 3 ) + +/** Port link state write strobe */ +#define XHCI_PORTSC_LWS 0x00010000UL + +/** Time to delay after writing the port link state */ +#define XHCI_LINK_STATE_DELAY_MS 100 + +/** Connect status change */ +#define XHCI_PORTSC_CSC 0x00020000UL + +/** Port enabled/disabled change */ +#define XHCI_PORTSC_PEC 0x00040000UL + +/** Warm port reset change */ +#define XHCI_PORTSC_WRC 0x00080000UL + +/** Over-current change */ +#define XHCI_PORTSC_OCC 0x00100000UL + +/** Port reset change */ +#define XHCI_PORTSC_PRC 0x00200000UL + +/** Port link state change */ +#define XHCI_PORTSC_PLC 0x00400000UL + +/** Port config error change */ +#define XHCI_PORTSC_CEC 0x00800000UL + +/** Port status change mask */ +#define XHCI_PORTSC_CHANGE \ + ( XHCI_PORTSC_CSC | XHCI_PORTSC_PEC | XHCI_PORTSC_WRC | \ + XHCI_PORTSC_OCC | XHCI_PORTSC_PRC | XHCI_PORTSC_PLC | \ + XHCI_PORTSC_CEC ) + +/** Port status and control bits which should be preserved + * + * The port status and control register is a horrendous mix of + * differing semantics. Some bits are written to only when a separate + * write strobe bit is set. Some bits should be preserved when + * modifying other bits. Some bits will be cleared if written back as + * a one. Most excitingly, the "port enabled" bit has the semantics + * that 1=enabled, 0=disabled, yet writing a 1 will disable the port. + */ +#define XHCI_PORTSC_PRESERVE ( XHCI_PORTSC_PP | XHCI_PORTSC_PIC_MASK ) + +/** Port power management status and control register */ +#define XHCI_OP_PORTPMSC(port) ( 0x404 - 0x10 + ( (port) << 4 ) ) + +/** Port link info register */ +#define XHCI_OP_PORTLI(port) ( 0x408 - 0x10 + ( (port) << 4 ) ) + +/** Port hardware link power management control register */ +#define XHCI_OP_PORTHLPMC(port) ( 0x40c - 0x10 + ( (port) << 4 ) ) + +/** Event ring segment table size register */ +#define XHCI_RUN_ERSTSZ(intr) ( 0x28 + ( (intr) << 5 ) ) + +/** Event ring segment table base address register */ +#define XHCI_RUN_ERSTBA(intr) ( 0x30 + ( (intr) << 5 ) ) + +/** Event ring dequeue pointer register */ +#define XHCI_RUN_ERDP(intr) ( 0x38 + ( (intr) << 5 ) ) + +/** A transfer request block template */ +struct xhci_trb_template { + /** Parameter */ + uint64_t parameter; + /** Status */ + uint32_t status; + /** Control */ + uint32_t control; +}; + +/** A transfer request block */ +struct xhci_trb_common { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint16_t reserved_c; +} __attribute__ (( packed )); + +/** Transfer request block cycle bit flag */ +#define XHCI_TRB_C 0x01 + +/** Transfer request block toggle cycle bit flag */ +#define XHCI_TRB_TC 0x02 + +/** Transfer request block chain flag */ +#define XHCI_TRB_CH 0x10 + +/** Transfer request block interrupt on completion flag */ +#define XHCI_TRB_IOC 0x20 + +/** Transfer request block immediate data flag */ +#define XHCI_TRB_IDT 0x40 + +/** Transfer request block type */ +#define XHCI_TRB_TYPE(type) ( (type) << 2 ) + +/** Transfer request block type mask */ +#define XHCI_TRB_TYPE_MASK XHCI_TRB_TYPE ( 0x3f ) + +/** A normal transfer request block */ +struct xhci_trb_normal { + /** Data buffer */ + uint64_t data; + /** Length */ + uint32_t len; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint16_t reserved; +} __attribute__ (( packed )); + +/** A normal transfer request block */ +#define XHCI_TRB_NORMAL XHCI_TRB_TYPE ( 1 ) + +/** Construct TD size field */ +#define XHCI_TD_SIZE(remaining) \ + ( ( ( (remaining) <= 0xf ) ? remaining : 0xf ) << 17 ) + +/** A setup stage transfer request block */ +struct xhci_trb_setup { + /** Setup packet */ + struct usb_setup_packet packet; + /** Length */ + uint32_t len; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Transfer direction */ + uint8_t direction; + /** Reserved */ + uint8_t reserved; +} __attribute__ (( packed )); + +/** A setup stage transfer request block */ +#define XHCI_TRB_SETUP XHCI_TRB_TYPE ( 2 ) + +/** Setup stage input data direction */ +#define XHCI_SETUP_IN 3 + +/** Setup stage output data direction */ +#define XHCI_SETUP_OUT 2 + +/** A data stage transfer request block */ +struct xhci_trb_data { + /** Data buffer */ + uint64_t data; + /** Length */ + uint32_t len; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Transfer direction */ + uint8_t direction; + /** Reserved */ + uint8_t reserved; +} __attribute__ (( packed )); + +/** A data stage transfer request block */ +#define XHCI_TRB_DATA XHCI_TRB_TYPE ( 3 ) + +/** Input data direction */ +#define XHCI_DATA_IN 0x01 + +/** Output data direction */ +#define XHCI_DATA_OUT 0x00 + +/** A status stage transfer request block */ +struct xhci_trb_status { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Direction */ + uint8_t direction; + /** Reserved */ + uint8_t reserved_c; +} __attribute__ (( packed )); + +/** A status stage transfer request block */ +#define XHCI_TRB_STATUS XHCI_TRB_TYPE ( 4 ) + +/** Input status direction */ +#define XHCI_STATUS_IN 0x01 + +/** Output status direction */ +#define XHCI_STATUS_OUT 0x00 + +/** A link transfer request block */ +struct xhci_trb_link { + /** Next ring segment */ + uint64_t next; + /** Reserved */ + uint32_t reserved_a; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint16_t reserved_c; +} __attribute__ (( packed )); + +/** A link transfer request block */ +#define XHCI_TRB_LINK XHCI_TRB_TYPE ( 6 ) + +/** A no-op transfer request block */ +#define XHCI_TRB_NOP XHCI_TRB_TYPE ( 8 ) + +/** An enable slot transfer request block */ +struct xhci_trb_enable_slot { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Slot type */ + uint8_t slot; + /** Reserved */ + uint8_t reserved_c; +} __attribute__ (( packed )); + +/** An enable slot transfer request block */ +#define XHCI_TRB_ENABLE_SLOT XHCI_TRB_TYPE ( 9 ) + +/** A disable slot transfer request block */ +struct xhci_trb_disable_slot { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint8_t reserved_c; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A disable slot transfer request block */ +#define XHCI_TRB_DISABLE_SLOT XHCI_TRB_TYPE ( 10 ) + +/** A context transfer request block */ +struct xhci_trb_context { + /** Input context */ + uint64_t input; + /** Reserved */ + uint32_t reserved_a; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint8_t reserved_b; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** An address device transfer request block */ +#define XHCI_TRB_ADDRESS_DEVICE XHCI_TRB_TYPE ( 11 ) + +/** A configure endpoint transfer request block */ +#define XHCI_TRB_CONFIGURE_ENDPOINT XHCI_TRB_TYPE ( 12 ) + +/** An evaluate context transfer request block */ +#define XHCI_TRB_EVALUATE_CONTEXT XHCI_TRB_TYPE ( 13 ) + +/** A reset endpoint transfer request block */ +struct xhci_trb_reset_endpoint { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Endpoint ID */ + uint8_t endpoint; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A reset endpoint transfer request block */ +#define XHCI_TRB_RESET_ENDPOINT XHCI_TRB_TYPE ( 14 ) + +/** A stop endpoint transfer request block */ +struct xhci_trb_stop_endpoint { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint32_t reserved_b; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Endpoint ID */ + uint8_t endpoint; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A stop endpoint transfer request block */ +#define XHCI_TRB_STOP_ENDPOINT XHCI_TRB_TYPE ( 15 ) + +/** A set transfer ring dequeue pointer transfer request block */ +struct xhci_trb_set_tr_dequeue_pointer { + /** Dequeue pointer */ + uint64_t dequeue; + /** Reserved */ + uint32_t reserved; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Endpoint ID */ + uint8_t endpoint; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A set transfer ring dequeue pointer transfer request block */ +#define XHCI_TRB_SET_TR_DEQUEUE_POINTER XHCI_TRB_TYPE ( 16 ) + +/** A no-op command transfer request block */ +#define XHCI_TRB_NOP_CMD XHCI_TRB_TYPE ( 23 ) + +/** A transfer event transfer request block */ +struct xhci_trb_transfer { + /** Transfer TRB pointer */ + uint64_t transfer; + /** Residual transfer length */ + uint16_t residual; + /** Reserved */ + uint8_t reserved; + /** Completion code */ + uint8_t code; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Endpoint ID */ + uint8_t endpoint; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A transfer event transfer request block */ +#define XHCI_TRB_TRANSFER XHCI_TRB_TYPE ( 32 ) + +/** A command completion event transfer request block */ +struct xhci_trb_complete { + /** Command TRB pointer */ + uint64_t command; + /** Parameter */ + uint8_t parameter[3]; + /** Completion code */ + uint8_t code; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Virtual function ID */ + uint8_t vf; + /** Slot ID */ + uint8_t slot; +} __attribute__ (( packed )); + +/** A command completion event transfer request block */ +#define XHCI_TRB_COMPLETE XHCI_TRB_TYPE ( 33 ) + +/** xHCI completion codes */ +enum xhci_completion_code { + /** Success */ + XHCI_CMPLT_SUCCESS = 1, + /** Short packet */ + XHCI_CMPLT_SHORT = 13, + /** Command ring stopped */ + XHCI_CMPLT_CMD_STOPPED = 24, +}; + +/** A port status change transfer request block */ +struct xhci_trb_port_status { + /** Reserved */ + uint8_t reserved_a[3]; + /** Port ID */ + uint8_t port; + /** Reserved */ + uint8_t reserved_b[7]; + /** Completion code */ + uint8_t code; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint16_t reserved_c; +} __attribute__ (( packed )); + +/** A port status change transfer request block */ +#define XHCI_TRB_PORT_STATUS XHCI_TRB_TYPE ( 34 ) + +/** A port status change transfer request block */ +struct xhci_trb_host_controller { + /** Reserved */ + uint64_t reserved_a; + /** Reserved */ + uint8_t reserved_b[3]; + /** Completion code */ + uint8_t code; + /** Flags */ + uint8_t flags; + /** Type */ + uint8_t type; + /** Reserved */ + uint16_t reserved_c; +} __attribute__ (( packed )); + +/** A port status change transfer request block */ +#define XHCI_TRB_HOST_CONTROLLER XHCI_TRB_TYPE ( 37 ) + +/** A transfer request block */ +union xhci_trb { + /** Template */ + struct xhci_trb_template template; + /** Common fields */ + struct xhci_trb_common common; + /** Normal TRB */ + struct xhci_trb_normal normal; + /** Setup stage TRB */ + struct xhci_trb_setup setup; + /** Data stage TRB */ + struct xhci_trb_data data; + /** Status stage TRB */ + struct xhci_trb_status status; + /** Link TRB */ + struct xhci_trb_link link; + /** Enable slot TRB */ + struct xhci_trb_enable_slot enable; + /** Disable slot TRB */ + struct xhci_trb_disable_slot disable; + /** Input context TRB */ + struct xhci_trb_context context; + /** Reset endpoint TRB */ + struct xhci_trb_reset_endpoint reset; + /** Stop endpoint TRB */ + struct xhci_trb_stop_endpoint stop; + /** Set transfer ring dequeue pointer TRB */ + struct xhci_trb_set_tr_dequeue_pointer dequeue; + /** Transfer event */ + struct xhci_trb_transfer transfer; + /** Command completion event */ + struct xhci_trb_complete complete; + /** Port status changed event */ + struct xhci_trb_port_status port; + /** Host controller event */ + struct xhci_trb_host_controller host; +} __attribute__ (( packed )); + +/** An input control context */ +struct xhci_control_context { + /** Drop context flags */ + uint32_t drop; + /** Add context flags */ + uint32_t add; + /** Reserved */ + uint32_t reserved_a[5]; + /** Configuration value */ + uint8_t config; + /** Interface number */ + uint8_t intf; + /** Alternate setting */ + uint8_t alt; + /** Reserved */ + uint8_t reserved_b; +} __attribute__ (( packed )); + +/** A slot context */ +struct xhci_slot_context { + /** Device info */ + uint32_t info; + /** Maximum exit latency */ + uint16_t latency; + /** Root hub port number */ + uint8_t port; + /** Number of downstream ports */ + uint8_t ports; + /** TT hub slot ID */ + uint8_t tt_id; + /** TT port number */ + uint8_t tt_port; + /** Interrupter target */ + uint16_t intr; + /** USB address */ + uint8_t address; + /** Reserved */ + uint16_t reserved_a; + /** Slot state */ + uint8_t state; + /** Reserved */ + uint32_t reserved_b[4]; +} __attribute__ (( packed )); + +/** Construct slot context device info */ +#define XHCI_SLOT_INFO( entries, hub, speed, route ) \ + ( ( (entries) << 27 ) | ( (hub) << 26 ) | ( (speed) << 20 ) | (route) ) + +/** An endpoint context */ +struct xhci_endpoint_context { + /** Endpoint state */ + uint8_t state; + /** Stream configuration */ + uint8_t stream; + /** Polling interval */ + uint8_t interval; + /** Max ESIT payload high */ + uint8_t esit_high; + /** Endpoint type */ + uint8_t type; + /** Maximum burst size */ + uint8_t burst; + /** Maximum packet size */ + uint16_t mtu; + /** Transfer ring dequeue pointer */ + uint64_t dequeue; + /** Average TRB length */ + uint16_t trb_len; + /** Max ESIT payload low */ + uint16_t esit_low; + /** Reserved */ + uint32_t reserved[3]; +} __attribute__ (( packed )); + +/** Endpoint states */ +enum xhci_endpoint_state { + /** Endpoint is disabled */ + XHCI_ENDPOINT_DISABLED = 0, + /** Endpoint is running */ + XHCI_ENDPOINT_RUNNING = 1, + /** Endpoint is halted due to a USB Halt condition */ + XHCI_ENDPOINT_HALTED = 2, + /** Endpoint is stopped */ + XHCI_ENDPOINT_STOPPED = 3, + /** Endpoint is halted due to a TRB error */ + XHCI_ENDPOINT_ERROR = 4, +}; + +/** Endpoint state mask */ +#define XHCI_ENDPOINT_STATE_MASK 0x07 + +/** Endpoint type */ +#define XHCI_EP_TYPE(type) ( (type) << 3 ) + +/** Control endpoint type */ +#define XHCI_EP_TYPE_CONTROL XHCI_EP_TYPE ( 4 ) + +/** Input endpoint type */ +#define XHCI_EP_TYPE_IN XHCI_EP_TYPE ( 4 ) + +/** Periodic endpoint type */ +#define XHCI_EP_TYPE_PERIODIC XHCI_EP_TYPE ( 1 ) + +/** Endpoint dequeue cycle state */ +#define XHCI_EP_DCS 0x00000001UL + +/** Control endpoint average TRB length */ +#define XHCI_EP0_TRB_LEN 8 + +/** An event ring segment */ +struct xhci_event_ring_segment { + /** Base address */ + uint64_t base; + /** Number of TRBs */ + uint32_t count; + /** Reserved */ + uint32_t reserved; +} __attribute__ (( packed )); + +/** A transfer request block command/transfer ring */ +struct xhci_trb_ring { + /** Producer counter */ + unsigned int prod; + /** Consumer counter */ + unsigned int cons; + /** Ring size (log2) */ + unsigned int shift; + /** Ring counter mask */ + unsigned int mask; + + /** I/O buffers */ + struct io_buffer **iobuf; + + /** Transfer request blocks */ + union xhci_trb *trb; + /** Length of transfer request blocks */ + size_t len; + /** DMA mapping */ + struct dma_mapping map; + /** Link TRB (if applicable) */ + struct xhci_trb_link *link; + + /** Doorbell register */ + void *db; + /** Doorbell register value */ + uint32_t dbval; +}; + +/** An event ring */ +struct xhci_event_ring { + /** Consumer counter */ + unsigned int cons; + /** Event ring segment table */ + struct xhci_event_ring_segment *segment; + /** Event ring segment table DMA mapping */ + struct dma_mapping segment_map; + /** Transfer request blocks */ + union xhci_trb *trb; + /** Transfer request blocks DMA mapping */ + struct dma_mapping trb_map; +}; + +/** + * Calculate doorbell register value + * + * @v target Doorbell target + * @v stream Doorbell stream ID + * @ret dbval Doorbell register value + */ +#define XHCI_DBVAL( target, stream ) ( (target) | ( (stream) << 16 ) ) + +/** + * Calculate space used in TRB ring + * + * @v ring TRB ring + * @ret fill Number of entries used + */ +static inline __attribute__ (( always_inline )) unsigned int +xhci_ring_fill ( struct xhci_trb_ring *ring ) { + + return ( ring->prod - ring->cons ); +} + +/** + * Calculate space remaining in TRB ring + * + * @v ring TRB ring + * @ret remaining Number of entries remaining + * + * xHCI does not allow us to completely fill a ring; there must be at + * least one free entry (excluding the Link TRB). + */ +static inline __attribute__ (( always_inline )) unsigned int +xhci_ring_remaining ( struct xhci_trb_ring *ring ) { + unsigned int fill = xhci_ring_fill ( ring ); + + /* We choose to utilise rings with ( 2^n + 1 ) entries, with + * the final entry being a Link TRB. The maximum fill level + * is therefore + * + * ( ( 2^n + 1 ) - 1 (Link TRB) - 1 (one slot always empty) + * == ( 2^n - 1 ) + * + * which is therefore equal to the ring mask. + */ + assert ( fill <= ring->mask ); + return ( ring->mask - fill ); +} + +/** + * Calculate physical address of most recently consumed TRB + * + * @v ring TRB ring + * @ret trb TRB physical address + */ +static inline __attribute__ (( always_inline )) physaddr_t +xhci_ring_consumed ( struct xhci_trb_ring *ring ) { + unsigned int index = ( ( ring->cons - 1 ) & ring->mask ); + + return virt_to_phys ( &ring->trb[index] ); +} + +/** Slot context index */ +#define XHCI_CTX_SLOT 0 + +/** Calculate context index from USB endpoint address */ +#define XHCI_CTX(address) \ + ( (address) ? ( ( ( (address) & 0x0f ) << 1 ) | \ + ( ( (address) & 0x80 ) >> 7 ) ) : 1 ) + +/** Endpoint zero context index */ +#define XHCI_CTX_EP0 XHCI_CTX ( 0x00 ) + +/** End of contexts */ +#define XHCI_CTX_END 32 + +/** Device context index */ +#define XHCI_DCI(ctx) ( (ctx) + 0 ) + +/** Input context index */ +#define XHCI_ICI(ctx) ( (ctx) + 1 ) + +/** Number of TRBs (excluding Link TRB) in the command ring + * + * This is a policy decision. + */ +#define XHCI_CMD_TRBS_LOG2 2 + +/** Number of TRBs in the event ring + * + * This is a policy decision. + */ +#define XHCI_EVENT_TRBS_LOG2 6 + +/** Number of TRBs in a transfer ring + * + * This is a policy decision. + */ +#define XHCI_TRANSFER_TRBS_LOG2 6 + +/** Maximum time to wait for BIOS to release ownership + * + * This is a policy decision. + */ +#define XHCI_USBLEGSUP_MAX_WAIT_MS 100 + +/** Maximum time to wait for host controller to stop + * + * This is a policy decision. + */ +#define XHCI_STOP_MAX_WAIT_MS 100 + +/** Maximum time to wait for reset to complete + * + * This is a policy decision. + */ +#define XHCI_RESET_MAX_WAIT_MS 500 + +/** Maximum time to wait for a command to complete + * + * The "address device" command involves waiting for a response to a + * USB control transaction, and so we must wait for up to the 5000ms + * that USB allows for devices to respond to control transactions. + */ +#define XHCI_COMMAND_MAX_WAIT_MS USB_CONTROL_MAX_WAIT_MS + +/** Time to delay after aborting a command + * + * This is a policy decision + */ +#define XHCI_COMMAND_ABORT_DELAY_MS 500 + +/** Maximum time to wait for a port reset to complete + * + * This is a policy decision. + */ +#define XHCI_PORT_RESET_MAX_WAIT_MS 500 + +/** Intel PCH quirk */ +struct xhci_pch { + /** USB2 port routing register original value */ + uint32_t xusb2pr; + /** USB3 port SuperSpeed enable register original value */ + uint32_t usb3pssen; +}; + +/** Intel PCH quirk flag */ +#define XHCI_PCH 0x0001 + +/** Intel PCH USB2 port routing register */ +#define XHCI_PCH_XUSB2PR 0xd0 + +/** Intel PCH USB2 port routing mask register */ +#define XHCI_PCH_XUSB2PRM 0xd4 + +/** Intel PCH SuperSpeed enable register */ +#define XHCI_PCH_USB3PSSEN 0xd8 + +/** Intel PCH USB3 port routing mask register */ +#define XHCI_PCH_USB3PRM 0xdc + +/** Invalid protocol speed ID values quirk */ +#define XHCI_BAD_PSIV 0x0002 + +/** Device context base address array */ +struct xhci_dcbaa { + /** Context base addresses */ + uint64_t *context; + /** DMA mapping */ + struct dma_mapping map; +}; + +/** Scratchpad buffer */ +struct xhci_scratchpad { + /** Number of page-sized scratchpad buffers */ + unsigned int count; + /** Scratchpad buffer area */ + void *buffer; + /** Buffer DMA mapping */ + struct dma_mapping buffer_map; + /** Scratchpad array */ + uint64_t *array; + /** Array DMA mapping */ + struct dma_mapping array_map; +}; + +/** An xHCI device */ +struct xhci_device { + /** Registers */ + void *regs; + /** Underlying hardware device */ + struct device *dev; + /** DMA device */ + struct dma_device *dma; + /** Name */ + const char *name; + /** Quirks */ + unsigned int quirks; + + /** Capability registers */ + void *cap; + /** Operational registers */ + void *op; + /** Runtime registers */ + void *run; + /** Doorbell registers */ + void *db; + + /** Number of device slots */ + unsigned int slots; + /** Number of interrupters */ + unsigned int intrs; + /** Number of ports */ + unsigned int ports; + + /** 64-bit addressing capability */ + int addr64; + /** Context size shift */ + unsigned int csz_shift; + /** xHCI extended capabilities offset */ + unsigned int xecp; + + /** Page size */ + size_t pagesize; + + /** USB legacy support capability (if present and enabled) */ + unsigned int legacy; + + /** Device context base address array */ + struct xhci_dcbaa dcbaa; + + /** Scratchpad buffer */ + struct xhci_scratchpad scratch; + + /** Command ring */ + struct xhci_trb_ring command; + /** Event ring */ + struct xhci_event_ring event; + /** Current command (if any) */ + union xhci_trb *pending; + /** Command mechanism has permanently failed */ + int failed; + + /** Device slots, indexed by slot ID */ + struct xhci_slot **slot; + + /** USB bus */ + struct usb_bus *bus; + + /** Intel PCH quirk */ + struct xhci_pch pch; +}; + +/** An xHCI device slot */ +struct xhci_slot { + /** xHCI device */ + struct xhci_device *xhci; + /** USB device */ + struct usb_device *usb; + /** Slot ID */ + unsigned int id; + /** Slot context */ + struct xhci_slot_context *context; + /** DMA mapping */ + struct dma_mapping map; + /** Route string */ + unsigned int route; + /** Root hub port number */ + unsigned int port; + /** Protocol speed ID */ + unsigned int psiv; + /** Number of ports (if this device is a hub) */ + unsigned int ports; + /** Transaction translator slot ID */ + unsigned int tt_id; + /** Transaction translator port */ + unsigned int tt_port; + /** Endpoints, indexed by context ID */ + struct xhci_endpoint *endpoint[XHCI_CTX_END]; +}; + +/** An xHCI endpoint */ +struct xhci_endpoint { + /** xHCI device */ + struct xhci_device *xhci; + /** xHCI slot */ + struct xhci_slot *slot; + /** USB endpoint */ + struct usb_endpoint *ep; + /** Context index */ + unsigned int ctx; + /** Endpoint type */ + unsigned int type; + /** Endpoint interval */ + unsigned int interval; + /** Endpoint context */ + struct xhci_endpoint_context *context; + /** Transfer ring */ + struct xhci_trb_ring ring; +}; + +extern void xhci_init ( struct xhci_device *xhci ); +extern int xhci_register ( struct xhci_device *xhci ); +extern void xhci_unregister ( struct xhci_device *xhci ); + +#endif /* _IPXE_XHCI_H */ diff --git a/src/include/ipxe/zlib.h b/src/include/ipxe/zlib.h index 29016c38e..3b0866bd1 100644 --- a/src/include/ipxe/zlib.h +++ b/src/include/ipxe/zlib.h @@ -28,15 +28,15 @@ union zlib_magic { * @v magic Magic header * @ret is_valid Magic header is valid */ -static inline int zlib_magic_is_valid ( union zlib_magic *magic ) { +static inline int zlib_magic_is_valid ( const union zlib_magic *magic ) { /* Check magic value as per RFC 6713 */ return ( ( ( magic->cmf & 0x8f ) == 0x08 ) && ( ( be16_to_cpu ( magic->check ) % 31 ) == 0 ) ); } -extern int zlib_deflate ( enum deflate_format format, struct deflate_chunk *in, - struct image *extracted ); +extern int zlib_deflate ( enum deflate_format format, const void *data, + size_t len, struct image *extracted ); extern struct image_type zlib_image_type __image_type ( PROBE_NORMAL ); |