[PATCH v5 1/5] image: Add IH_OS_EFI for EFI chain-load boot

Sun, 29 Dec 2019 17:35:35 -0800 

Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

Signed-off-by: Cristian Ciocaltea <cristian.ciocal...@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.g...@gmx.de>
---
 common/image-fit.c | 3 ++-
 common/image.c     | 1 +
 include/image.h    | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index c52f945120..231612ff5f 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1926,7 +1926,8 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
                image_type == IH_TYPE_FPGA ||
                fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
                fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
-               fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
+               fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
+               fit_image_check_os(fit, noffset, IH_OS_EFI);
 
        /*
         * If either of the checks fail, we should report an error, but
diff --git a/common/image.c b/common/image.c
index eb626dcac9..75d5dd944f 100644
--- a/common/image.c
+++ b/common/image.c
@@ -137,6 +137,7 @@ static const table_entry_t uimage_os[] = {
        {       IH_OS_OPENRTOS, "openrtos",     "OpenRTOS",             },
 #endif
        {       IH_OS_OPENSBI,  "opensbi",      "RISC-V OpenSBI",       },
+       {       IH_OS_EFI,      "efi",          "EFI Firmware" },
 
        {       -1,             "",             "",                     },
 };
diff --git a/include/image.h b/include/image.h
index f4d2aaf53e..4a280b78e7 100644
--- a/include/image.h
+++ b/include/image.h
@@ -157,6 +157,7 @@ enum {
        IH_OS_ARM_TRUSTED_FIRMWARE,     /* ARM Trusted Firmware */
        IH_OS_TEE,                      /* Trusted Execution Environment */
        IH_OS_OPENSBI,                  /* RISC-V OpenSBI */
+       IH_OS_EFI,                      /* EFI Firmware (e.g. GRUB2) */
 
        IH_OS_COUNT,
 };
-- 
2.17.1

Reply via email to