xref: /openbmc/linux/drivers/firmware/efi/efi.c (revision 2a12187d)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * efi.c - EFI subsystem
4  *
5  * Copyright (C) 2001,2003,2004 Dell <Matt_Domsch@dell.com>
6  * Copyright (C) 2004 Intel Corporation <matthew.e.tolentino@intel.com>
7  * Copyright (C) 2013 Tom Gundersen <teg@jklm.no>
8  *
9  * This code registers /sys/firmware/efi{,/efivars} when EFI is supported,
10  * allowing the efivarfs to be mounted or the efivars module to be loaded.
11  * The existance of /sys/firmware/efi may also be used by userspace to
12  * determine that the system supports EFI.
13  */
14 
15 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
16 
17 #include <linux/kobject.h>
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/debugfs.h>
21 #include <linux/device.h>
22 #include <linux/efi.h>
23 #include <linux/of.h>
24 #include <linux/initrd.h>
25 #include <linux/io.h>
26 #include <linux/kexec.h>
27 #include <linux/platform_device.h>
28 #include <linux/random.h>
29 #include <linux/reboot.h>
30 #include <linux/slab.h>
31 #include <linux/acpi.h>
32 #include <linux/ucs2_string.h>
33 #include <linux/memblock.h>
34 #include <linux/security.h>
35 
36 #include <asm/early_ioremap.h>
37 
38 struct efi __read_mostly efi = {
39 	.runtime_supported_mask = EFI_RT_SUPPORTED_ALL,
40 	.acpi			= EFI_INVALID_TABLE_ADDR,
41 	.acpi20			= EFI_INVALID_TABLE_ADDR,
42 	.smbios			= EFI_INVALID_TABLE_ADDR,
43 	.smbios3		= EFI_INVALID_TABLE_ADDR,
44 	.esrt			= EFI_INVALID_TABLE_ADDR,
45 	.tpm_log		= EFI_INVALID_TABLE_ADDR,
46 	.tpm_final_log		= EFI_INVALID_TABLE_ADDR,
47 #ifdef CONFIG_LOAD_UEFI_KEYS
48 	.mokvar_table		= EFI_INVALID_TABLE_ADDR,
49 #endif
50 #ifdef CONFIG_EFI_COCO_SECRET
51 	.coco_secret		= EFI_INVALID_TABLE_ADDR,
52 #endif
53 };
54 EXPORT_SYMBOL(efi);
55 
56 unsigned long __ro_after_init efi_rng_seed = EFI_INVALID_TABLE_ADDR;
57 static unsigned long __initdata mem_reserve = EFI_INVALID_TABLE_ADDR;
58 static unsigned long __initdata rt_prop = EFI_INVALID_TABLE_ADDR;
59 static unsigned long __initdata initrd = EFI_INVALID_TABLE_ADDR;
60 
61 extern unsigned long screen_info_table;
62 
63 struct mm_struct efi_mm = {
64 	.mm_mt			= MTREE_INIT_EXT(mm_mt, MM_MT_FLAGS, efi_mm.mmap_lock),
65 	.mm_users		= ATOMIC_INIT(2),
66 	.mm_count		= ATOMIC_INIT(1),
67 	.write_protect_seq      = SEQCNT_ZERO(efi_mm.write_protect_seq),
68 	MMAP_LOCK_INITIALIZER(efi_mm)
69 	.page_table_lock	= __SPIN_LOCK_UNLOCKED(efi_mm.page_table_lock),
70 	.mmlist			= LIST_HEAD_INIT(efi_mm.mmlist),
71 	.cpu_bitmap		= { [BITS_TO_LONGS(NR_CPUS)] = 0},
72 };
73 
74 struct workqueue_struct *efi_rts_wq;
75 
76 static bool disable_runtime = IS_ENABLED(CONFIG_EFI_DISABLE_RUNTIME);
77 static int __init setup_noefi(char *arg)
78 {
79 	disable_runtime = true;
80 	return 0;
81 }
82 early_param("noefi", setup_noefi);
83 
84 bool efi_runtime_disabled(void)
85 {
86 	return disable_runtime;
87 }
88 
89 bool __pure __efi_soft_reserve_enabled(void)
90 {
91 	return !efi_enabled(EFI_MEM_NO_SOFT_RESERVE);
92 }
93 
94 static int __init parse_efi_cmdline(char *str)
95 {
96 	if (!str) {
97 		pr_warn("need at least one option\n");
98 		return -EINVAL;
99 	}
100 
101 	if (parse_option_str(str, "debug"))
102 		set_bit(EFI_DBG, &efi.flags);
103 
104 	if (parse_option_str(str, "noruntime"))
105 		disable_runtime = true;
106 
107 	if (parse_option_str(str, "runtime"))
108 		disable_runtime = false;
109 
110 	if (parse_option_str(str, "nosoftreserve"))
111 		set_bit(EFI_MEM_NO_SOFT_RESERVE, &efi.flags);
112 
113 	return 0;
114 }
115 early_param("efi", parse_efi_cmdline);
116 
117 struct kobject *efi_kobj;
118 
119 /*
120  * Let's not leave out systab information that snuck into
121  * the efivars driver
122  * Note, do not add more fields in systab sysfs file as it breaks sysfs
123  * one value per file rule!
124  */
125 static ssize_t systab_show(struct kobject *kobj,
126 			   struct kobj_attribute *attr, char *buf)
127 {
128 	char *str = buf;
129 
130 	if (!kobj || !buf)
131 		return -EINVAL;
132 
133 	if (efi.acpi20 != EFI_INVALID_TABLE_ADDR)
134 		str += sprintf(str, "ACPI20=0x%lx\n", efi.acpi20);
135 	if (efi.acpi != EFI_INVALID_TABLE_ADDR)
136 		str += sprintf(str, "ACPI=0x%lx\n", efi.acpi);
137 	/*
138 	 * If both SMBIOS and SMBIOS3 entry points are implemented, the
139 	 * SMBIOS3 entry point shall be preferred, so we list it first to
140 	 * let applications stop parsing after the first match.
141 	 */
142 	if (efi.smbios3 != EFI_INVALID_TABLE_ADDR)
143 		str += sprintf(str, "SMBIOS3=0x%lx\n", efi.smbios3);
144 	if (efi.smbios != EFI_INVALID_TABLE_ADDR)
145 		str += sprintf(str, "SMBIOS=0x%lx\n", efi.smbios);
146 
147 	if (IS_ENABLED(CONFIG_IA64) || IS_ENABLED(CONFIG_X86))
148 		str = efi_systab_show_arch(str);
149 
150 	return str - buf;
151 }
152 
153 static struct kobj_attribute efi_attr_systab = __ATTR_RO_MODE(systab, 0400);
154 
155 static ssize_t fw_platform_size_show(struct kobject *kobj,
156 				     struct kobj_attribute *attr, char *buf)
157 {
158 	return sprintf(buf, "%d\n", efi_enabled(EFI_64BIT) ? 64 : 32);
159 }
160 
161 extern __weak struct kobj_attribute efi_attr_fw_vendor;
162 extern __weak struct kobj_attribute efi_attr_runtime;
163 extern __weak struct kobj_attribute efi_attr_config_table;
164 static struct kobj_attribute efi_attr_fw_platform_size =
165 	__ATTR_RO(fw_platform_size);
166 
167 static struct attribute *efi_subsys_attrs[] = {
168 	&efi_attr_systab.attr,
169 	&efi_attr_fw_platform_size.attr,
170 	&efi_attr_fw_vendor.attr,
171 	&efi_attr_runtime.attr,
172 	&efi_attr_config_table.attr,
173 	NULL,
174 };
175 
176 umode_t __weak efi_attr_is_visible(struct kobject *kobj, struct attribute *attr,
177 				   int n)
178 {
179 	return attr->mode;
180 }
181 
182 static const struct attribute_group efi_subsys_attr_group = {
183 	.attrs = efi_subsys_attrs,
184 	.is_visible = efi_attr_is_visible,
185 };
186 
187 static struct efivars generic_efivars;
188 static struct efivar_operations generic_ops;
189 
190 static int generic_ops_register(void)
191 {
192 	generic_ops.get_variable = efi.get_variable;
193 	generic_ops.get_next_variable = efi.get_next_variable;
194 	generic_ops.query_variable_store = efi_query_variable_store;
195 
196 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE)) {
197 		generic_ops.set_variable = efi.set_variable;
198 		generic_ops.set_variable_nonblocking = efi.set_variable_nonblocking;
199 	}
200 	return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
201 }
202 
203 static void generic_ops_unregister(void)
204 {
205 	efivars_unregister(&generic_efivars);
206 }
207 
208 #ifdef CONFIG_EFI_CUSTOM_SSDT_OVERLAYS
209 #define EFIVAR_SSDT_NAME_MAX	16UL
210 static char efivar_ssdt[EFIVAR_SSDT_NAME_MAX] __initdata;
211 static int __init efivar_ssdt_setup(char *str)
212 {
213 	int ret = security_locked_down(LOCKDOWN_ACPI_TABLES);
214 
215 	if (ret)
216 		return ret;
217 
218 	if (strlen(str) < sizeof(efivar_ssdt))
219 		memcpy(efivar_ssdt, str, strlen(str));
220 	else
221 		pr_warn("efivar_ssdt: name too long: %s\n", str);
222 	return 1;
223 }
224 __setup("efivar_ssdt=", efivar_ssdt_setup);
225 
226 static __init int efivar_ssdt_load(void)
227 {
228 	unsigned long name_size = 256;
229 	efi_char16_t *name = NULL;
230 	efi_status_t status;
231 	efi_guid_t guid;
232 
233 	if (!efivar_ssdt[0])
234 		return 0;
235 
236 	name = kzalloc(name_size, GFP_KERNEL);
237 	if (!name)
238 		return -ENOMEM;
239 
240 	for (;;) {
241 		char utf8_name[EFIVAR_SSDT_NAME_MAX];
242 		unsigned long data_size = 0;
243 		void *data;
244 		int limit;
245 
246 		status = efi.get_next_variable(&name_size, name, &guid);
247 		if (status == EFI_NOT_FOUND) {
248 			break;
249 		} else if (status == EFI_BUFFER_TOO_SMALL) {
250 			name = krealloc(name, name_size, GFP_KERNEL);
251 			if (!name)
252 				return -ENOMEM;
253 			continue;
254 		}
255 
256 		limit = min(EFIVAR_SSDT_NAME_MAX, name_size);
257 		ucs2_as_utf8(utf8_name, name, limit - 1);
258 		if (strncmp(utf8_name, efivar_ssdt, limit) != 0)
259 			continue;
260 
261 		pr_info("loading SSDT from variable %s-%pUl\n", efivar_ssdt, &guid);
262 
263 		status = efi.get_variable(name, &guid, NULL, &data_size, NULL);
264 		if (status != EFI_BUFFER_TOO_SMALL || !data_size)
265 			return -EIO;
266 
267 		data = kmalloc(data_size, GFP_KERNEL);
268 		if (!data)
269 			return -ENOMEM;
270 
271 		status = efi.get_variable(name, &guid, NULL, &data_size, data);
272 		if (status == EFI_SUCCESS) {
273 			acpi_status ret = acpi_load_table(data, NULL);
274 			if (ret)
275 				pr_err("failed to load table: %u\n", ret);
276 			else
277 				continue;
278 		} else {
279 			pr_err("failed to get var data: 0x%lx\n", status);
280 		}
281 		kfree(data);
282 	}
283 	return 0;
284 }
285 #else
286 static inline int efivar_ssdt_load(void) { return 0; }
287 #endif
288 
289 #ifdef CONFIG_DEBUG_FS
290 
291 #define EFI_DEBUGFS_MAX_BLOBS 32
292 
293 static struct debugfs_blob_wrapper debugfs_blob[EFI_DEBUGFS_MAX_BLOBS];
294 
295 static void __init efi_debugfs_init(void)
296 {
297 	struct dentry *efi_debugfs;
298 	efi_memory_desc_t *md;
299 	char name[32];
300 	int type_count[EFI_BOOT_SERVICES_DATA + 1] = {};
301 	int i = 0;
302 
303 	efi_debugfs = debugfs_create_dir("efi", NULL);
304 	if (IS_ERR_OR_NULL(efi_debugfs))
305 		return;
306 
307 	for_each_efi_memory_desc(md) {
308 		switch (md->type) {
309 		case EFI_BOOT_SERVICES_CODE:
310 			snprintf(name, sizeof(name), "boot_services_code%d",
311 				 type_count[md->type]++);
312 			break;
313 		case EFI_BOOT_SERVICES_DATA:
314 			snprintf(name, sizeof(name), "boot_services_data%d",
315 				 type_count[md->type]++);
316 			break;
317 		default:
318 			continue;
319 		}
320 
321 		if (i >= EFI_DEBUGFS_MAX_BLOBS) {
322 			pr_warn("More then %d EFI boot service segments, only showing first %d in debugfs\n",
323 				EFI_DEBUGFS_MAX_BLOBS, EFI_DEBUGFS_MAX_BLOBS);
324 			break;
325 		}
326 
327 		debugfs_blob[i].size = md->num_pages << EFI_PAGE_SHIFT;
328 		debugfs_blob[i].data = memremap(md->phys_addr,
329 						debugfs_blob[i].size,
330 						MEMREMAP_WB);
331 		if (!debugfs_blob[i].data)
332 			continue;
333 
334 		debugfs_create_blob(name, 0400, efi_debugfs, &debugfs_blob[i]);
335 		i++;
336 	}
337 }
338 #else
339 static inline void efi_debugfs_init(void) {}
340 #endif
341 
342 static void refresh_nv_rng_seed(struct work_struct *work)
343 {
344 	u8 seed[EFI_RANDOM_SEED_SIZE];
345 
346 	get_random_bytes(seed, sizeof(seed));
347 	efi.set_variable(L"RandomSeed", &LINUX_EFI_RANDOM_SEED_TABLE_GUID,
348 			 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS |
349 			 EFI_VARIABLE_RUNTIME_ACCESS, sizeof(seed), seed);
350 	memzero_explicit(seed, sizeof(seed));
351 }
352 static int refresh_nv_rng_seed_notification(struct notifier_block *nb, unsigned long action, void *data)
353 {
354 	static DECLARE_WORK(work, refresh_nv_rng_seed);
355 	schedule_work(&work);
356 	return NOTIFY_DONE;
357 }
358 static struct notifier_block refresh_nv_rng_seed_nb = { .notifier_call = refresh_nv_rng_seed_notification };
359 
360 /*
361  * We register the efi subsystem with the firmware subsystem and the
362  * efivars subsystem with the efi subsystem, if the system was booted with
363  * EFI.
364  */
365 static int __init efisubsys_init(void)
366 {
367 	int error;
368 
369 	if (!efi_enabled(EFI_RUNTIME_SERVICES))
370 		efi.runtime_supported_mask = 0;
371 
372 	if (!efi_enabled(EFI_BOOT))
373 		return 0;
374 
375 	if (efi.runtime_supported_mask) {
376 		/*
377 		 * Since we process only one efi_runtime_service() at a time, an
378 		 * ordered workqueue (which creates only one execution context)
379 		 * should suffice for all our needs.
380 		 */
381 		efi_rts_wq = alloc_ordered_workqueue("efi_rts_wq", 0);
382 		if (!efi_rts_wq) {
383 			pr_err("Creating efi_rts_wq failed, EFI runtime services disabled.\n");
384 			clear_bit(EFI_RUNTIME_SERVICES, &efi.flags);
385 			efi.runtime_supported_mask = 0;
386 			return 0;
387 		}
388 	}
389 
390 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_TIME_SERVICES))
391 		platform_device_register_simple("rtc-efi", 0, NULL, 0);
392 
393 	/* We register the efi directory at /sys/firmware/efi */
394 	efi_kobj = kobject_create_and_add("efi", firmware_kobj);
395 	if (!efi_kobj) {
396 		pr_err("efi: Firmware registration failed.\n");
397 		destroy_workqueue(efi_rts_wq);
398 		return -ENOMEM;
399 	}
400 
401 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
402 				      EFI_RT_SUPPORTED_GET_NEXT_VARIABLE_NAME)) {
403 		error = generic_ops_register();
404 		if (error)
405 			goto err_put;
406 		efivar_ssdt_load();
407 		platform_device_register_simple("efivars", 0, NULL, 0);
408 	}
409 
410 	error = sysfs_create_group(efi_kobj, &efi_subsys_attr_group);
411 	if (error) {
412 		pr_err("efi: Sysfs attribute export failed with error %d.\n",
413 		       error);
414 		goto err_unregister;
415 	}
416 
417 	/* and the standard mountpoint for efivarfs */
418 	error = sysfs_create_mount_point(efi_kobj, "efivars");
419 	if (error) {
420 		pr_err("efivars: Subsystem registration failed.\n");
421 		goto err_remove_group;
422 	}
423 
424 	if (efi_enabled(EFI_DBG) && efi_enabled(EFI_PRESERVE_BS_REGIONS))
425 		efi_debugfs_init();
426 
427 #ifdef CONFIG_EFI_COCO_SECRET
428 	if (efi.coco_secret != EFI_INVALID_TABLE_ADDR)
429 		platform_device_register_simple("efi_secret", 0, NULL, 0);
430 #endif
431 
432 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_SET_VARIABLE))
433 		execute_with_initialized_rng(&refresh_nv_rng_seed_nb);
434 
435 	return 0;
436 
437 err_remove_group:
438 	sysfs_remove_group(efi_kobj, &efi_subsys_attr_group);
439 err_unregister:
440 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE |
441 				      EFI_RT_SUPPORTED_GET_NEXT_VARIABLE_NAME))
442 		generic_ops_unregister();
443 err_put:
444 	kobject_put(efi_kobj);
445 	efi_kobj = NULL;
446 	destroy_workqueue(efi_rts_wq);
447 	return error;
448 }
449 
450 subsys_initcall(efisubsys_init);
451 
452 void __init efi_find_mirror(void)
453 {
454 	efi_memory_desc_t *md;
455 	u64 mirror_size = 0, total_size = 0;
456 
457 	if (!efi_enabled(EFI_MEMMAP))
458 		return;
459 
460 	for_each_efi_memory_desc(md) {
461 		unsigned long long start = md->phys_addr;
462 		unsigned long long size = md->num_pages << EFI_PAGE_SHIFT;
463 
464 		total_size += size;
465 		if (md->attribute & EFI_MEMORY_MORE_RELIABLE) {
466 			memblock_mark_mirror(start, size);
467 			mirror_size += size;
468 		}
469 	}
470 	if (mirror_size)
471 		pr_info("Memory: %lldM/%lldM mirrored memory\n",
472 			mirror_size>>20, total_size>>20);
473 }
474 
475 /*
476  * Find the efi memory descriptor for a given physical address.  Given a
477  * physical address, determine if it exists within an EFI Memory Map entry,
478  * and if so, populate the supplied memory descriptor with the appropriate
479  * data.
480  */
481 int efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md)
482 {
483 	efi_memory_desc_t *md;
484 
485 	if (!efi_enabled(EFI_MEMMAP)) {
486 		pr_err_once("EFI_MEMMAP is not enabled.\n");
487 		return -EINVAL;
488 	}
489 
490 	if (!out_md) {
491 		pr_err_once("out_md is null.\n");
492 		return -EINVAL;
493         }
494 
495 	for_each_efi_memory_desc(md) {
496 		u64 size;
497 		u64 end;
498 
499 		size = md->num_pages << EFI_PAGE_SHIFT;
500 		end = md->phys_addr + size;
501 		if (phys_addr >= md->phys_addr && phys_addr < end) {
502 			memcpy(out_md, md, sizeof(*out_md));
503 			return 0;
504 		}
505 	}
506 	return -ENOENT;
507 }
508 
509 /*
510  * Calculate the highest address of an efi memory descriptor.
511  */
512 u64 __init efi_mem_desc_end(efi_memory_desc_t *md)
513 {
514 	u64 size = md->num_pages << EFI_PAGE_SHIFT;
515 	u64 end = md->phys_addr + size;
516 	return end;
517 }
518 
519 void __init __weak efi_arch_mem_reserve(phys_addr_t addr, u64 size) {}
520 
521 /**
522  * efi_mem_reserve - Reserve an EFI memory region
523  * @addr: Physical address to reserve
524  * @size: Size of reservation
525  *
526  * Mark a region as reserved from general kernel allocation and
527  * prevent it being released by efi_free_boot_services().
528  *
529  * This function should be called drivers once they've parsed EFI
530  * configuration tables to figure out where their data lives, e.g.
531  * efi_esrt_init().
532  */
533 void __init efi_mem_reserve(phys_addr_t addr, u64 size)
534 {
535 	if (!memblock_is_region_reserved(addr, size))
536 		memblock_reserve(addr, size);
537 
538 	/*
539 	 * Some architectures (x86) reserve all boot services ranges
540 	 * until efi_free_boot_services() because of buggy firmware
541 	 * implementations. This means the above memblock_reserve() is
542 	 * superfluous on x86 and instead what it needs to do is
543 	 * ensure the @start, @size is not freed.
544 	 */
545 	efi_arch_mem_reserve(addr, size);
546 }
547 
548 static const efi_config_table_type_t common_tables[] __initconst = {
549 	{ACPI_20_TABLE_GUID,			&efi.acpi20,		"ACPI 2.0"	},
550 	{ACPI_TABLE_GUID,			&efi.acpi,		"ACPI"		},
551 	{SMBIOS_TABLE_GUID,			&efi.smbios,		"SMBIOS"	},
552 	{SMBIOS3_TABLE_GUID,			&efi.smbios3,		"SMBIOS 3.0"	},
553 	{EFI_SYSTEM_RESOURCE_TABLE_GUID,	&efi.esrt,		"ESRT"		},
554 	{EFI_MEMORY_ATTRIBUTES_TABLE_GUID,	&efi_mem_attr_table,	"MEMATTR"	},
555 	{LINUX_EFI_RANDOM_SEED_TABLE_GUID,	&efi_rng_seed,		"RNG"		},
556 	{LINUX_EFI_TPM_EVENT_LOG_GUID,		&efi.tpm_log,		"TPMEventLog"	},
557 	{LINUX_EFI_TPM_FINAL_LOG_GUID,		&efi.tpm_final_log,	"TPMFinalLog"	},
558 	{LINUX_EFI_MEMRESERVE_TABLE_GUID,	&mem_reserve,		"MEMRESERVE"	},
559 	{LINUX_EFI_INITRD_MEDIA_GUID,		&initrd,		"INITRD"	},
560 	{EFI_RT_PROPERTIES_TABLE_GUID,		&rt_prop,		"RTPROP"	},
561 #ifdef CONFIG_EFI_RCI2_TABLE
562 	{DELLEMC_EFI_RCI2_TABLE_GUID,		&rci2_table_phys			},
563 #endif
564 #ifdef CONFIG_LOAD_UEFI_KEYS
565 	{LINUX_EFI_MOK_VARIABLE_TABLE_GUID,	&efi.mokvar_table,	"MOKvar"	},
566 #endif
567 #ifdef CONFIG_EFI_COCO_SECRET
568 	{LINUX_EFI_COCO_SECRET_AREA_GUID,	&efi.coco_secret,	"CocoSecret"	},
569 #endif
570 #ifdef CONFIG_EFI_GENERIC_STUB
571 	{LINUX_EFI_SCREEN_INFO_TABLE_GUID,	&screen_info_table			},
572 #endif
573 	{},
574 };
575 
576 static __init int match_config_table(const efi_guid_t *guid,
577 				     unsigned long table,
578 				     const efi_config_table_type_t *table_types)
579 {
580 	int i;
581 
582 	for (i = 0; efi_guidcmp(table_types[i].guid, NULL_GUID); i++) {
583 		if (!efi_guidcmp(*guid, table_types[i].guid)) {
584 			*(table_types[i].ptr) = table;
585 			if (table_types[i].name[0])
586 				pr_cont("%s=0x%lx ",
587 					table_types[i].name, table);
588 			return 1;
589 		}
590 	}
591 
592 	return 0;
593 }
594 
595 int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
596 				   int count,
597 				   const efi_config_table_type_t *arch_tables)
598 {
599 	const efi_config_table_64_t *tbl64 = (void *)config_tables;
600 	const efi_config_table_32_t *tbl32 = (void *)config_tables;
601 	const efi_guid_t *guid;
602 	unsigned long table;
603 	int i;
604 
605 	pr_info("");
606 	for (i = 0; i < count; i++) {
607 		if (!IS_ENABLED(CONFIG_X86)) {
608 			guid = &config_tables[i].guid;
609 			table = (unsigned long)config_tables[i].table;
610 		} else if (efi_enabled(EFI_64BIT)) {
611 			guid = &tbl64[i].guid;
612 			table = tbl64[i].table;
613 
614 			if (IS_ENABLED(CONFIG_X86_32) &&
615 			    tbl64[i].table > U32_MAX) {
616 				pr_cont("\n");
617 				pr_err("Table located above 4GB, disabling EFI.\n");
618 				return -EINVAL;
619 			}
620 		} else {
621 			guid = &tbl32[i].guid;
622 			table = tbl32[i].table;
623 		}
624 
625 		if (!match_config_table(guid, table, common_tables) && arch_tables)
626 			match_config_table(guid, table, arch_tables);
627 	}
628 	pr_cont("\n");
629 	set_bit(EFI_CONFIG_TABLES, &efi.flags);
630 
631 	if (efi_rng_seed != EFI_INVALID_TABLE_ADDR) {
632 		struct linux_efi_random_seed *seed;
633 		u32 size = 0;
634 
635 		seed = early_memremap(efi_rng_seed, sizeof(*seed));
636 		if (seed != NULL) {
637 			size = min_t(u32, seed->size, SZ_1K); // sanity check
638 			early_memunmap(seed, sizeof(*seed));
639 		} else {
640 			pr_err("Could not map UEFI random seed!\n");
641 		}
642 		if (size > 0) {
643 			seed = early_memremap(efi_rng_seed,
644 					      sizeof(*seed) + size);
645 			if (seed != NULL) {
646 				add_bootloader_randomness(seed->bits, size);
647 				memzero_explicit(seed->bits, size);
648 				early_memunmap(seed, sizeof(*seed) + size);
649 			} else {
650 				pr_err("Could not map UEFI random seed!\n");
651 			}
652 		}
653 	}
654 
655 	if (!IS_ENABLED(CONFIG_X86_32) && efi_enabled(EFI_MEMMAP))
656 		efi_memattr_init();
657 
658 	efi_tpm_eventlog_init();
659 
660 	if (mem_reserve != EFI_INVALID_TABLE_ADDR) {
661 		unsigned long prsv = mem_reserve;
662 
663 		while (prsv) {
664 			struct linux_efi_memreserve *rsv;
665 			u8 *p;
666 
667 			/*
668 			 * Just map a full page: that is what we will get
669 			 * anyway, and it permits us to map the entire entry
670 			 * before knowing its size.
671 			 */
672 			p = early_memremap(ALIGN_DOWN(prsv, PAGE_SIZE),
673 					   PAGE_SIZE);
674 			if (p == NULL) {
675 				pr_err("Could not map UEFI memreserve entry!\n");
676 				return -ENOMEM;
677 			}
678 
679 			rsv = (void *)(p + prsv % PAGE_SIZE);
680 
681 			/* reserve the entry itself */
682 			memblock_reserve(prsv,
683 					 struct_size(rsv, entry, rsv->size));
684 
685 			for (i = 0; i < atomic_read(&rsv->count); i++) {
686 				memblock_reserve(rsv->entry[i].base,
687 						 rsv->entry[i].size);
688 			}
689 
690 			prsv = rsv->next;
691 			early_memunmap(p, PAGE_SIZE);
692 		}
693 	}
694 
695 	if (rt_prop != EFI_INVALID_TABLE_ADDR) {
696 		efi_rt_properties_table_t *tbl;
697 
698 		tbl = early_memremap(rt_prop, sizeof(*tbl));
699 		if (tbl) {
700 			efi.runtime_supported_mask &= tbl->runtime_services_supported;
701 			early_memunmap(tbl, sizeof(*tbl));
702 		}
703 	}
704 
705 	if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) &&
706 	    initrd != EFI_INVALID_TABLE_ADDR && phys_initrd_size == 0) {
707 		struct linux_efi_initrd *tbl;
708 
709 		tbl = early_memremap(initrd, sizeof(*tbl));
710 		if (tbl) {
711 			phys_initrd_start = tbl->base;
712 			phys_initrd_size = tbl->size;
713 			early_memunmap(tbl, sizeof(*tbl));
714 		}
715 	}
716 
717 	return 0;
718 }
719 
720 int __init efi_systab_check_header(const efi_table_hdr_t *systab_hdr,
721 				   int min_major_version)
722 {
723 	if (systab_hdr->signature != EFI_SYSTEM_TABLE_SIGNATURE) {
724 		pr_err("System table signature incorrect!\n");
725 		return -EINVAL;
726 	}
727 
728 	if ((systab_hdr->revision >> 16) < min_major_version)
729 		pr_err("Warning: System table version %d.%02d, expected %d.00 or greater!\n",
730 		       systab_hdr->revision >> 16,
731 		       systab_hdr->revision & 0xffff,
732 		       min_major_version);
733 
734 	return 0;
735 }
736 
737 #ifndef CONFIG_IA64
738 static const efi_char16_t *__init map_fw_vendor(unsigned long fw_vendor,
739 						size_t size)
740 {
741 	const efi_char16_t *ret;
742 
743 	ret = early_memremap_ro(fw_vendor, size);
744 	if (!ret)
745 		pr_err("Could not map the firmware vendor!\n");
746 	return ret;
747 }
748 
749 static void __init unmap_fw_vendor(const void *fw_vendor, size_t size)
750 {
751 	early_memunmap((void *)fw_vendor, size);
752 }
753 #else
754 #define map_fw_vendor(p, s)	__va(p)
755 #define unmap_fw_vendor(v, s)
756 #endif
757 
758 void __init efi_systab_report_header(const efi_table_hdr_t *systab_hdr,
759 				     unsigned long fw_vendor)
760 {
761 	char vendor[100] = "unknown";
762 	const efi_char16_t *c16;
763 	size_t i;
764 
765 	c16 = map_fw_vendor(fw_vendor, sizeof(vendor) * sizeof(efi_char16_t));
766 	if (c16) {
767 		for (i = 0; i < sizeof(vendor) - 1 && c16[i]; ++i)
768 			vendor[i] = c16[i];
769 		vendor[i] = '\0';
770 
771 		unmap_fw_vendor(c16, sizeof(vendor) * sizeof(efi_char16_t));
772 	}
773 
774 	pr_info("EFI v%u.%.02u by %s\n",
775 		systab_hdr->revision >> 16,
776 		systab_hdr->revision & 0xffff,
777 		vendor);
778 
779 	if (IS_ENABLED(CONFIG_X86_64) &&
780 	    systab_hdr->revision > EFI_1_10_SYSTEM_TABLE_REVISION &&
781 	    !strcmp(vendor, "Apple")) {
782 		pr_info("Apple Mac detected, using EFI v1.10 runtime services only\n");
783 		efi.runtime_version = EFI_1_10_SYSTEM_TABLE_REVISION;
784 	}
785 }
786 
787 static __initdata char memory_type_name[][13] = {
788 	"Reserved",
789 	"Loader Code",
790 	"Loader Data",
791 	"Boot Code",
792 	"Boot Data",
793 	"Runtime Code",
794 	"Runtime Data",
795 	"Conventional",
796 	"Unusable",
797 	"ACPI Reclaim",
798 	"ACPI Mem NVS",
799 	"MMIO",
800 	"MMIO Port",
801 	"PAL Code",
802 	"Persistent",
803 };
804 
805 char * __init efi_md_typeattr_format(char *buf, size_t size,
806 				     const efi_memory_desc_t *md)
807 {
808 	char *pos;
809 	int type_len;
810 	u64 attr;
811 
812 	pos = buf;
813 	if (md->type >= ARRAY_SIZE(memory_type_name))
814 		type_len = snprintf(pos, size, "[type=%u", md->type);
815 	else
816 		type_len = snprintf(pos, size, "[%-*s",
817 				    (int)(sizeof(memory_type_name[0]) - 1),
818 				    memory_type_name[md->type]);
819 	if (type_len >= size)
820 		return buf;
821 
822 	pos += type_len;
823 	size -= type_len;
824 
825 	attr = md->attribute;
826 	if (attr & ~(EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT |
827 		     EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_RO |
828 		     EFI_MEMORY_WP | EFI_MEMORY_RP | EFI_MEMORY_XP |
829 		     EFI_MEMORY_NV | EFI_MEMORY_SP | EFI_MEMORY_CPU_CRYPTO |
830 		     EFI_MEMORY_RUNTIME | EFI_MEMORY_MORE_RELIABLE))
831 		snprintf(pos, size, "|attr=0x%016llx]",
832 			 (unsigned long long)attr);
833 	else
834 		snprintf(pos, size,
835 			 "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]",
836 			 attr & EFI_MEMORY_RUNTIME		? "RUN" : "",
837 			 attr & EFI_MEMORY_MORE_RELIABLE	? "MR"  : "",
838 			 attr & EFI_MEMORY_CPU_CRYPTO   	? "CC"  : "",
839 			 attr & EFI_MEMORY_SP			? "SP"  : "",
840 			 attr & EFI_MEMORY_NV			? "NV"  : "",
841 			 attr & EFI_MEMORY_XP			? "XP"  : "",
842 			 attr & EFI_MEMORY_RP			? "RP"  : "",
843 			 attr & EFI_MEMORY_WP			? "WP"  : "",
844 			 attr & EFI_MEMORY_RO			? "RO"  : "",
845 			 attr & EFI_MEMORY_UCE			? "UCE" : "",
846 			 attr & EFI_MEMORY_WB			? "WB"  : "",
847 			 attr & EFI_MEMORY_WT			? "WT"  : "",
848 			 attr & EFI_MEMORY_WC			? "WC"  : "",
849 			 attr & EFI_MEMORY_UC			? "UC"  : "");
850 	return buf;
851 }
852 
853 /*
854  * IA64 has a funky EFI memory map that doesn't work the same way as
855  * other architectures.
856  */
857 #ifndef CONFIG_IA64
858 /*
859  * efi_mem_attributes - lookup memmap attributes for physical address
860  * @phys_addr: the physical address to lookup
861  *
862  * Search in the EFI memory map for the region covering
863  * @phys_addr. Returns the EFI memory attributes if the region
864  * was found in the memory map, 0 otherwise.
865  */
866 u64 efi_mem_attributes(unsigned long phys_addr)
867 {
868 	efi_memory_desc_t *md;
869 
870 	if (!efi_enabled(EFI_MEMMAP))
871 		return 0;
872 
873 	for_each_efi_memory_desc(md) {
874 		if ((md->phys_addr <= phys_addr) &&
875 		    (phys_addr < (md->phys_addr +
876 		    (md->num_pages << EFI_PAGE_SHIFT))))
877 			return md->attribute;
878 	}
879 	return 0;
880 }
881 
882 /*
883  * efi_mem_type - lookup memmap type for physical address
884  * @phys_addr: the physical address to lookup
885  *
886  * Search in the EFI memory map for the region covering @phys_addr.
887  * Returns the EFI memory type if the region was found in the memory
888  * map, -EINVAL otherwise.
889  */
890 int efi_mem_type(unsigned long phys_addr)
891 {
892 	const efi_memory_desc_t *md;
893 
894 	if (!efi_enabled(EFI_MEMMAP))
895 		return -ENOTSUPP;
896 
897 	for_each_efi_memory_desc(md) {
898 		if ((md->phys_addr <= phys_addr) &&
899 		    (phys_addr < (md->phys_addr +
900 				  (md->num_pages << EFI_PAGE_SHIFT))))
901 			return md->type;
902 	}
903 	return -EINVAL;
904 }
905 #endif
906 
907 int efi_status_to_err(efi_status_t status)
908 {
909 	int err;
910 
911 	switch (status) {
912 	case EFI_SUCCESS:
913 		err = 0;
914 		break;
915 	case EFI_INVALID_PARAMETER:
916 		err = -EINVAL;
917 		break;
918 	case EFI_OUT_OF_RESOURCES:
919 		err = -ENOSPC;
920 		break;
921 	case EFI_DEVICE_ERROR:
922 		err = -EIO;
923 		break;
924 	case EFI_WRITE_PROTECTED:
925 		err = -EROFS;
926 		break;
927 	case EFI_SECURITY_VIOLATION:
928 		err = -EACCES;
929 		break;
930 	case EFI_NOT_FOUND:
931 		err = -ENOENT;
932 		break;
933 	case EFI_ABORTED:
934 		err = -EINTR;
935 		break;
936 	default:
937 		err = -EINVAL;
938 	}
939 
940 	return err;
941 }
942 EXPORT_SYMBOL_GPL(efi_status_to_err);
943 
944 static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock);
945 static struct linux_efi_memreserve *efi_memreserve_root __ro_after_init;
946 
947 static int __init efi_memreserve_map_root(void)
948 {
949 	if (mem_reserve == EFI_INVALID_TABLE_ADDR)
950 		return -ENODEV;
951 
952 	efi_memreserve_root = memremap(mem_reserve,
953 				       sizeof(*efi_memreserve_root),
954 				       MEMREMAP_WB);
955 	if (WARN_ON_ONCE(!efi_memreserve_root))
956 		return -ENOMEM;
957 	return 0;
958 }
959 
960 static int efi_mem_reserve_iomem(phys_addr_t addr, u64 size)
961 {
962 	struct resource *res, *parent;
963 	int ret;
964 
965 	res = kzalloc(sizeof(struct resource), GFP_ATOMIC);
966 	if (!res)
967 		return -ENOMEM;
968 
969 	res->name	= "reserved";
970 	res->flags	= IORESOURCE_MEM;
971 	res->start	= addr;
972 	res->end	= addr + size - 1;
973 
974 	/* we expect a conflict with a 'System RAM' region */
975 	parent = request_resource_conflict(&iomem_resource, res);
976 	ret = parent ? request_resource(parent, res) : 0;
977 
978 	/*
979 	 * Given that efi_mem_reserve_iomem() can be called at any
980 	 * time, only call memblock_reserve() if the architecture
981 	 * keeps the infrastructure around.
982 	 */
983 	if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK) && !ret)
984 		memblock_reserve(addr, size);
985 
986 	return ret;
987 }
988 
989 int __ref efi_mem_reserve_persistent(phys_addr_t addr, u64 size)
990 {
991 	struct linux_efi_memreserve *rsv;
992 	unsigned long prsv;
993 	int rc, index;
994 
995 	if (efi_memreserve_root == (void *)ULONG_MAX)
996 		return -ENODEV;
997 
998 	if (!efi_memreserve_root) {
999 		rc = efi_memreserve_map_root();
1000 		if (rc)
1001 			return rc;
1002 	}
1003 
1004 	/* first try to find a slot in an existing linked list entry */
1005 	for (prsv = efi_memreserve_root->next; prsv; ) {
1006 		rsv = memremap(prsv, sizeof(*rsv), MEMREMAP_WB);
1007 		index = atomic_fetch_add_unless(&rsv->count, 1, rsv->size);
1008 		if (index < rsv->size) {
1009 			rsv->entry[index].base = addr;
1010 			rsv->entry[index].size = size;
1011 
1012 			memunmap(rsv);
1013 			return efi_mem_reserve_iomem(addr, size);
1014 		}
1015 		prsv = rsv->next;
1016 		memunmap(rsv);
1017 	}
1018 
1019 	/* no slot found - allocate a new linked list entry */
1020 	rsv = (struct linux_efi_memreserve *)__get_free_page(GFP_ATOMIC);
1021 	if (!rsv)
1022 		return -ENOMEM;
1023 
1024 	rc = efi_mem_reserve_iomem(__pa(rsv), SZ_4K);
1025 	if (rc) {
1026 		free_page((unsigned long)rsv);
1027 		return rc;
1028 	}
1029 
1030 	/*
1031 	 * The memremap() call above assumes that a linux_efi_memreserve entry
1032 	 * never crosses a page boundary, so let's ensure that this remains true
1033 	 * even when kexec'ing a 4k pages kernel from a >4k pages kernel, by
1034 	 * using SZ_4K explicitly in the size calculation below.
1035 	 */
1036 	rsv->size = EFI_MEMRESERVE_COUNT(SZ_4K);
1037 	atomic_set(&rsv->count, 1);
1038 	rsv->entry[0].base = addr;
1039 	rsv->entry[0].size = size;
1040 
1041 	spin_lock(&efi_mem_reserve_persistent_lock);
1042 	rsv->next = efi_memreserve_root->next;
1043 	efi_memreserve_root->next = __pa(rsv);
1044 	spin_unlock(&efi_mem_reserve_persistent_lock);
1045 
1046 	return efi_mem_reserve_iomem(addr, size);
1047 }
1048 
1049 static int __init efi_memreserve_root_init(void)
1050 {
1051 	if (efi_memreserve_root)
1052 		return 0;
1053 	if (efi_memreserve_map_root())
1054 		efi_memreserve_root = (void *)ULONG_MAX;
1055 	return 0;
1056 }
1057 early_initcall(efi_memreserve_root_init);
1058 
1059 #ifdef CONFIG_KEXEC
1060 static int update_efi_random_seed(struct notifier_block *nb,
1061 				  unsigned long code, void *unused)
1062 {
1063 	struct linux_efi_random_seed *seed;
1064 	u32 size = 0;
1065 
1066 	if (!kexec_in_progress)
1067 		return NOTIFY_DONE;
1068 
1069 	seed = memremap(efi_rng_seed, sizeof(*seed), MEMREMAP_WB);
1070 	if (seed != NULL) {
1071 		size = min(seed->size, EFI_RANDOM_SEED_SIZE);
1072 		memunmap(seed);
1073 	} else {
1074 		pr_err("Could not map UEFI random seed!\n");
1075 	}
1076 	if (size > 0) {
1077 		seed = memremap(efi_rng_seed, sizeof(*seed) + size,
1078 				MEMREMAP_WB);
1079 		if (seed != NULL) {
1080 			seed->size = size;
1081 			get_random_bytes(seed->bits, seed->size);
1082 			memunmap(seed);
1083 		} else {
1084 			pr_err("Could not map UEFI random seed!\n");
1085 		}
1086 	}
1087 	return NOTIFY_DONE;
1088 }
1089 
1090 static struct notifier_block efi_random_seed_nb = {
1091 	.notifier_call = update_efi_random_seed,
1092 };
1093 
1094 static int __init register_update_efi_random_seed(void)
1095 {
1096 	if (efi_rng_seed == EFI_INVALID_TABLE_ADDR)
1097 		return 0;
1098 	return register_reboot_notifier(&efi_random_seed_nb);
1099 }
1100 late_initcall(register_update_efi_random_seed);
1101 #endif
1102