Merge branch 'master' into next

Signed-off-by: Tom Rini <trini@konsulko.com>

20 files changed, 379 insertions, 67 deletions

diff --git a/lib/efi_driver/efi_uclass.c b/lib/efi_driver/efi_uclass.c
index b01ce89c84..74dd003243 100644
--- a/lib/efi_driver/efi_uclass.c
+++ b/lib/efi_driver/efi_uclass.c
@@ -71,6 +71,15 @@ static efi_status_t EFIAPI efi_uc_supported(
 	EFI_ENTRY("%p, %p, %ls", this, controller_handle,
 		  efi_dp_str(remaining_device_path));
 
+	/*
+	 * U-Boot internal devices install protocols interfaces without calling
+	 * ConnectController(). Hence we should not bind an extra driver.
+	 */
+	if (controller_handle->dev) {
+		ret = EFI_UNSUPPORTED;
+		goto out;
+	}
+
 	ret = EFI_CALL(systab.boottime->open_protocol(
 			controller_handle, bp->ops->protocol,
 			&interface, this->driver_binding_handle,
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 476a22d7ea..41756ea539 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -384,6 +384,23 @@ config EFI_ESRT
 	help
 	  Enabling this option creates the ESRT UEFI system table.
 
+config EFI_ECPT
+	bool "Enable the UEFI ECPT generation"
+	default y
+	help
+	  Enabling this option created the ECPT UEFI table.
+
+config EFI_EBBR_2_0_CONFORMANCE
+	bool "Add the EBBRv2.0 conformance entry to the ECPT table"
+	depends on EFI_ECPT
+	depends on EFI_LOADER_HII
+	depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV
+	depends on EFI_RNG_PROTOCOL || !DM_RNG
+	depends on EFI_UNICODE_COLLATION_PROTOCOL2
+	default y
+	help
+	  Enabling this option adds the EBBRv2.0 conformance entry to the ECPT UEFI table.
+
 config EFI_RISCV_BOOT_PROTOCOL
 	bool "RISCV_EFI_BOOT_PROTOCOL support"
 	default y
diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index f54c244c32..e187d2a914 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -76,6 +76,7 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
 obj-$(CONFIG_EFI_RISCV_BOOT_PROTOCOL) += efi_riscv.o
 obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o
 obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o
+obj-$(CONFIG_EFI_ECPT) += efi_conformance.o
 
 EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE))
 $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE)
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 8da3bb29aa..1bfd094e89 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -619,9 +619,14 @@ efi_status_t efi_remove_all_protocols(const efi_handle_t handle)
  */
 void efi_delete_handle(efi_handle_t handle)
 {
-	if (!handle)
+	efi_status_t ret;
+
+	ret = efi_remove_all_protocols(handle);
+	if (ret == EFI_INVALID_PARAMETER) {
+		log_err("Can't remove invalid handle %p\n", handle);
 		return;
-	efi_remove_all_protocols(handle);
+	}
+
 	list_del(&handle->link);
 	free(handle);
 }
diff --git a/lib/efi_loader/efi_conformance.c b/lib/efi_loader/efi_conformance.c
new file mode 100644
index 0000000000..a49aae9249
--- /dev/null
+++ b/lib/efi_loader/efi_conformance.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ *  EFI conformance profile table
+ *
+ *  Copyright (C) 2022 Arm Ltd.
+ */
+
+#include <common.h>
+#include <efi_loader.h>
+#include <log.h>
+#include <efi_api.h>
+#include <malloc.h>
+
+static const efi_guid_t efi_ecpt_guid = EFI_CONFORMANCE_PROFILES_TABLE_GUID;
+static const efi_guid_t efi_ebbr_2_0_guid =
+	EFI_CONFORMANCE_PROFILE_EBBR_2_0_GUID;
+
+/**
+ * efi_ecpt_register() - Install the ECPT system table.
+ *
+ * Return: status code
+ */
+efi_status_t efi_ecpt_register(void)
+{
+	int num_entries = 0;
+	struct efi_conformance_profiles_table *ecpt;
+	efi_status_t ret;
+	size_t ecpt_size;
+
+	ecpt_size = num_entries * sizeof(efi_guid_t)
+		+ sizeof(struct efi_conformance_profiles_table);
+	ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, ecpt_size,
+				(void **)&ecpt);
+
+	if (ret != EFI_SUCCESS) {
+		log_err("Out of memory\n");
+
+		return ret;
+	}
+
+	if (CONFIG_IS_ENABLED(EFI_EBBR_2_0_CONFORMANCE))
+		guidcpy(&ecpt->conformance_profiles[num_entries++],
+			&efi_ebbr_2_0_guid);
+
+	ecpt->version = EFI_CONFORMANCE_PROFILES_TABLE_VERSION;
+	ecpt->number_of_profiles = num_entries;
+
+	/* Install the ECPT in the system configuration table. */
+	ret = efi_install_configuration_table(&efi_ecpt_guid, (void *)ecpt);
+	if (ret != EFI_SUCCESS) {
+		log_err("Failed to install ECPT\n");
+		efi_free_pool(ecpt);
+
+		return ret;
+	}
+
+	log_debug("ECPT created\n");
+
+	return EFI_SUCCESS;
+}
diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c
index 5be509f0d6..cf9fbd9cb5 100644
--- a/lib/efi_loader/efi_console.c
+++ b/lib/efi_loader/efi_console.c
@@ -988,12 +988,14 @@ static efi_status_t EFIAPI efi_cin_read_key_stroke_ex(
 	efi_cin_check();
 
 	if (!key_available) {
+		memset(key_data, 0, sizeof(struct efi_key_data));
 		ret = EFI_NOT_READY;
 		goto out;
 	}
 	/*
 	 * CTRL+A - CTRL+Z have to be signaled as a - z.
 	 * SHIFT+CTRL+A - SHIFT+CTRL+Z have to be signaled as A - Z.
+	 * CTRL+\ - CTRL+_ have to be signaled as \ - _.
 	 */
 	switch (next_key.key.unicode_char) {
 	case 0x01 ... 0x07:
@@ -1006,6 +1008,9 @@ static efi_status_t EFIAPI efi_cin_read_key_stroke_ex(
 			next_key.key.unicode_char += 0x40;
 		else
 			next_key.key.unicode_char += 0x60;
+		break;
+	case 0x1c ... 0x1f:
+			next_key.key.unicode_char += 0x40;
 	}
 	*key_data = next_key;
 	key_available = false;
diff --git a/lib/efi_loader/efi_device_path_to_text.c b/lib/efi_loader/efi_device_path_to_text.c
index 6c428ee061..9062058ac2 100644
--- a/lib/efi_loader/efi_device_path_to_text.c
+++ b/lib/efi_loader/efi_device_path_to_text.c
@@ -190,13 +190,14 @@ static char *dp_msging(char *s, struct efi_device_path *dp)
 		struct efi_device_path_nvme *ndp =
 			(struct efi_device_path_nvme *)dp;
 		u32 ns_id;
-		int i;
 
 		memcpy(&ns_id, &ndp->ns_id, sizeof(ns_id));
 		s += sprintf(s, "NVMe(0x%x,", ns_id);
-		for (i = 0; i < sizeof(ndp->eui64); ++i)
+
+		/* Display byte 7 first, byte 0 last */
+		for (int i = 0; i < 8; ++i)
 			s += sprintf(s, "%s%02x", i ? "-" : "",
-				     ndp->eui64[i]);
+				     ndp->eui64[i ^ 7]);
 		s += sprintf(s, ")");
 
 		break;
diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c
index 819dcb4f13..e39968a3f3 100644
--- a/lib/efi_loader/efi_disk.c
+++ b/lib/efi_loader/efi_disk.c
@@ -810,3 +810,20 @@ efi_status_t efi_disk_get_device_name(const efi_handle_t handle, char *buf, int
 
 	return EFI_SUCCESS;
 }
+
+/**
+ * efi_disks_register() - ensure all block devices are available in UEFI
+ *
+ * The function probes all block devices. As we store UEFI variables on the
+ * EFI system partition this function has to be called before enabling
+ * variable services.
+ */
+efi_status_t efi_disks_register(void)
+{
+	struct udevice *dev;
+
+	uclass_foreach_dev_probe(UCLASS_BLK, dev) {
+	}
+
+	return EFI_SUCCESS;
+}
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 751beda590..c633fcd91e 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -246,6 +246,14 @@ efi_status_t efi_init_obj_list(void)
 	/* Set up console modes */
 	efi_setup_console_size();
 
+	/*
+	 * Probe block devices to find the ESP.
+	 * efi_disks_register() must be called before efi_init_variables().
+	 */
+	ret = efi_disks_register();
+	if (ret != EFI_SUCCESS)
+		goto out;
+
 	/* Initialize variable services */
 	ret = efi_init_variables();
 	if (ret != EFI_SUCCESS)
@@ -266,6 +274,12 @@ efi_status_t efi_init_obj_list(void)
 	if (ret != EFI_SUCCESS)
 		goto out;
 
+	if (IS_ENABLED(CONFIG_EFI_ECPT)) {
+		ret = efi_ecpt_register();
+		if (ret != EFI_SUCCESS)
+			goto out;
+	}
+
 	if (IS_ENABLED(CONFIG_EFI_ESRT)) {
 		ret = efi_esrt_register();
 		if (ret != EFI_SUCCESS)
diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c
index 10666dc0f2..d565f32745 100644
--- a/lib/efi_loader/helloworld.c
+++ b/lib/efi_loader/helloworld.c
@@ -29,24 +29,66 @@ static struct efi_system_table *systable;
 static struct efi_boot_services *boottime;
 static struct efi_simple_text_output_protocol *con_out;
 
+/*
+ * Print an unsigned 32bit value as decimal number to an u16 string
+ *
+ * @value:	value to be printed
+ * @buf:	pointer to buffer address
+ *		on return position of terminating zero word
+ */
+static void uint2dec(u32 value, u16 **buf)
+{
+	u16 *pos = *buf;
+	int i;
+	u16 c;
+	u64 f;
+
+	/*
+	 * Increment by .5 and multiply with
+	 * (2 << 60) / 1,000,000,000 = 0x44B82FA0.9B5A52CC
+	 * to move the first digit to bit 60-63.
+	 */
+	f = 0x225C17D0;
+	f += (0x9B5A52DULL * value) >> 28;
+	f += 0x44B82FA0ULL * value;
+
+	for (i = 0; i < 10; ++i) {
+		/* Write current digit */
+		c = f >> 60;
+		if (c || pos != *buf)
+			*pos++ = c + '0';
+		/* Eliminate current digit */
+		f &= 0xfffffffffffffff;
+		/* Get next digit */
+		f *= 0xaULL;
+	}
+	if (pos == *buf)
+		*pos++ = '0';
+	*pos = 0;
+	*buf = pos;
+}
+
 /**
  * print_uefi_revision() - print UEFI revision number
  */
 static void print_uefi_revision(void)
 {
-	u16 rev[] = u"0.0.0";
-
-	rev[0] = (systable->hdr.revision >> 16) + '0';
-	rev[4] = systable->hdr.revision & 0xffff;
-	for (; rev[4] >= 10;) {
-		rev[4] -= 10;
-		++rev[2];
+	u16 rev[13] = {0};
+	u16 *buf = rev;
+	u16 digit;
+
+	uint2dec(systable->hdr.revision >> 16, &buf);
+	*buf++ = '.';
+	uint2dec(systable->hdr.revision & 0xffff, &buf);
+
+	/* Minor revision is only to be shown if non-zero */
+	digit = *--buf;
+	if (digit == '0') {
+		*buf = 0;
+	} else {
+		*buf++ = '.';
+		*buf = digit;
 	}
-	/* Third digit is only to be shown if non-zero */
-	if (rev[4])
-		rev[4] += '0';
-	else
-		rev[3] = 0;
 
 	con_out->output_string(con_out, u"Running on UEFI ");
 	con_out->output_string(con_out, rev);
diff --git a/lib/efi_selftest/Makefile b/lib/efi_selftest/Makefile
index 33536c9ec0..daac6c3968 100644
--- a/lib/efi_selftest/Makefile
+++ b/lib/efi_selftest/Makefile
@@ -49,6 +49,7 @@ efi_selftest_variables.o \
 efi_selftest_variables_runtime.o \
 efi_selftest_watchdog.o
 
+obj-$(CONFIG_EFI_ECPT) += efi_selftest_ecpt.o
 obj-$(CONFIG_NET) += efi_selftest_snp.o
 
 obj-$(CONFIG_EFI_DEVICE_PATH_TO_TEXT) += efi_selftest_devicepath.o
diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c
index 8e427b9e51..191da7fc45 100644
--- a/lib/efi_selftest/efi_selftest.c
+++ b/lib/efi_selftest/efi_selftest.c
@@ -14,8 +14,8 @@
 #define EFI_ST_EXECUTE	2
 #define EFI_ST_TEARDOWN	4
 
-static const struct efi_system_table *systable;
-static const struct efi_boot_services *boottime;
+const struct efi_system_table *st_systable;
+const struct efi_boot_services *st_boottime;
 static const struct efi_runtime_services *runtime;
 static efi_handle_t handle;
 static u16 reset_message[] = u"Selftest completed";
@@ -41,7 +41,7 @@ void efi_st_exit_boot_services(void)
 	/* Do not detach devices in ExitBootServices. We need the console. */
 	efi_st_keep_devices = true;
 
-	ret = boottime->get_memory_map(&map_size, NULL, &map_key, &desc_size,
+	ret = st_boottime->get_memory_map(&map_size, NULL, &map_key, &desc_size,
 				       &desc_version);
 	if (ret != EFI_BUFFER_TOO_SMALL) {
 		efi_st_error(
@@ -50,19 +50,19 @@ void efi_st_exit_boot_services(void)
 	}
 	/* Allocate extra space for newly allocated memory */
 	map_size += sizeof(struct efi_mem_desc);
-	ret = boottime->allocate_pool(EFI_BOOT_SERVICES_DATA, map_size,
+	ret = st_boottime->allocate_pool(EFI_BOOT_SERVICES_DATA, map_size,
 				      (void **)&memory_map);
 	if (ret != EFI_SUCCESS) {
 		efi_st_error("AllocatePool did not return EFI_SUCCESS\n");
 		return;
 	}
-	ret = boottime->get_memory_map(&map_size, memory_map, &map_key,
+	ret = st_boottime->get_memory_map(&map_size, memory_map, &map_key,
 				       &desc_size, &desc_version);
 	if (ret != EFI_SUCCESS) {
 		efi_st_error("GetMemoryMap did not return EFI_SUCCESS\n");
 		return;
 	}
-	ret = boottime->exit_boot_services(handle, map_key);
+	ret = st_boottime->exit_boot_services(handle, map_key);
 	if (ret != EFI_SUCCESS) {
 		efi_st_error("ExitBootServices did not return EFI_SUCCESS\n");
 		return;
@@ -84,7 +84,7 @@ static int setup(struct efi_unit_test *test, unsigned int *failures)
 	if (!test->setup)
 		return EFI_ST_SUCCESS;
 	efi_st_printc(EFI_LIGHTBLUE, "\nSetting up '%s'\n", test->name);
-	ret = test->setup(handle, systable);
+	ret = test->setup(handle, st_systable);
 	if (ret != EFI_ST_SUCCESS) {
 		efi_st_error("Setting up '%s' failed\n", test->name);
 		++*failures;
@@ -240,8 +240,8 @@ void efi_st_do_tests(const u16 *testname, unsigned int phase,
  * All tests use a driver model and are run in three phases:
  * setup, execute, teardown.
  *
- * A test may be setup and executed at boottime,
- * it may be setup at boottime and executed at runtime,
+ * A test may be setup and executed at st_boottime,
+ * it may be setup at st_boottime and executed at runtime,
  * or it may be setup and executed at runtime.
  *
  * After executing all tests the system is reset.
@@ -257,14 +257,14 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle,
 	struct efi_loaded_image *loaded_image;
 	efi_status_t ret;
 
-	systable = systab;
-	boottime = systable->boottime;
-	runtime = systable->runtime;
+	st_systable = systab;
+	st_boottime = st_systable->boottime;
+	runtime = st_systable->runtime;
 	handle = image_handle;
-	con_out = systable->con_out;
-	con_in = systable->con_in;
+	con_out = st_systable->con_out;
+	con_in = st_systable->con_in;
 
-	ret = boottime->handle_protocol(image_handle, &efi_guid_loaded_image,
+	ret = st_boottime->handle_protocol(image_handle, &efi_guid_loaded_image,
 					(void **)&loaded_image);
 	if (ret != EFI_SUCCESS) {
 		efi_st_error("Cannot open loaded image protocol\n");
@@ -280,9 +280,9 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle,
 			list_all_tests();
 			/*
 			 * TODO:
-			 * Once the Exit boottime service is correctly
+			 * Once the Exit st_boottime service is correctly
 			 * implemented we should call
-			 *   boottime->exit(image_handle, EFI_SUCCESS, 0, NULL);
+			 *   st_boottime->exit(image_handle, EFI_SUCCESS, 0, NULL);
 			 * here, cf.
 			 * https://lists.denx.de/pipermail/u-boot/2017-October/308720.html
 			 */
@@ -300,7 +300,7 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle,
 					     efi_unit_test));
 
 	/* Allocate buffer for setup results */
-	ret = boottime->allocate_pool(EFI_RUNTIME_SERVICES_DATA, sizeof(int) *
+	ret = st_boottime->allocate_pool(EFI_RUNTIME_SERVICES_DATA, sizeof(int) *
 				      ll_entry_count(struct efi_unit_test,
 						     efi_unit_test),
 				      (void **)&setup_status);
@@ -309,7 +309,7 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle,
 		return ret;
 	}
 
-	/* Execute boottime tests */
+	/* Execute st_boottime tests */
 	efi_st_do_tests(testname, EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
 			EFI_ST_SETUP | EFI_ST_EXECUTE | EFI_ST_TEARDOWN,
 			&failures);
diff --git a/lib/efi_selftest/efi_selftest_ecpt.c b/lib/efi_selftest/efi_selftest_ecpt.c
new file mode 100644
index 0000000000..e8cc13545d
--- /dev/null
+++ b/lib/efi_selftest/efi_selftest_ecpt.c
@@ -0,0 +1,76 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * efi_selftest_fdt
+ *
+ * Copyright (c) 2022 Heinrich Schuchardt <xypron.glpk@gmx.de>
+ *
+ * Check the EFI_CONFORMANCE_PROFILE_TABLE
+ */
+
+#include <efi_selftest.h>
+
+static const efi_guid_t guid_ecpt = EFI_CONFORMANCE_PROFILES_TABLE_GUID;
+static const efi_guid_t guid_ebbr_2_0 = EFI_CONFORMANCE_PROFILE_EBBR_2_0_GUID;
+
+/*
+ * ecpt_find_guid() - find GUID in EFI Conformance Profile Table
+ *
+ * @ecpt:	EFI Conformance Profile Table
+ * @guid:	GUID to find
+ * Return:	EFI_ST_SUCCESS for success
+ */
+static int ecpt_find_guid(struct efi_conformance_profiles_table *ecpt,
+			  const efi_guid_t *guid) {
+	int i;
+
+	for (i = 0; i < ecpt->number_of_profiles; ++i) {
+		if (!memcmp(&ecpt->conformance_profiles[i], guid, 16))
+			return EFI_ST_SUCCESS;
+	}
+	efi_st_error("GUID %pU not found\n", guid);
+	return EFI_ST_FAILURE;
+}
+
+/*
+ * Execute unit test.
+ *
+ * Return:	EFI_ST_SUCCESS for success
+ */
+static int execute(void)
+{
+	struct efi_conformance_profiles_table *ecpt;
+	int expected_entries = 0;
+
+	ecpt = efi_st_get_config_table(&guid_ecpt);
+
+	if (!ecpt) {
+		efi_st_error("Missing EFI Conformance Profile Table\n");
+		return EFI_ST_FAILURE;
+	}
+
+	if (ecpt->version != EFI_CONFORMANCE_PROFILES_TABLE_VERSION) {
+		efi_st_error("Wrong table version\n");
+		return EFI_ST_FAILURE;
+	}
+
+	if (CONFIG_IS_ENABLED(EFI_EBBR_2_0_CONFORMANCE)) {
+		++expected_entries;
+		if (ecpt_find_guid(ecpt, &guid_ebbr_2_0))
+			return EFI_ST_FAILURE;
+	}
+
+	if (ecpt->number_of_profiles != expected_entries) {
+		efi_st_error("Expected %d entries, found %d\n",
+			     expected_entries, ecpt->number_of_profiles);
+		return EFI_ST_FAILURE;
+	}
+
+	return EFI_ST_SUCCESS;
+}
+
+
+EFI_UNIT_TEST(ecpt) = {
+	.name = "conformance profile table",
+	.phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
+	.execute = execute,
+};
diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c
index 114ac58bf5..aa3b13ae3a 100644
--- a/lib/efi_selftest/efi_selftest_fdt.c
+++ b/lib/efi_selftest/efi_selftest_fdt.c
@@ -144,23 +144,6 @@ static char *get_property(const u16 *property, const u16 *node)
 	return NULL;
 }
 
-/**
- * efi_st_get_config_table() - get configuration table
- *
- * @guid:	GUID of the configuration table
- * Return:	pointer to configuration table or NULL
- */
-static void *efi_st_get_config_table(const efi_guid_t *guid)
-{
-	size_t i;
-
-	for (i = 0; i < systab.nr_tables; i++) {
-		if (!guidcmp(guid, &systemtab->tables[i].guid))
-			return systemtab->tables[i].table;
-	}
-	return NULL;
-}
-
 /*
  * Setup unit test.
  *
diff --git a/lib/efi_selftest/efi_selftest_miniapp_exception.c b/lib/efi_selftest/efi_selftest_miniapp_exception.c
index 79f9a67859..a9ad381001 100644
--- a/lib/efi_selftest/efi_selftest_miniapp_exception.c
+++ b/lib/efi_selftest/efi_selftest_miniapp_exception.c
@@ -9,6 +9,7 @@
 
 #include <common.h>
 #include <efi_api.h>
+#include <host_arch.h>
 
 /*
  * Entry point of the EFI application.
@@ -33,11 +34,17 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle,
 	asm volatile (".word 0xe7f7defb\n");
 #elif defined(CONFIG_RISCV)
 	asm volatile (".word 0xffffffff\n");
+#elif defined(CONFIG_X86)
+	asm volatile (".word 0xffff\n");
 #elif defined(CONFIG_SANDBOX)
+#if (HOST_ARCH == HOST_ARCH_ARM || HOST_ARCH == HOST_ARCH_AARCH64)
+	asm volatile (".word 0xe7f7defb\n");
+#elif (HOST_ARCH == HOST_ARCH_RISCV32 || HOST_ARCH == HOST_ARCH_RISCV64)
 	asm volatile (".word 0xffffffff\n");
-#elif defined(CONFIG_X86)
+#elif (HOST_ARCH == HOST_ARCH_X86 || HOST_ARCH == HOST_ARCH_X86_64)
 	asm volatile (".word 0xffff\n");
 #endif
+#endif
 	con_out->output_string(con_out, u"Exception not triggered.\n");
 	return EFI_ABORTED;
 }
diff --git a/lib/efi_selftest/efi_selftest_util.c b/lib/efi_selftest/efi_selftest_util.c
index dba02d6b56..7e03e0c939 100644
--- a/lib/efi_selftest/efi_selftest_util.c
+++ b/lib/efi_selftest/efi_selftest_util.c
@@ -110,3 +110,14 @@ int efi_st_strcmp_16_8(const u16 *buf1, const char *buf2)
 	}
 	return 0;
 }
+
+void *efi_st_get_config_table(const efi_guid_t *guid)
+{
+	size_t i;
+
+	for (i = 0; i < st_systable->nr_tables; i++) {
+		if (!guidcmp(guid, &st_systable->tables[i].guid))
+			return st_systable->tables[i].table;
+	}
+	return NULL;
+}
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c
index 22a769c587..d0e3ab1b21 100644
--- a/lib/tpm-v1.c
+++ b/lib/tpm-v1.c
@@ -456,12 +456,13 @@ u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm)
 		0x0, 0x0, 0x0, 0x4,
 	};
 	const size_t index_offset = 18;
-	const size_t perm_offset = 60;
+	const size_t perm_offset = 74;
 	u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
 	size_t response_length = sizeof(response);
 	u32 err;
 
-	if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command),
+	if (pack_byte_string(buf, sizeof(buf), "sd",
+			     0, command, sizeof(command),
 			     index_offset, index))
 		return TPM_LIB_ERROR;
 	err = tpm_sendrecv_command(dev, buf, response, &response_length);
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 1bf627853a..697b982e07 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -89,14 +89,18 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 	 * Calculate the offset of the nv_policy piece by adding each of the
 	 * chunks below.
 	 */
-	uint offset = 10 + 8 + 13 + 14;
+	const int platform_len = sizeof(u32);
+	const int session_hdr_len = 13;
+	const int message_len = 14;
+	uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len +
+		message_len;
 	u8 command_v2[COMMAND_BUFFER_SIZE] = {
 		/* header 10 bytes */
 		tpm_u16(TPM2_ST_SESSIONS),	/* TAG */
-		tpm_u32(offset + nv_policy_size),/* Length */
+		tpm_u32(offset + nv_policy_size + 2),/* Length */
 		tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */
 
-		/* handles 8 bytes */
+		/* handles 4 bytes */
 		tpm_u32(TPM2_RH_PLATFORM),	/* Primary platform seed */
 
 		/* session header 13 bytes */
@@ -107,12 +111,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 		tpm_u16(0),			/* auth_size */
 
 		/* message 14 bytes + policy */
-		tpm_u16(12 + nv_policy_size),	/* size */
+		tpm_u16(message_len + nv_policy_size),	/* size */
 		tpm_u32(space_index),
 		tpm_u16(TPM2_ALG_SHA256),
 		tpm_u32(nv_attributes),
 		tpm_u16(nv_policy_size),
-		/* nv_policy */
+		/*
+		 * nv_policy
+		 * space_size
+		 */
 	};
 	int ret;
 
@@ -120,8 +127,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index,
 	 * Fill the command structure starting from the first buffer:
 	 *     - the password (if any)
 	 */
-	ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
-			       offset, nv_policy, nv_policy_size);
+	ret = pack_byte_string(command_v2, sizeof(command_v2), "sw",
+			       offset, nv_policy, nv_policy_size,
+			       offset + nv_policy_size, space_size);
 	if (ret)
 		return TPM_LIB_ERROR;
 
@@ -157,6 +165,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm,
 	};
 	int ret;
 
+	if (!digest)
+		return -EINVAL;
 	/*
 	 * Fill the command structure starting from the first buffer:
 	 *     - the digest
@@ -669,3 +679,49 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf,
 {
 	return tpm_sendrecv_command(dev, sendbuf, recvbuf, recv_size);
 }
+
+u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd,
+		      u8 *recvbuf, size_t *recv_size)
+{
+	u8 command_v2[COMMAND_BUFFER_SIZE] = {
+		/* header 10 bytes */
+		tpm_u16(TPM2_ST_NO_SESSIONS),		/* TAG */
+		tpm_u32(10 + 2),			/* Length */
+		tpm_u32(vendor_cmd),	/* Command code */
+
+		tpm_u16(vendor_subcmd),
+	};
+	int ret;
+
+	ret = tpm_sendrecv_command(dev, command_v2, recvbuf, recv_size);
+	log_debug("ret=%s, %x\n", dev->name, ret);
+	if (ret)
+		return ret;
+	if (*recv_size < 12)
+		return -ENODATA;
+	*recv_size -= 12;
+	memcpy(recvbuf, recvbuf + 12, *recv_size);
+
+	return 0;
+}
+
+u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,
+			  uint vendor_subcmd)
+{
+	u8 command_v2[COMMAND_BUFFER_SIZE] = {
+		/* header 10 bytes */
+		tpm_u16(TPM2_ST_NO_SESSIONS),		/* TAG */
+		tpm_u32(10 + 2),			/* Length */
+		tpm_u32(vendor_cmd),	/* Command code */
+
+		tpm_u16(vendor_subcmd),
+	};
+	int ret;
+
+	ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL);
+	log_debug("ret=%s, %x\n", dev->name, ret);
+	if (ret)
+		return ret;
+
+	return 0;
+}
diff --git a/lib/tpm_api.c b/lib/tpm_api.c
index 032f383ca0..7e8df8795e 100644
--- a/lib/tpm_api.c
+++ b/lib/tpm_api.c
@@ -140,15 +140,17 @@ u32 tpm_write_lock(struct udevice *dev, u32 index)
 }
 
 u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest,
-		   void *out_digest)
+		   uint size, void *out_digest, const char *name)
 {
-	if (tpm_is_v1(dev))
+	if (tpm_is_v1(dev)) {
 		return tpm1_extend(dev, index, in_digest, out_digest);
-	else if (tpm_is_v2(dev))
+	} else if (tpm_is_v2(dev)) {
 		return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest,
 				       TPM2_DIGEST_LEN);
-	else
+		/* @name is ignored as we do not support the TPM log here */
+	} else {
 		return -ENOSYS;
+	}
 }
 
 u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count)
diff --git a/lib/uuid.c b/lib/uuid.c
index 284f8113ff..465e1ac38f 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -220,6 +220,10 @@ static const struct {
 		"TCG2 Final Events Table",
 		EFI_TCG2_FINAL_EVENTS_TABLE_GUID,
 	},
+	{
+		"EFI Conformance Profiles Table",
+		EFI_CONFORMANCE_PROFILES_TABLE_GUID,
+	},
 #ifdef CONFIG_EFI_RISCV_BOOT_PROTOCOL
 	{
 		"RISC-V Boot",