loader/efi: Small diff reduction

Make doing the boot once protocol more similar to copies of this code.

Sponsored by: Netflix
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D44007

libsa: Remove redundant sys/cdefs.h

Sponsored by: Netflix

loader/efi: Make gcc friendlier by move md_dev

Move the extern struct devsw md_dev out of the function. gcc is happier
with this arrangemnt often. However, we really should move it to a
header file, but that requires a bit of a rework of md support and
config.

Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44008

loader: For EFI, if we don't have ConOut, try ConIn

Try ConIn if we don't have a ConOut variable. ConIn will contain HID
devices and/or serial devices. We currently just search for serial
devices and will use them instead of video with the current code. While
ConIn w/o ConOut is fairly common on laptops, is kinda rare on servers.
Some refinement may be needed in the future if servers come to
light. This is also minimal to allow possible integration into 13.3
release.

MFC After: 1 week
Sponsored by: Netflix
Reviewed by: dab, tsoome
Differential Revision: https://reviews.freebsd.org/D43714

loader: lua: assume late ACPI detection if the feature isn't enabled

While we're here, enable the feature in the places we detect ACPI. This
lets us side-step the existing issues and provide a path forward for
folks upgrading from previous releases that haven't updated their ESP
yet.

Let's also fix core.setACPI: the hint already indicates that the
user's disabled it more consistently than loader.acpi_disabled_by_user.
Even more, the latter is wrong because we set it by default if we did
not detect ACPI. The ACPI hint remains even when we're setting defaults
because ACPI loaded into the kernel will make some noise if it's not
hinted off, even when we didn't detect it.

imp notes that this will result in some relatively harmless noise on
platforms that don't support ACPI but aren't using the UEFI loader, as
we would enable the ACPI module for loading on them and then loader
would not be able to find it. These are non-fatal, but should probably
be fixed by just declaring support for EARLY_ACPI in those loaders since
we know they won't have ACPI early on -- punting on this for the time
being, though, in favor of providing a safer upgrade path sooner.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D42727

stand/efi: Consolidate integer types

We have no need for 5 different copies of these.

Sponsored by: Netflix
Reviewed by: rcm, kevans, andrew
Differential Revision: https://reviews.freebsd.org/D42699

stand/efi: Define ACPI_USE_SYSTEM_INTTYPES to be 1 instead of blank

To avoid a redefinition warning... This needs to be redone correctly,
but this gets amd64 building again... My amd64 environment is polluted
with something that caues earlier failures which I ignored...

Fixes: 488bc7e9a777
Sponsored by: Netflix

stand/efi: Request ACPI use the system inttypes

With the system inttypes, we build on all platforms again.

Suggested by: andrew
Fixes: 0b01d45783c3
Sponsored by: Netflix

loader: fix EFI ACPI detection

lua was previously unable to determine ACPI presence because this
probing was postponed until the final loading and execution of the
kernel.

This patch resolves that by detecting ACPI early (similar to
the order of operations in the legacy i386 loader).

Reviewed by: kevans
Approved by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42459

stand/loader.efi: fix regression with ignoring nvstore

To read/update the boot loader nvstore, we always need to call
zfs_attach_nvstore() regardless of whether we use bootonce key
in nvstore or the bootfs property of the pool. The call was
unintentionally left in the block of code that is processed
only when bootonce key is present.

In particular this fixes broken 'nextboot -k'.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41795
Fixes: e3e2681d0ec28d6661fef6da76c9479049e2761c

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

loader.efi: Remove redundant error message

efi_copy_init already prints an error message (with more information) if it fails.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/777

stand/loader.efi: read zfs bootonce attribute before checking currdev

First check if bootonce is configured and if it is, then change currdev
accordingly and after that do the sanity check. This fixes boot in a
situation when ZFS pool doesn't have the "bootfs" property, but has
bootonce attribute set. A strange, but legitimate case.

Reviewed by: tsoome, imp
Differential Revision: https://reviews.freebsd.org/D40388

stand/efi/smbios: Move detection of smbios earlier.

It would be nice to make decisions early in boot, about maybe consoles,
based on smbios variables. Set them just after we setup the archsw so we
can use them everywhere.

Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D40219

stand/efi: Simplify code here

We have plenty of stack in the EFI case, so use it instead of the
complicated malloc / free dance.

Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D39415

Support SMBIOS v3 for 64-bit entry systems

Summary:
Under QEMU on arm64 systems, the smbios table is above 4GB
requiring a 64-bit address to access.

Reviewers: manu

Subscribers: imp, bcran, dab

Differential Revision: https://reviews.freebsd.org/D38721

stand: create common set_currdev

Pull together the nearly identical copies of set_currdev in i386,
userboot and efi. Other boot loaders have variances that might be fine
to use the common routine, or not. Since they are harder to test for me,
and ofw and uboot do handle these setting differently, leave them be for
now.

Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D38005

stand: Create common gen_setcurrdev and replace code

Replace 4 identical copies of *_setcurrdev with gen_setcurrdev to avoid
having to create a 5th copy. uboot_setcurrdev is actually different and
needs to remain separate (even though it's quite similar).

Sponsored by: Netflix
Reviewed by: fuz@fuz.su, kevans
Differential Revision: https://reviews.freebsd.org/D38003

stand/efi: Better variable name

sanity_check_currdev returns true if it found a kernel or a sane loader
config file. A better name for this would be 'bootable' rather than 'rv'
which connotes in other places an errno value or similar.

Sponsored by: Netflix

stand/efi: remove unused local varaibles

Remove some unused local variables. No functional change.

Sponsored by: Netflix

stand: create devinit

devinit() marches through all the devices, calling the inint routines if
any exist. Replace all the identical copies of this code.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D37349

stand: Parse all arguments passed by UEFI

Approved by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36457

stand: More sensible defaults when ConOut is missing

When ConOut is missing, we used to default to serial. Except we did it
in the worst way possible by just setting the howto bits and not
updating the console setting, which lead to weird behavior where we'd
get some things on the video port, others on serial.

Instead, set console to "efi,comconsole" for this case. Also set
RB_MULTIPLE always (so we get dual consoles from the kernel) and or in
RB_SERIAL when we can't find GOPs that suggest the precense of a video
console. This will put output in the most places and have a sensible
default for 'primary' console.

Sponsored by: Netflix
Reviewed by: emaste, manu
Differential Revision: https://reviews.freebsd.org/D36299

stand: efi_fmtdev can be reduced to devformat

devformat produces the same output as efi_fmtdev, so just use it to
reduce on the dependencies.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35924

stand: Move quit command to common commands

Since both EFI and the future kboot will benefit from a 'quit' command,
move it from efi/loader/main.c to common/commands.c. In EFI this command
exits back to the boot loader (which will cause the next BootXXXX in the
BootOrder list to be attempted). In kboot, this will exit back to
whatever called loader.kboot. In uboot this will cause a reset (which
will restart uboot, not quite a simple exit, but will look similar)
and in OFW it will execute OF_exit which should return to the
openfirmware prompt.

Sponsored by: Netflix

Add support for getting early entropy from UEFI

UEFI provides a protocol for accessing randomness. This is a good way
to gather early entropy, especially when there's no driver for the RNG
on the platform (as is the case on the Marvell Armada8k (MACCHIATObin)
for now).

If the entropy_efi_seed option is enabled in loader.conf (default: YES)
obtain 2048 bytes of entropy from UEFI and pass is to the kernel as a
"module" of name "efi_rng_seed" and type "boot_entropy_platform"; if
present, ingest it into the kernel RNG.

Submitted by: Greg V
Reviewed by: markm, kevans
Approved by: csprng (markm)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D20780

loader: Do not force comconsole for arm and arm64

This makes GOP not probed on some situation (AMD Card on PCIe slot
with EDK2 as we have a SERIAL_IO_PROTOCOL compatible uart).

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D32992
Sponsored by: Beckhoff Automation GmbH & Co. KG

loader: lsefi: Print more information

Printing the EFI_HANDLE pointer isn't very useful.
If the handle have a IMAGE_DEVICE_PATH or a DEVICE_PATH protocol print it.
This makes it easier to see which devices are present and what protocol they
expose.

Reviewed by: imp, tsoome
Differential Revision: https://reviews.freebsd.org/D32991
Sponsored by: Beckhoff Automation GmbH & Co. KG

efi loader: Call tslog_init from efi_main

We were calling tslog_init from main; no reason to wait that long.

Fixes: f49381ccb6bc efi/loader: Call tslog_init
Sponsored by: https://www.patreon.com/cperciva

loader: implement mount/unmount rootfs

We want to keep our root file system open to preserve bcache segment
between file accesses, thus reducing physical disk IO.

Reviewed by: imp, allanjude, kevans (previous version)
Differential Revision: https://reviews.freebsd.org/D30848
MFC after: 1 month

efi/loader: Call tslog_init

This allows the EFI loader to start recording timestamps.

Loader: support booting OS from memory disk (MD)

Until now, the boot image can be embedded into the loader with
/sys/tools/embed_mfs.sh, and memory disk (MD) is already supported
in loader source. But due to memory disk (MD) driver isn't registered
to the loader yet, the boot image can't be boot from embedded memory
disk.

Reviewed by: dab, tsoome
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D29512

loader.efi: There are systems without ConOut, also use ConOutDev

Conout does contian the default output device name.
ConOutDev does contain all possible output device names, so we can
use it as fallback, when there is no ConOut.

PR: 253253

loader: implement framebuffer console

Draw console on efi.
Add vbe framebuffer for BIOS loader (vbe off, vbe on, vbe list,
vbe set xxx).
autoload font (/boot/fonts) based on resolution and font size.
Add command loadfont (set font by file) and
variable screen.font (set font by size). Pass loaded font to kernel.

Export variables:
screen.height
screen.width
screen.depth

Add gfx primitives to draw the screen and put png image on the screen.
Rework menu draw to iterate list of consoles to enamble device specific
output.

Probably something else I forgot...

Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27420

efi loader: fix typos in a comment

...mostly because it's a harmless way to try the shiny new git repo.

Sponsored by: Dell EMC Isilon

Add 'netserver' command to EFI loader.

In some environments is difficult to access bootp/dhcp
configuration as "standard user". Add a command that allows to set
or display the URI of the network server used as "net:" device.
Currently only tftp and nfs protocols are supported.

Typical usage pattern is:
netserver tftp://192.168.168.1/path_to_obj_dir/arm.armv7/sys/GENERIC/
boot net:kernel

Reviewed by: imp, kevans
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D26736

Fix video on PCI heuristic

The video on PCI heuristic was broken. It was supposed to infer a
video device when the last element of the path was a PCI DEVICE PATH
node. However, the last node in the device path is an END node, so
this heuristic never fired.

This leads, among other things, to bhyve only producing output in the
serial connection once we leave the boot loader. This restores the
dual headed boot on bhyve + UEFI (as we did in 11.2), but will favor
serial in the absence of other config which may be a change from 11.2.

MFC After: 3 days
Differential Revision: https://reviews.freebsd.org/D26572

loader: fix non-zfs build

We can not include zfs headers while building without zfs.

Reported by: Oscar Holmlund

loader: zfs should support bootonce an nextboot

bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25512

zfs: add an option to the bootloader to rewind the ZFS checkpoint

The checkpoints are another way of keeping the state of ZFS.
During the rewind, the pool has to be exported.
This makes checkpoints unusable when using ZFS as root.
Add the option to rewind the ZFS checkpoint at the boot time.
If checkpoint exists, a new option for rewinding a checkpoint will appear in
the bootloader menu.
We fully support boot environments.
If the rewind option is selected, the boot loader will show a list of
boot environments that existed before the checkpoint.

Reviewed by: tsoome, allanjude, kevans (ok with high-level overview)
Differential Revision: https://reviews.freebsd.org/D24920

RISC-V boot1.efi and loader.efi support

This implementation doesn't have any major deviations from the other EFI
ports. I've copied the boilerplate from arm and arm64.

I've tested this with the following boot flows:
OpenSBI (M-mode) -> u-boot (S-mode) -> loader.efi -> FreeBSD
OpenSBI (M-mode) -> u-boot (S-mode) -> boot1.efi -> loader.efi -> FreeBSD

Due to the way that u-boot handles secondary CPUs, OpenSBI >= v0.7 is required,
as the HSM extension is needed to bring them up explicitly. Because of this,
using BBL as the SBI implementation will not be possible. Additionally, there
are a few recent u-boot changes that are required as well, all of which will be
present in the upcoming v2020.07 release.

Looks good: emaste
Differential Revision: https://reviews.freebsd.org/D25135

loader: create single zfs nextboot implementation

We should have nextboot feature implemented in libsa zfs code.
To get there, I have created zfs_nextboot() implementation based on
two sources, our current simple textual string based approach with added
structured boot label PAD structure from OpenZFS.

Secondly, all nvlist details are moved to separate source file and
restructured a bit. This is done to provide base support to add nvlist
add/update feature in followup updates.

And finally, the zfsboot/gptzfsboot disk access functions are swapped to use
libi386 and libsa.

Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25324

loader: add comconsole implementation on top of SIO protocol

Provide comconsole on top of SIO for arm platforms (x86 does use bios version).

veloader use vectx API for kernel and modules

The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform. On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by: imp,tsoome
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org//D23827

Create ptov() function.

Create a ptov() function. It's basically the same as the btx PTOV
macro, but works everywhere. smbios needs this to translate addresses,
but the translation differs between BIOS booting and EFI booting. Make
it a function so one smbios.o can be used everywhere. Provide
definitions for it in the two loaders affected.

Differential Revision: https://reviews.freebsd.org/D23660

efiloader: don't execute hooks when setting currdev/loaddev

We still need to set the hooks to prevent improper manipulations thereafter
at the loader prompt, but as it is we're actively preventing loaddev from
being set correctly in some circumstances (ZFS in particular) and doing more
work than needed with currdev -- that hook in particular validates it as a
correct device, which we can assume isn't needed in this context.

Reviewed by: imp, sigsys@gmail.com
Submitted/Diagnosed by: sigsys@gmail.com
Differential Revision: https://reviews.freebsd.org/D23390

loader.efi: print ImageBase so we know where we are

Output a bit of debugging aid.

Remove comment. We're just going to the next node here.

loader.efi: Default to serial if we don't have a ConOut variable

In the EFI implementation in U-Boot no ConOut efi variable is created,
this cause loader to fallback to TERM_EMU implementation which is very
very very slow (and uses the ConOut device in the system table anyway).
The UEFI spec aren't clear as if this variable needs to exists or not.

Reviewed by: imp, kevans

loader: fall back to term_emu on efi console with serial backend

In case of efi console having serial backend (video + serial or only serial),
we need to stick with old emulator till we can draw console.

Eventually we would need to get console terminal emulator to be removed
from serial console because the serial link already has the terminal.

However, we need to implement comconsole on all efi platforms first, then
we need the ability to draw console, so we do not have to use SimpleTextOutput
protocol (which will write both on video and serial in case of multiplexed
ComOut).

Differential Revision: https://reviews.freebsd.org/D22161

Guard reference to x86_hypervisor

Obviously we only want x86_hypervisor on x86
Guard reference to x86_hypervisor

Obviously we only want x86_hypervisor on x86

Allow loader.efi to identify non-standard boot setup

PATH_BOOTABLE_TOKEN can be set to a non-standard
path that identifies a device as bootable.

Reviewed by: kevans, bcran
Differential Revision: https://reviews.freebsd.org/D22062

Allow loader.efi to identify non-standard boot setup

PATH_BOOTABLE_TOKEN can be set to a non-standard
path that identifies a device as bootable.

Reviewed by: kevans, bcran
Differential Revision: https://reviews.freebsd.org/D22062

loader: use teken teminal emulator for x86 and uefi

Replace mini cons25 emulator with teken, this does enable us proper console
terminal for loader and will make it possible to implement different
back end callbacks to draw to screen.

At this time we still only "draw" in text mode.

Verify files loaded in chain command.

The chain command can be used to chain load another binary.
If veriexec is enabled we should verify it first.
Note that on EFI systems the verification was already done
through firmware, assuming that Secure Boot was enabled there.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
MFC after: 1 week
Obtained from: Semihalf
Differential Revision: https://reviews.freebsd.org/D20952

loader.efi: replace HandleProtocol() with OpenProtocol()

The HandleProtocol() is deprecated interface and we should use OpenProtocol()
instead. Moreover, in some firmware implementation(s), the HandleProtocol()
does return device path using static storage, so we can not keep the value
returned there. With same firmware, the OpenProtocol() does return data we
do not need to clone.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D21162

Move to using a common kernel path between the boot / laoder bits and
the kernel.

stand: correct mis-merge from r346879

Small mis-merge from multiple WIP resulted in block io media handles getting
double-initialized. This resulted in some installations oddly landing at the
mountroot prompt.

Reported by: ler
Reviewed by: imp

Implement uefi_ignore_boot_mgr env variable.

When set, we ignore all the hints that the UEFI boot manager has set
for us. We also always fail back to the OK prompt when we can't find
the right thing to boot rather than failing back to the UEFI boot
manager. This has the side effect of also expanding the cases where we
fail back to the OK prompt to include when we're booted under UEFI,
but UEFI::BootCurrent isn't set in the environment and we can't find a
proper place to boot from.

Reviewed by: bcran
Differential Revision: https://reviews.freebsd.org/D20016

Implement uefi_rootdev

If uefi_rootdev is set in the environment, then treat it like a device
path. Convert the string to a device path and see if we can find a
device that matches. If so, use that device at our root dev no matter
what. If it's bad in any way, the boot will fail.

Reviewed by: bcran
Differential Revision: https://reviews.freebsd.org/D20016

Read in and parse /efi/freebsd/loader.env from the boot device's
partition as if it were on the command line.

Fetch FreeBSD-LoaderEnv UEFI enviornment variable. If set, read in
loader environment variables from it. Otherwise read in
/efi/freebsd/loader.env. Both are read relative to the device
loader.efi loaded from (they aren't full UEFI device paths)

Next fetch FreeBSD-NextLoaderEnv UEFI environment variable. If
present, read the file it points to in as above and delete the UEFI
environment variable so it only happens once.

This lets one set environment variables in the bootloader.
Unfortunately, we don't have all the mechanisms in place to parse the
file, nor do we have the magic pattern matching in place that
loader.conf has. Variables are of the form foo=bar. No quotes are
supported, so spaces aren't allowed, for example. Also, variables like
foo_load=yes are intercepted when we parse the loader.conf file and
things are done based on that. Since those aren't done here, variables
that cause an action to happen won't work.

Reviewed by: bcran
Differential Revision: https://reviews.freebsd.org/D20016

Add the proper range of years for Netflix's copyright on this
file. Note that I wrote it.

Move initialization of the block device handles earlier (we're just
snagging them from UEFI BIOS). Call the device type init routines
earlier as well, as they don't depend on how the console is
setup. This will allow us to read files earlier in boot, so any rare
error messages that this might move only to the EFI console will be an
acceptable price to pay. Also tweak the order of has_kbd so it resides
next to the rest of the console code. It needs to be after we initialize
the buffer cache.

Create boot_img as a global variable

Get the information from the image that we're booting and store it in
a global variable. Prefer using this to passing it around. Remove the
special case for zfs that set the preferred boot handle by having it
uses this global variable diretly.

Reviewed by: kevans@
Differential Revision: https://reviews.freebsd.org/D20015

Move setting of console earlier in boot.

There's no reason we can't setup the console first thing after the
arch flags are setup. We set it undconditionally to efi. This is a
good default, and will get us error messages to at least the efi
console no matter what. This will also prime the pump so that as other
variables are set, they will take effect and the console will be
correct as soon as those env vars are set. Also remove the redundant
setting of the console to efi when we know the console is efi.

Differential Revision: https://reviews.freebsd.org/D20014

Start to reduce the number of #ifdef EFI_ZFS_BOOT

There's a number of EFI_ZFS_BOOT #ifdefs that aren't needed, or can be
eliminated with some trivial #defines. Remove the EFI_ZFS_BOOT ifdefs
that aren't needed. Replace libzfs.h include which is not safe to
include without EFI_ZFS_BOOT with efizfs.h which is and now
conditionally included libzfs.h. Define efizfs_set_preferred away
and define efi_zfs_probe to NULL when ZFS is compiled out.

loader: command_lsefi: ret can be used uninitialized

MFC after: 1w

Distinguish between "no partition" and "choose best partition" with a constant.

The values of the d_slice and d_partition fields of a disk_devdesc have a
few values with special meanings in the disk_open() routine. Through various
evolutions of the loader code over time, a d_partition value of -1 has
meant both "use the first ufs partition found in the bsd label" and "don't
open a bsd partition at all, open the raw slice."

This defines a new special value of -2 to mean open the raw slice, and it
gives symbolic names to all the special values used in d_slice and
d_partition, and adjusts all existing uses of those fields to use the new
constants.

The phab review for this timed out without being accepted, but I'm still
citing it below because there is useful commentary there.

Differential Revision: https://reviews.freebsd.org/D19262

Extend libsecureboot(old libve) to obtain trusted certificates from UEFI and implement revocation

UEFI related headers were copied from edk2.

A new build option "MK_LOADER_EFI_SECUREBOOT" was added to allow
loading of trusted anchors from UEFI.

Certificate revocation support is also introduced.
The forbidden certificates are loaded from dbx variable.
Verification fails in two cases:

There is a direct match between cert in dbx and the one in the chain.
The CA used to sign the chain is found in dbx.
One can also insert a hash of TBS section of a certificate into dbx.
In this case verifications fails only if a direct match with a
certificate in chain is found.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19093

Regularize the Netflix copyright

Use recent best practices for Copyright form at the top of
the license:
1. Remove all the All Rights Reserved clauses on our stuff. Where we
piggybacked others, use a separate line to make things clear.
2. Use "Netflix, Inc." everywhere.
3. Use a single line for the copyright for grep friendliness.
4. Use date ranges in all places for our stuff.

Approved by: Netflix Legal (who gave me the form), adrian@ (pmc files)

loader.efi: efi variable rework and lsefi command added

This update does add diag and debug capabilities to interpret the efi
variables, configuration and protocols (lsefi).

The side effect is that we add/update bunch of related headers.

loader.efi: update memmap command to recognize new attributes

Also move memory type to string translation to libefi for later use.

MFC after: 2 weeks

Fix pointer arithmetic

Pointer math to find the size in bytes only works with char types.
Use correct pointer math to determine if we have enough of a header to
look at or not.

MFC After: 3 days
X-MFX-With: r339800
Noticed by: jhb@
Sponsored by: Netflix, Inc

Ensure we have a full EFI_DEVICE_PATH header before we try to look at
its length. Some BIOSes pad the length of the device path to an even
amount. When we had a device path that was somehow an odd length, we'd
wind up having 1 byte left that we were bogusly interpreting as a full
device path. We'd then dereference 2 bytes into that to get a length
of the node, which had undefined (and quite undesired) effects.

Sponsored by: Netflix, Inc
MFC After: 3 days

loader.efi: add poweroff command

Add poweroff command to make life a bit easier.

Reviewed by: imp, allanjude
Approved by: re (kib)
Differential Revision: https://reviews.freebsd.org/D17535

loader.efi: clean up misleading noise from missing block devices

If there are no block devices, there is no need to printout
error (ENOENT).

In case of netboot, our image path has no block device, no need to make
noise about it.

loader.efi: efipart_inithandles() failure should not prevent devsw initialization

The efipart_inithandles() can return error code when there are no block devices,
however, we still should walk and initialize devsw.

Be more conservative about setting hw.uart.console

Note when we've found a 8250 PNP node. Only try to set hw.uart.console
if we see one (otherwise ignore serial hints). The 8250 is the only
one known to have I/O ports, so limit the guessing to when we've
positively seen one. And limit this to x86 since that's the only
platform where we have I/O ports. Otherwise, we'd set the serial port
to something crazy for the platform and fall off the cliff early in
boot.

Differential Revision: https://reviews.freebsd.org/D16463

Use % for printf, not a dollar sign

Style nits noted by rpokala

In the BootXXXX message, use the actual boot variable.
Fix stupid compile issue that crept in when I moved patches between trees.

Add some additional debug to loader.efi

Add some verbose debugging information to the loader's new
choices. I'll remove these / put them behind a DEBUG define at a later
time. This is to give additional information if there's any dangling
edge cases not contemplated by the code. r336789 had most of this
change, but had the wrong commit message. This refines it slightly.

stand debug

Ignore Device Paths in the Boot Info that don't have Media path
nodes. These show up in default entries on SuperMicro motherboards and
elsewhere. Before, we couldn't find a block device associated with the
device path and return BAD_CHOICE which was an instant
failure. However, a VendHw node isn't specifc, so when we don't find a
media path, return NOT_SPECIFIC so that the rest of the algorithms
work.

Sponsored by: Netflix.

Finalize the boot manager protocol support for next-stage boot
loading.

If we are booting in a conforming UEFI Boot Manager Environment, then
use the BootCurrent variable to find the BootXXXX we're using. Once we
find that, then if it contains more than one EFI_DEVICE_PATH in its
what to boot section, try to use the last one as the kernel to
load. This will also set the default root partition as well. If
there's only one path, or if there's an error along the way, assume
that nothing specific was specified and revert to the old
algorithm. If something was specified, but not found, then fail the
boot. Otherwise you that, specific thing. On FreeBSD, this can be set
using efibootmgr -l <loader> -k <kernel>. We try a few variations of
kernel to cope with the fact that UEFI comes from a DOS world where
paths might be upper case and/or contain back-slashes.

Note: In an ideal world, we'd work out where we are in chain loading
by looking at the passed-in image handle and doing name
matching. However, that's unreliable since at least boot1.efi booted
images don't have that, hence the assumption that loader.efi needs to
load the last thing on the list, if possible.

The reason we fail for something specific is so that we can fully
participate in the UEFI Boot Manager Protocol and fail over to the
next item in the list of BootOrder choices when something goes wrong
at this stage.

This implements was was talked about in freebsd-arch@ last year
https://docs.freebsd.org/cgi/getmsg.cgi?fetch=3576+0+archive/2017/freebsd-arch/20171022.freebsd-arch
and documented in full (after changed resulting from the discussion) in
https://docs.google.com/document/d/1aK9IqF-60JPEbUeSAUAkYjF2W_8EnmczFs6RqCT90Jg/edit#
although one or two minor details may have been modified in this
implementation to make it work, and the ZFS MEDIA PATH extension isn't
implemented. This does not yet move things to ESP:\efi\freebsd\loader.efi.

RelNotes: Yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16403

Fix the attempt to see if we're overriding the console in the command
line args. I had thought console would be NULL, but it's efi. Set it
to efi (as a clue) before we initialize the console, then test it to
see if it changed on the command line to do the automatic
override. This gets my serial console back.

If the console is already set, don't override it.

If console=X is specified on the command line, it's effectively
overridden by the current code. It shouldn't do that.

If rootdev is set, use it as currdev.

Setting rootdev in the enviornment should specify things
completely. If it is set, then have it override everything else.

PR: 229770
Differential Review: https://reviews.freebsd.org/D16322

Minor adjustments:

o Fix the parsing of the device path. a last minute change terminated
it too soon.
o Kill setting LINES. We don't need to do it, and even if we did hard
coding it to 24 is wrong.
o Now that the console is working again for the loader, adjust the
printfs to be more in line with other platforms.

Add reporting of whether or not a keyboard is detected. In addition,
note that r336270's commit message was slightly incorrect. It changed
the default setting of the console to honor the ConOut
variable. Overrides via the command line are still possible, and we
use the devices in ConOut to set the proper console. If, for example,
serial cosnole is specified, we'll set console to "efi" if ConOut has
a serial port list and to either "efi comconsole" or "comconsole efi"
if not depending on whether -D or -D -h was specified.

RelNotes: Yes
Sponsored by: Netflix

uefi stand: Guess the console better

For server machines, ComOut is set to the set of devices that the efi
console suppots. Parse it to see if we have serial, video or both.
Make that take precidence over the command line args. boot1.efi parses
them, but loader.efi doesn't. It's not clear where to read boot.conf
from, so we don't do that. The command line args can still be set via
efibootmgr, which is more inline with the UEFI boot manager to replace
that. These args are typically used only to set serial vs video and
the com speed line. We can infer that from ComOut, so do so.
Remember the com speed and hw.uart.console to match.

RelNotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D15917

Transition to boot_env_to_howto and boot_howto_to_env in the boot
loader.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16205

Eliminate boot loader copies of boot arg parsing.

Eliminate 4 of the copies of the arg parsing in /boot/laoder
by using boot_parse_cmdline.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16205

Many netboot scenarios don't have /boot/defaults/loader.conf. As
a fallback, also check /boot/kernel/kernel existing as well, since
that's the fallback behavior of the loader.

There's no need to walk through the tables looking for the smbios
table if we're just going to ignore it on arm, so expand, slightly,
the reach of the ifdef. Move the buffer to the inner block so we
don't have a separate #ifdef far away from these lines.

The issue on arm is that smbios_detect does unaligned accesses, which
in the u-boot implementing EFI context causes a crash.

Move arg parsing into its own routine for possible later reuse.

Provide a more direct interface to tell ZFS what the preferred handle
is. We tell the ZFS code now, and it checks rather than having a
callback to do the checks.

This will allow us to have a more graceful fallback code. In the
future, it's anticipated that we may fallback to a more global search
(or implement a command to do so) when reqeusted by the user, or we
detect a violation of the UEFI Boot Manager protocol severe enough to
warrant this backstop. For now, it just allows us to get rid of img as
a global.

Sponsored by: Netflix

Migrate has_keyboard to bool.

bootprog_info is generated in vers.c. Move it's definition to
bootstrap.h and remove all the redundant copies.

Sponsored by: Netflix

Use bool for vargood, since it's a boolean.

Sponsored by: Netflix

stand: One more trivial consolidation (setting environment from howto)

Refactor currdev setting

Refactor the currdev setting to find the device we booted from. Limit
searching when we don't already have a reasonable currdev from that to
the same device only. Search a little harder for ZFS volumes as that's
needed for loader.efi to live on an ESP.

Sponsored by: Netflix
Differential Review: https://reviews.freebsd.org/D13784

Print the load and device path as well as BootCurrent and BootOrder

Sponsored by: Netflix

Remove d_type from devdesc. It's not needed as we can fetch it from
d_dev->dv_type when we need it.

Use the actual struct devdesc at the start of all *_devdesc structs

The current system is fragile and requires very careful layout of all
*_devdesc structures. It also makes it hard to change the base
devdesc. Take a page from CAM and put the 'header' in all the derived
classes and adjust the code to match.

For OFW, move the iHandle h_handle out of a slot conflicting with
d_opendata. Due to quirks in the alignment rules, this worked.
However changing the code to use d_opendata storage now that it's a
pointer is hard, so just have a separate field for it.

All other cleanups were to make the *_devdesc structures match where
they'd taken some liberties that were none-the-less compatible enough
to work.

We can't use d_opendata for blkio storage.

open_disk uses d_opendata for it's own purpse. We can't store blkio
there. Fortunately, blkio is stored elsewhere and we never actually
retrieve blkio from d_opendata. Eliminate it as a source of confusion.
Eliminate all stores of d_opendata in efi since this layer doesn't own
that field.

Consolidate three copies of ZFS commands into a central location.

There's no reason to have multiple copies of lszfs and
reloadbe. Consolidate them into one location. Also ldi_get_size is the
same everywhere (except sparc64). Make it the same everywhere as the
common definition is more general and will work on spar64.

efi: Only scan the BLKIO MEDIA once

Scan only the BLOCK IO MEDIA once instead of each time for each type of
device (fd, cd and hdd).
Leave the mechanism to free and reprobe all devices if one day we want
to implement a "dev rescan" thing.

Reviewed by: imp, tsoome
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D14334

loader.efi: add missing EFI GUIDs

These were found during bring-up on a new arm64 platform and in an
amd64 VM.

Submitted by: Arshan Khanifar <arshankhanifar_gmail.com>
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14036

Interact is always called with NULL. Simplify code a little by
removing this argument, and expanding when rc is NULL. This
effectively completes the back out of custom scripts for tftp booted
loaders from r269153 that was started in r292344 with the new path
tricks that obsoleted it.

Submitted by: Netflix

Revert r326792, r326784, r326772, r326712

Something subtle is creating problems for disk access on ubldr. Back
it out unti that can be sorted out.

Sponsored by: Netflix

Fix regression with lua import

Don't print when we can't find a file. Copy it instead to the error
buffer. Higher level routines determine if it's appropriate to print
the error message.

Also, remove dead code (labeled bogusly lost functionality) since we
never used that functionality. Remove unused arg from interact() too.

Sponsored by: Netflix

Prefer stdint.h to inttypes.h since the added prototypes form the
latter aren't used. Prefer sys/link_elf.h to link.h so we're only
dependent on the kernel tree. The default installation of link.h just
includes this file, and any benefit from that is outweighed by the
hassle it causes. This reduces the footprint of files needed from the
system includes (or sysroot in buildworld).

Sponsored by: Netflix

Move sys/boot to stand. Fix all references to new location

Sponsored by: Netflix