Commit graph

3141 commits

Author SHA1 Message Date
Jan Kiszka
90c52423be lib/date: Make rtc_mktime and mktime64 Y2038-ready
We currently overflow due to wrong types used internally in rtc_mktime,
on all platforms, and we return a too small type on 32-bit.

One consumer that directly benefits from this is mktime64. Many others
may still store the result in a wrong type.

While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
714209832d).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-05-05 15:06:02 -04:00
AKASHI Takahiro
4e65ca00f3 efi_loader: bootmgr: add booting from removable media
Under the current implementation, booting from removable media using
a architecture-specific default image name, say BOOTAA64.EFI, is
supported only in distro_bootcmd script. See the commit 74522c898b
("efi_loader: Add distro boot script for removable media").

This is, however, half-baked implementation because
1) UEFI specification requires this feature to be implemented as part
   of Boot Manager's responsibility:

  3 - Boot Manager
  3.5.1 Boot via the Simple File Protocol
  When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will
  start with a device path that points to the device that implements the
  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next
  part of the FilePath may point to the file name, including
  subdirectories, which contain the bootable image. If the file name is
  a null device path, the file name must be generated from the rules
  defined below.
  ...
  3.5.1.1 Removable Media Boot Behavior
  To generate a file name when none is present in the FilePath, the
  firmware must append a default file name in the form
  \EFI\BOOT\BOOT{machine type short-name}.EFI ...

2) So (1) entails the hehavior that the user's preference of boot media
   order should be determined by Boot#### and BootOrder variables.

With this patch, the semantics mentioned above is fully implemented.
For example, if you want to boot the system from USB and SCSI in this
order,
* define Boot0001 which contains only a device path to the USB device
  (without any file path/name)
* define Boot0002 which contains only a device path to the SCSI device,
and
* set BootOrder to Boot0001:Boot0002

To avoid build error for sandbox, default file name "BOOTSANDBOX.efi"
is defined even if it is out of scope of UEFI specification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
On sandbox use binary name corresponding to host architecture.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
AKASHI Takahiro
d8465ffc01 efi_loader: export efi_locate_device_handle()
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Masahisa Kojima
eca08ce94c lib/charset: add u16_strlcat() function
Provide u16 string version of strlcat().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
d30924f16b lib: fix selection of CONFIG_CHARSET
lib/charset.c is not optional for
EFI_APP || EFI_LOADER || UFS || UT_UNICODE.
These must select CONFIG_CHARSET.

Fixes: 726cd9836d ("efi: Make unicode printf available to the app")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
c900a42eb0 efi_selftest: error handling in efi_selftest_tcg2
If memory allocation fails, write an error message.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
0db8221f32 efi_selftest: clean up unaligned unit test
* fix typo %s/give/given/
* don't use void * in pointer arithmetic

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
1b2c3e543c efi_selftest: buildefi_selftest_unaligned.c
The unit test has not been built since CPU_V7 was rename CPU_V7A.

Fixes: acf1500138 ("arm: v7: Kconfig: Rename CPU_V7 as CPU_V7A")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
5c1037d578 efi_loader: reset colors before clearing screen
When resetting the text console the colors have to be set before clearing
the screen. Otherwise the background color may be wrong.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Simon Glass
747093dd40 vpl: Add Kconfig options for VPL
Add VPL versions of commonly used Kconfig options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-05-02 09:58:13 -04:00
AKASHI Takahiro
6c640422ba efi_loader: disk: allow blk devices even without UCLASS_PARTITION
While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is
seen optional under the current implementation.
So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices.

Fixes: commit d97e98c887 ("efi_loader: disk: use udevice instead of blk_desc")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Mark Kettenis <kettenis@openbsd.org>
2022-04-29 14:25:40 +02:00
Heinrich Schuchardt
8da26f5156 efi_loader: simplify efi_add_conventional_memory_map()
Remove redundant constraint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
4f419960bf efi_loader: simplify try_load_entry()
Use function efi_create_indexed_name() to create the BootXXXX variable
name.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
dd1086ac6b efi: fix devpath_is_partition()
If the path consists only of an end node, it does not refer to a partition.
Avoid returning a random value from the stack in this case.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
7ea79e511d efi_loader: don't call log with __func__ as parameter
The log functions print file name, line number, and function name if
selected via the log command or customizing. Don't print the function
name twice.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:23:30 +02:00
Tom Rini
11232139e3 nds32: Remove the architecture
As removal of nds32 has been ack'd for the Linux kernel, remove support
here as well.

Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-04-25 16:04:05 -04:00
Tom Rini
8cfac237b9 Merge branch '2022-04-25-initial-implementation-of-stdboot'
To quote the author:
The bootflow feature provide a built-in way for U-Boot to automatically
boot an Operating System without custom scripting and other customisation.
This is called 'standard boot' since it provides a standard way for
U-Boot to boot a distro, without scripting.

It introduces the following concepts:

   - bootdev - a device which can hold a distro
   - bootmeth - a method to scan a bootdev to find bootflows (owned by
                U-Boot)
   - bootflow - a description of how to boot (owned by the distro)

This series provides an implementation of these, enabled to scan for
bootflows from MMC, USB and Ethernet. It supports the existing distro
boot as well as the EFI loader flow (bootefi/bootmgr). It works
similiarly to the existing script-based approach, but is native to
U-Boot.

With this we can boot on a Raspberry Pi 3 with just one command:

   bootflow scan -lb

which means to scan, listing (-l) each bootflow and trying to boot each
one (-b). The final patch shows this.

With a standard way to identify boot devices, booting become easier. It
also should be possible to support U-Boot scripts, for backwards
compatibility only.

...

The design is described in these two documents:

https://drive.google.com/file/d/1ggW0KJpUOR__vBkj3l61L2dav4ZkNC12/view?usp=sharing

https://drive.google.com/file/d/1kTrflO9vvGlKp-ZH_jlgb9TY3WYG6FF9/view?usp=sharing
2022-04-25 16:02:27 -04:00
Simon Glass
8565efd509 lib: Add a way to find the postiion of a trailing number
At present it is not possible to find out which part of the string is the
number part and which is before it. Add a new variant which provides this
feature, so we can separate the two in the caller.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Simon Glass
d667a0d8f4 lib: Fix a few bugs in trailing_strtoln()
At present this has a minor bug in that it reads the byte before the
start of the string, if it is empty. Also it doesn't handle a
non-numeric prefix which is only one character long.

Fix these bugs with a reworked implementation. Add a test for the second
case. The first one is hard to test.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Tom Rini
46a06ed82a Pull request for efi-2022-07-rc1-3
Documentation:
 
 * Document image size parameter of bootefi command
 
 UEFI:
 
 * avoid building partition support in SPL/TPL where not required
 * improve integration of EFI subsystem and driver model
 * restore ability to boot arbitrary blob
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJka8UACgkQxIHbvCwF
 GsQXVw/+OuG4lYgiBZUUOFtu7CZZTrEnMGszRhXmwEzTMNq2NBNRP1lRJFhyyU50
 ElS/I7wZwhFtEnsL5H4mf3Ww7BQLELecg/Q7bnDYhPNg4JWUWUSCGOVUkNRs5O1h
 3f6HBkdbvDVvITgopqEj1v4sNwSJCr8sFJQPe0o7i9FAb0+dbO/Er3Z6afp9vcsQ
 C6iiNq4zTaGm0YUZf1wOCJMngijvkJ+z+McAFCCAwH0zbT7GfNpmGNr8iviYPWJM
 tKzkvO73+LhGR6fgRl9XewbV0Mlkd2q54nfZrP+7tTycIrj0G/OUOyPnOUaJk485
 keouzcIVSzZGjeQtsZ9Rrw8EounuMJ/pRyGNsoWIyeY98gqJxtVYnrlNm/TvFs6F
 vALsqq0LsRkVmM/ut8eleV/U8Q6n6IYL4xtAH0tm4Jf4mrW1zt8IgWQnNOlHqg9J
 RjOAF0y38KUAoC7RzGjU+RJcWPoYuKGxEWEdGvIu3qP9blwaZ7UKRxqWilOgbypf
 pxbp9YsnT8pqY9cs6mzSZHPjJFSMVocaRzD521kgShS4cxOJHpZHU4wzd5hS4BFr
 BIMCSPPyuRmn3E2DDqncEtL4C7OoPV+LLXVyrF2neiWwjMd/4rGAoYnDwjRkD7dP
 uSFsNt9N3Mqpjwl/iMI5Kd+mOJ77TWnf9fKrEft4BIXexopzAms=
 =a5qc
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-07-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-07-rc1-3

Documentation:

* Document image size parameter of bootefi command

UEFI:

* avoid building partition support in SPL/TPL where not required
* improve integration of EFI subsystem and driver model
* restore ability to boot arbitrary blob
2022-04-23 18:42:00 -04:00
AKASHI Takahiro
d97e98c887 efi_loader: disk: use udevice instead of blk_desc
In most of all cases, we can avoid using blk_desc which is expected
to be private to udevice(UCLASS_BLK), that is, the data should not
be manipulated outside the device driver unless really needed.

Now efi_disk's internally use dev_read/write() interfaces
if CONFIG_PARTITIONS is enabled.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a3cb34e9b7 efi_loader: disk: not delete BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
b406eb04c3 efi_loader: disk: a helper function to delete efi_disk objects
This function is expected to be called, in particular from dm's pre_remove
hook, when associated block devices no longer exist.

Add efi_disk_remove() function.
This function removes an efi_disk object for a raw disk device (UCLASS_BLK)
and related objects for its partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "remove"
interface every time a raw disk device is to be disconnected.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
3c809dfed7 efi_loader: disk: not create BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a9bf024b29 efi_loader: disk: a helper function to create efi_disk objects from udevice
Add efi_disk_probe() function.
This function creates an efi_disk object for a raw disk device (UCLASS_BLK)
and additional objects for related partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "probe"
interface every time one raw disk device is detected and activated.
We assume that partition devices (UCLASS_PARTITION) have been created
when this function is invoked.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a57ad20d07 efi_loader: split efi_init_obj_list() into two stages
In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated
in order to support dynamic enumeration of efi_disk objects.

This can, however, be problematic particularly in case of file-based
variable storage (efi_variable.c, default).
Non-volatile variables are to be restored from EFI system partition
by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list()
is called in board_init_r(), we don't know yet what disk devices
we have since none of device probing commands (say, scsi rescan) has not
been executed at that stage.

So in this commit, a preparatory change is made; efi_init_obj_list() is
broken into the two functions;
   * efi_init_early(), and
   * new efi_init_obj_list()

Only efi_init_early() will be called in board_init_r(), which allows
us to execute any of device probing commands, either though "preboot"
variable or normal command line, before calling efi_init_obj_list() which
is to be invoked at the first execution of an efi-related command
(or at efi_launch_capsules()) as used to be.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
38f255b960 efi_loader: disk: compile efi_disk when CONFIG_BLK
Now we can build efi_loader with block device support (CONFIG_BLK) and
without CONFIG_PARTITIONS.
So change Makefile.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:34 +02:00
AKASHI Takahiro
7a06fd7579 efi_loader: PARTITION_UUIDS should be optional
In the current implementation, partition table support (either GPT or DOS)
is not mandatory. So CONFIG_PARTITION_UUIDS should not be enabled
(selected) unconditionally.

Fixes: commit 17f8cda505 ("efi_loader: set partition GUID in device path for SIG_TYPE_GUID")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-23 22:05:34 +02:00
Andrew Abbott
0de71bb580 fdt: Fix TPL SEPARATE_BSS check when locating DTB
Commit 690af71850 changed this condition
from an explicit

IS_ENABLED(CONFIG_SPL_SEPARATE_BSS)

to

CONFIG_IS_ENABLED(SEPARATE_BSS)

The documentation for CONFIG_IS_ENABLED() in include/linux/kconfig.h
implies that we will get the correct behaviour, but the actual behaviour
differs such that this condition is now always false.

This stopped TPL being able to load the device tree blob at least on the
ROCKPro64 board (RK3399 SoC), since the wrong device tree location was
chosen.

The issues causing this behaviour with CONFIG_IS_ENABLED() are:

1. The documentation implies that CONFIG_SPL_BUILD =>
   CONFIG_SPL_<option> is considered before the TPL equivalent.

   Actually, the TPL options have higher priority - see definition of
   _CONFIG_PREFIX.

2. The documentation implies a fallthrough, eg. if CONFIG_SPL_BUILD is
   defined but the CONFIG_SPL_<option> is not, then it will proceed to
   check if CONFIG_TPL_BUILD

   Actually, if CONFIG_TPL_BUILD is defined, then it stops there
   and CONFIG_SPL_BUILD is not considered - see definition of
   _CONFIG_PREFIX.

   During TPL build, at least for the ROCKPro64, both CONFIG_TPL_BUILD
   and CONFIG_SPL_BUILD are defined, but because of the above, only TPL
   options are considered. Since there is no CONFIG_TPL_SEPARATE_BSS,
   this fails.

Fixes: 690af71850 ("fdt: Correct condition for SEPARATE_BSS")
Signed-off-by: Andrew Abbott <andrew@mirx.dev>
2022-04-22 15:44:10 -04:00
Pali Rohár
1a47e6d47c crc16: Move standard CRC-16 implementation from ubifs to lib
This implementation provides standard CRC-16 algorithm with polynomial
x^16 + x^15 + x^2 + 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
bb3d71b7ef crc16-ccitt: Rename file with CRC-16-CCITT implementation to crc16-ccitt.c
U-Boot CRC-16 implementation uses polynomial x^16 + x^12 + x^5 + 1 which is
not standard CRC-16 algorithm, but it is known as CRC-16-CCITT. Rename file
crc16.c to crc16-ccitt.c to reduce confusion.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Heinrich Schuchardt
8bf5f9af3b efi_loader: simplify efi_serialize_load_option()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
b27d8e4037 efi_loader: EFI_HII_STRING_PROTOCOL.GetString()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
967407defe lib: simplify u16_strdup()
Use u16_strsize() instead of duplicating it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Heinrich Schuchardt
0121282d1a lib: convert u16_strlen() into a macro
The function u16_strlen() can be implemented as call to u16_strnlen().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Sughosh Ganu
9736287173 FMP: Remove GUIDs for FIT and raw images
The capsule update code has been modified for getting the image GUID
values from the platform code. With this, each image now has a unique
GUID value. With this change, there is no longer a need for defining
GUIDs for FIT and raw images. Remove these GUID values.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
a9e6f01a94 efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled
Currently, there are a bunch of boards which enable the UEFI capsule
update feature. The actual update of the firmware images is done
through the dfu framework which uses the dfu_alt_info environment
variable for getting information on the update, like device, partition
number/address etc. The dfu framework allows the variable to be set
through the set_dfu_alt_info function defined by the platform, or if
the function is not defined, it gets the variable from the
environment. Using the value set in the environment is not very
robust, since the variable can be modified from the u-boot command
line and this can cause an incorrect update.

To prevent this from happening, define the set_dfu_alt_info function
when the capsule update feature is enabled. A weak function is defined
which sets the dfu_alt_info environment variable by getting the string
for the variable from the platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
7cf06f09cc capsule: Put a check for image index before the update
The current capsule update code compares the image GUID value in the
capsule header with the image GUID value obtained from the
GetImageInfo function of the Firmware Management Protocol(FMP). This
comparison is done to ascertain if the FMP's SetImage function can be
called for the update. Make this checking more robust by comparing the
image_index value passed through the capsule with that returned by the
FMP's GetImageInfo function. This protects against the scenario of the
firmware being updated in a wrong partition/location on the storage
device if an incorrect value has been passed through the capsule,
since the image_index is used to determine the location of the update
on the storage device.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
1ea06bc929 capsule: FMP: Populate the image descriptor array from platform data
Currently, the image descriptor array that has been passed to the
GetImageInfo function of the Firmware Management Protocol(FMP) gets
populated through the data stored with the dfu framework. The
dfu data is not restricted to contain information only of the images
updatable through the capsule update mechanism, but it also contains
information on other images. The image descriptor array is also parsed
by the ESRT generation code, and thus the ESRT table contains entries
for other images that are not being handled by the FMP for the capsule
updates. Fix this by populating the image descriptor array from the
structure initialised in the board file.

The other issue fixed is assignment of a separate GUID for all images
in the image descriptor array. The UEFI specification mandates that
all entries in the ESRT table should have a unique GUID value as part
of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all
images are assigned a single GUID value, either an FIT GUID or a raw
image GUID. This is fixed by obtaining the GUID values from the
efi_fw_images array defined per platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Dhananjay Phadke
e146a2c12f lib/crypto: support sha384/sha512 in x509/pkcs7
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-11 11:39:19 -04:00
SESA644425
81eff51047 lib: rsa: Update function padding_pss_verify (any-salt)
Modify function to support any salt length instead of max
length only. Function now detects salt length by parsing
the content of db buffer. Note that it works with (but is
not limited to) zero-length, digest-length and max-length

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
fb7330545e lib: rsa: Leverage existing data buffer instead of systematic copy
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to reduce memory
consumption of function by replacing memory copies of parts of
const buffer by pointers to the original buffer (masked_db and
h are subparts of msg buffer which is declared const, salt is a
subpart of db which is a working buffer, unmodified after being
filled). New pointers scope is limited to the function where
they are declared (not returned to caller by any mean), zeroing
risk of memory fault related to the change.

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
c755aa8a1d lib: rsa: Fix const-correctness of rsassa_pss functions
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to update
const-correctness in targeted functions to comply with
coding-rules and avoid const-cast

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
Masami Hiramatsu
7660cfee0f efi_loader: Use sysreset instead of reset command
Use sysreset_walk_halt() directly from reset-after-capsule-on-disk
feature to reboot (cold reset) machine instead of using reset command
interface, since this is not a command.
Note that this will make CONFIG_EFI_CAPSULE_ON_DISK depending on
the CONFIG_SYSRESET.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-09 21:06:31 +02:00
Masami Hiramatsu
39bdf11580 efi_loader: Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK=n
Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK
is disabled because the caller (efi_init_obj_list()) expects it only
relays on EFI_HAVE_CAPSULE_SUPPORT.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-09 21:06:31 +02:00
Tom Saeger
f2288a26ab efi_loader: optional persistence of variables
Since be66b89da3 ("efi_loader: configuration of variables store")
the choice of EFI_VARIABLE_FILE_STORE or EFI_MM_COMM_TEE
is mutually-exclusive, however efi_var_to_file also allows
for "neither". Provide an additional Kconfig option.

Signed-off-by: Tom Saeger <tom.saeger@oracle.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-09 21:06:31 +02:00
Simon Glass
b7463f198d Make ASYMMETRIC_KEY_TYPE depend on FIT_SIGNATURE
Add this dependency to avoid a build error if FIT_SIGNATURE is not
enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:03:17 -04:00
Simon Glass
ccfc9d7841 lzma: Tidy up the function prototype
This should use a const pointer for the input stream. Fix this and also
add a proper comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
423cf0acda fdt: sandbox: Avoid looking for an appended device tree
We don't use an appended tree for sandbox and the required symbols are
not present. Add a condition to avoid a build error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
690af71850 fdt: Correct condition for SEPARATE_BSS
This may have different settings for SPL and TPL. Correct the condition.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Simon Glass
99aca9efe1 abuf: Correct a corner case with abuf_realloc()
If the buffer is empty and not allocated, then abuf_realloc() tries to
copy invalid data. This happens because an incorrect change to use
memdup() was added after the original code was written.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00
Tom Rini
01f1ab67f3 Merge branch 'next'
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-04-04 10:48:44 -04:00
Philippe Reynes
f6bacf1d48 lib: rsa: allow rsa verify with pkey in SPL
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
e44ec9f709 lib: crypto: allow to build crypyo in SPL
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
fd210fee1d lib: allow to build asn1 decoder and oid registry in SPL
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
7d44a98517 lib: Kconfig: enhance the help of OID_REGISTRY
Enhance the help for the config OID_REGISTRY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Philippe Reynes
a0e71d9614 lib: Kconfig: enhance help for ASN1
Enhance the help for configs ASN1_COMPILER
and ASN1_decoder.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Andy Shevchenko
b6370aca37 efi_loader: initrddump: Actually use the custom CFLAGS
It seems a copy'n'paste typo when tool had been introduced.
It has never had the 'exit' suffix in the file name. Hence,
the custom CFLAGS never been applied and, for example, BFD
linker complains:

  LD      lib/efi_loader/initrddump_efi.so
  ld.bfd: lib/efi_loader/initrddump.o: warning: relocation in read-only section `.text.efi_main'
  ld.bfd: warning: creating DT_TEXTREL in a shared object

Remove wrong 'exit' suffix from the custom CFLAGS variable.

Fixes: 65ab48d69d ("efi_selftest: provide initrddump test tool")
Fixes: 9c045a49a9 ("efi_loader: move dtbdump.c, initrddump.c to lib/efi_loader")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-31 19:06:17 +02:00
Simon Glass
1fa43cad86 video: Drop references to CONFIG_VIDEO et al
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.

Also drop the prototype for video_get_info_str() which is no-longer used.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jason Liu <jason.hui.liu@nxp.com>
2022-03-28 20:17:07 +02:00
Tom Rini
34d2b7f203 Prepare v2022.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmJBxXQACgkQFHw5/5Y0
 tywKKAv+L+sCmqfJ4Zy2cdzWkGZI3NZMWi8yzUUU37RH5I+3Blht+z6dMslm9gCB
 7/PwS5y7WH3l3wEdeXcw4FUCgNh3D8YyfCcVCsQ0Qxig49xwWz8Jn6t+haOWD6eW
 uXim+gSG+ceWTBrKf3InzXN5fHPIcF66r+k3opwAwIYKpT8p8CgM4ewshBCAsc6t
 6qSLf+A64JNv/y2DTS+sPDY68tnplbyRvrNb6YEazOF6b6SnSE2j+EH8RkIZ+2yT
 cTUhQ2o9JJIKnaG9MTqHB+XVe80oPB7bTWInFo2JxGn98XeS7CTCcnDZhLqWrvHF
 gBfcpEcVE2blVbg/Vo2x4rnU1dop44ch6pE9k5SPFJcPdlzdwFHHgGyfGi9LtD4K
 JAvaIQdz6ZEOQqShpCxcbL/g2/uoRaXFqC7E8IE+WdFMXGBQoZpqaoBMoefnyplk
 xrzqaQye38JgZDX0ku4cm4SMArAfr4sVHcdDlSlzY3y2KQ8Ead25irRvq7GoQ2Ad
 Odo9taQF
 =9g2Y
 -----END PGP SIGNATURE-----

Merge tag 'v2022.04-rc5' into next

Prepare v2022.04-rc5
2022-03-28 12:36:49 -04:00
Heinrich Schuchardt
24cf707ed7 efi_loader: initrddump: drain input before prompt
Up to now the initrddump.efi application has drained the input after
showing the prompt. This works for humans but leads to problems when
automating testing. If the input is drained, this should be done before
showing the prompt.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
ae794fae09 efi_loader: nocolor command line attr for initrddump.efi
initrddump.efi uses colored output and clear the screen. This is not
helpful for integration into Python tests. Allow specifying 'nocolor' in
the load option data to suppress color output and clearing the screen.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
df96deeed6 efi_loader: typo devie-path
%s/devie-path/device-path/

Reported-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-26 07:46:21 +01:00
Heinrich Schuchardt
9c045a49a9 efi_loader: move dtbdump.c, initrddump.c to lib/efi_loader
The tools dtbdump.efi and initrddump.efi are useful for Python testing even
if CONFIG_EFI_SELFTEST=n.

Don't clear the screen as it is incompatible with Python testing.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 17:01:00 +01:00
Heinrich Schuchardt
b78631d54f efi_loader: remove efi_disk_is_system_part()
The block IO protocol may be installed on any handle. We should make
no assumption about the structure the handle points to.

efi_disk_is_system_part() makes an illegal widening cast from a handle
to a struct efi_disk_obj. Remove the function.

Fixes: Fixes: 41fd506842 ("efi_loader: disk: add efi_disk_is_system_part()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
9cdf470274 efi_loader: support booting via short-form device-path
The boot manager must support loading from boot options using a short-form
device-path, e.g. one where the first element is a hard drive media path.

See '3.1.2 Load Options Processing' in UEFI specification version 2.9.

Fixes: 0e074d1239 ("efi_loader: carve out efi_load_image_from_file()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
e46ef1db9e efi_loader: efi_dp_find_obj() add protocol check
Let function efi_dp_find_obj() additionally check if a given protocol is
installed on the handle relating to the device-path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
c409593d08 efi_loader: fix efi_dp_find_obj()
efi_dp_find_obj() should not return any handle with a partially matching
device path but the handle with the maximum matching device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Heinrich Schuchardt
8399488672 efi_loader: export efi_dp_shorten()
Rename function shorten_path() to efi_dp_shorten() and export it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Ilias Apalodimas
ff6af6eede efi_loader: Set variable attributes when EFI_BUFFER_TOO_SMALL is returned
Starting UEFI Spec 2.8 we must fill in the variable attributes when
GetVariable() returns EFI_BUFFER_TOO_SMALL and Attributes is non-NULL.

This code was written with 2.7 in mind so let's move the code around a
bit and fill in the attributes EFI_BUFFER_TOO_SMALL is returned

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
Huang Jianan
26c7fdadcb lib/lz4: update LZ4 decompressor module
Update the LZ4 compression module based on LZ4 v1.8.3 in order to
use the newest LZ4_decompress_safe_partial() which can now decode
exactly the nb of bytes requested.

Signed-off-by: Huang Jianan <jnhuang95@gmail.com>
2022-03-15 16:19:29 -04:00
Heinrich Schuchardt
66028930da efi_loader: copy GUID in InstallProtocolInterface()
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-12 12:27:07 +01:00
Yann Droneaud
9b5ad4f5da lib: rsa: use actual OpenSSL 1.1.0 EVP MD API
Since OpenSSL 1.1.0, EVP_MD_CTX_create() is EVP_MD_CTX_new()
                     EVP_MD_CTX_destroy() is EVP_MD_CTX_free()
                     EVP_MD_CTX_init() is EVP_MD_CTX_reset()

As there's no need to reset a newly created EVP_MD_CTX, moreover
EVP_DigestSignInit() does the reset, thus call to EVP_MD_CTX_init()
can be dropped.
As there's no need to reset an EVP_MD_CTX before it's destroyed,
as it will be reset by EVP_MD_CTX_free(), call to EVP_MD_CTX_reset()
is not needed and can be dropped.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
2022-03-04 15:20:07 -05:00
Masahisa Kojima
3fa9ed9ae3 efi_loader: update the timing of enabling and disabling EFI watchdog
UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

 1) The EFI Image may reset or disable the watchdog timer as needed.
 2) If control is returned to the firmware's boot manager,
    the watchdog timer must be disabled.
 3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
    the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
3e6f810006 efi_loader: test/py: Reset system after capsule update on disk
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;

    In all cases that a capsule is identified for processing the system is
    restarted after capsule processing is completed.

This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
a6aafce494 efi_loader: use efi_update_capsule_firmware() for capsule on disk
Since the efi_update_capsule() represents the UpdateCapsule() runtime
service, it has to handle the capsule flags and update ESRT. However
the capsule-on-disk doesn't need to care about such things.

Thus, the capsule-on-disk should use the efi_capsule_update_firmware()
directly instead of calling efi_update_capsule().

This means the roles of the efi_update_capsule() and capsule-on-disk
are different. We have to keep the efi_update_capsule() for providing
runtime service API at boot time.

Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
bdcc0a9594 efi_loader: fix uefi secure boot with intermediate certs
The general rule of accepting or rejecting an image is
 1. Is the sha256 of the image in dbx
 2. Is the image signed with a certificate that's found in db and
    not in dbx
 3. The image carries a cert which is signed by a cert in db (and
    not in dbx) and the image can be verified against the former
 4. Is the sha256 of the image in db

For example SHIM is signed by "CN=Microsoft Windows UEFI Driver Publisher",
which is issued by "CN=Microsoft Corporation UEFI CA 2011", which in it's
turn is issued by "CN=Microsoft Corporation Third Party Marketplace Root".
The latter is a self-signed CA certificate and with our current implementation
allows shim to execute if we insert it in db.

However it's the CA cert in the middle of the chain which usually ends up
in the system's db.  pkcs7_verify_one() might or might not return the root
certificate for a given chain.  But when verifying executables in UEFI,  the
trust anchor can be in the middle of the chain, as long as that certificate
is present in db.  Currently we only allow this check on self-signed
certificates,  so let's remove that check and allow all certs to try a
match an entry in db.

Open questions:
- Does this break any aspect of variable authentication since
  efi_signature_verify() is used on those as well?

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
54cebe8a3a efi_loader: fix dual signed image certification
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
Moritz Fischer
058fb9f5ff acpi: Move MCFG implementation to common lib
MCFG tables are used on multiple arches. Move to common ACPI lib.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use sizeof(*mcfg) instead of sizeof(*header)
Signed-off-by: Simon Glass <sjg@chromium.org>
2022-02-09 12:30:13 -07:00
Simon Glass
e2bceb0331 efi: Drop unnecessary calls to blk_find_device()
When we have the block descriptor we can simply access the device. Drop
the unnecessary function call.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Simon Glass
377d39d178 efi: Use device_get_uclass_id() where appropriate
Use this function rather than following the pointers, since it is there
for this purpose.

Add the uclass name to the debug call at the end of dp_fill() since it is
quite useful.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
3c95b323c7 efi_loader: add handle for UART
When loading an EFI binary via the UART we assign a UART device path to it.
But we lack a handle with that device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
915623c0d3 efi_loader: fix text output for Uart() DP nodes
The UEFI specification concerning Uart() device path nodes has been
clarified:

Parity and stop bits can either both use keywords or both use
numbers but numbers and keywords should not be mixed.

Let's go for keywords as this is what EDK II does. For illegal
values fall back to numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b1193fa957 efi_loader: use %zu to print efi_uintn_t in FMP driver
For printing an unsigned value we should use %u and not %d.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
e9df54968f efi_loader: use %zu not %zd to print efi_uintn_t
efi_uintnt_t is an unsigned type. We should avoid showing negative numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
344f26a766 efi_loader: fix device path to text protocol
The printing of a file path node must properly handle:

* odd length of the device path node
* UTF-16 character only partially contained in device path node
* buffer overflow due to very long file path

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
fe14f88050 lib: fix snprintf() for UTF-16 strings
snprintf() must return the required buffer length.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Heinrich Schuchardt
b9b4cecf9b efi_selftest: merge FDT and RISC-V tests
The test for the RISCV_EFI_BOOT_PROTOCOL retrieves the boot hart id via the
protocol and compares it to the value of the boot hart id in the device
tree. The boot hart id is already retrieved from the device tree in the FDT
test.

Merge the two tests to avoid code duplication.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-05 20:20:01 +01:00
Sunil V L
8efefcec00 efi_selftest: unit test for RISCV_EFI_BOOT_PROTOCOL
Add a test for the RISCV_EFI_BOOT_PROTOCOL.

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
2022-02-05 20:20:01 +01:00
Simon Glass
5b9a5b2b96 treewide: Use 16-bit Unicode strings
At present we use wide characters for Unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on the Raspberry Pi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 15:53:28 -05:00
Simon Glass
156ccbc3c4 efi: Use 16-bit unicode strings
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-03 12:16:01 -05:00
Tom Rini
c7d042f315 Pull request for efi-2022-04-rc1-3
Documentation:
 
 * update Nokia RX-51 documentation and move it to rst
 * describe boot switch settings for HiFive Unmatched board
 
 UEFI:
 
 * fix the checking of images hashes and signatures
 * provide the RISCV_EFI_BOOT_PROTOCOL
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
 GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
 rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
 BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
 FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
 6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
 xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
 x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
 xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
 kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
 LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
 vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
 =+edp
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
2022-01-29 13:50:19 -05:00
Ilias Apalodimas
5ee900c14f efi_loader: hash the image once before checking against db/dbx
We don't have to recalculate the image hash every time we check against a
new db/dbx entry.  So let's add a flag forcing it to run once since we only
support sha256 hashes

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Ilias Apalodimas
4b63431323 efi_loader: correctly handle mixed hashes and signatures in db
A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.

That's problematic in case we find and try to check a signature before
inspecting the sha256 hash.  If the image is unsigned we will reject it
even if the digest matches.

Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
8d4c426532 lib: allow printing RISC-V EFI Boot Protocol GUID
On RISC-V a new UEFI protocol has been introduced. Support printing
its GUID using %pUs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Sunil V L
1ccf87165e efi_loader: Enable RISCV_EFI_BOOT_PROTOCOL support
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.

The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Heinrich Schuchardt
3dd719d4fb efi_loader: correct function comment style
Replace @return and @param.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-29 10:23:40 +01:00
Jamin Lin
2a4b0d5890 rsa: adds rsa3072 algorithm
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.

Add test case in vboot for sha384 with rsa3072 algorithm testing.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-28 17:58:41 -05:00
Tom Rini
761a1786e1 acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
 minor tools improvements in preparation for FDT signing
 various minor fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmHyEeYRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYYlgf8C7tQVklXz9ZHhxVrFaPHWwgmBzEZJSrc
 7SWhDX9yBrAYBUk8Q4OMnJz6nXW8Rz5Td9GfBNWcJag1HjJqno4BxkqwGk2tshgj
 GIY0D1cGfKJzB4E6/rK/ETwmX4KVUyEf7S2IdJ0oydkn9t7OwDkUX5WtGXo70E7q
 ZJGYlX5NQCVBRAF9NYDuyVFljrPzAiyT58VCtXY3q63C7PmRYvag8r56ug+8lkk3
 9EbOTcwETqq9SbT1vucyBxwbUmoKhb2BF32jEcIhozowIM3GNsSpkdzQCUnylqfa
 LYI/p0oVTKLfFRBRvQjLgdB/OQP8MLkby8A++Db2OW49mBXhn/5JWA==
 =PdpE
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm

acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
2022-01-27 14:14:47 -05:00
Loic Poulain
334a9b9d6a lib/circbuf: Make circbuf selectable symbol
It is currenly only used from usbtty driver but make it properly
selectable via Kconfig symbol, for future usage.

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
2022-01-26 23:23:17 +01:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
c3675583e9 rsa: Add debugging for failure cases
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:37 -07:00
Simon Glass
2d7c738296 acpi: Collect tables in the acpi_item list
At present this list is used to collect items within the DSDT and SSDT
tables. It is useful for it to collect the whole tables as well, so there
is a list of what was created and which write created each one.

Refactor the code accordingly.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
9d2adca8c3 x86: Move acpi_get_rsdp_addr() ACPI tables to the writer
Move this over to use a writer file, moving the code from the x86
implementation.

There is no need to store a separate variable since we can simply access
the ACPI context.

With this, the original monolithic x86 function for writing ACPI tables
is gone.

Note that QEMU has its own implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a7e53b93b1 x86: Move device-specific ACPI tables to a writer function
Move this over to use a writer function, moving the code from the x86
implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
78031ad431 x86: acpi: Update acpi_fill_csrt() to use acpi_ctx
Update this function to the newer style, so we can avoid passing and
returning an address through this function.

Also move this function out of the x86 code so it can be used by other
archs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2022-01-25 11:44:36 -07:00
Simon Glass
85b8161b14 x86: Move CSRT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
d953137526 x86: Move SSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
eacb6d0ba2 x86: Move DSDT table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Disable this table for sandbox since we don't actually compile real ASL
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a53d38f80a x86: Move FACS table to a writer function
Move this table over to use a writer function, moving the code from the
x86 implementation.

Add a pointer to the DSDT in struct acpi_ctx so we can reference it later.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
94ba15a3f1 x86: Move base tables to a writer function
Use the new ACPI writer to write the base tables at the start of the area,
moving this code from the x86 implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
31c27eb830 x86: Use the ACPI table writer
Use the new ACPI writer to write the ACPI tables. At present this is all
done in one monolithic function. Future work will split this out.

Unfortunately the QFW write_acpi_tables() function conflicts with the
'writer' version, so disable that for sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
cc1f8c3988 x86: acpi: Split out context creation from base tables
At present acpi_setup_base_tables() both sets up the ACPI context and
writes out the base tables.

We want to use an ACPI writer to write the base tables, so split this
function into two, with acpi_setup_ctx() doing the context set, and
acpi_setup_base_tables() just doing the base tables.

Disable the writer's write_acpi_tables() function for now, to avoid
build errors. It is enabled in a following patch.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
6afa63a5a6 acpi: Add a linker list for ACPI tables
At present we call lots of functions to generate the required ACPI tables.
It would be better to standardise these functions and allow them to be
automatically collected and used when needed.

Add a linker list to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
437992d3a9 acpi: Use finer-grained control of ACPI-table generation
Rather than keying everything off ACPIGEN, use the main
GENERATE_ACPI_TABLE option to determine whether the core ACPI code
is included. Make sure these option are not enabled in SPL/TPL since we
never generate tables there.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
a9e414dd50 efi: Correct address handling with ACPI tables
The current EFI implementation confuses pointers and addresses. Normally
we can get away with this but in the case of sandbox it causes failures.

Despite the fact that efi_allocate_pages() returns a u64, it is actually
a pointer, not an address. Add special handling to avoid a crash when
running 'bootefi hello'.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
47642428ee efi: Correct call to write_acpi_tables()
This must be passed a ulong, not a u64. Fix it to avoid LTO warnings on
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
233f0e35a3 x86: Move the acpi table to generic global_data
Allow this to be used on any arch. Also convert to using macros so that
we can check the CONFIG option in C code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Simon Glass
e1722fcb7d x86: Allow any arch to generate ACPI tables
These have sadly found their way to ARM now. Allow any arch to support
generating ACPI tables.

Disable this for the tools build.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 11:44:36 -07:00
Tom Rini
da158ec5f2 Pull request for efi-2022-04-rc1-2
Documentation:
 
 * describe printf() format codes
 
 UEFI
 
 * enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048
 
 General
 
 * simplify printing short texts for GUIDs
 * provide a unit test for printing GUIDs
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHoLnQACgkQxIHbvCwF
 GsQ25Q/9G5REcgmo9Hjv+2ri3VJJueIGRL1QeXDl84TxUYgYAtHj7zo/YaeacHKB
 RVBsQafU6vIuAq5YRJFKCSWCxjPJVUH9QO5QQz6RE14KoBh6OYUQP2wSf/+p6/sb
 47wfVtyAUEpCEz60eDj5EWrSPpH78BNW7MmKoTZWSgE1APaBTAHw/Uo6tnb52Qsv
 vQ73Q9R4s0hpsylVtmwIZ0udDcaJg3SQf/4glhnHxaUW/oMoRd0DU7Dnbbg2oxfd
 Y03J0zarqAdIjzNvADnUz6Ei2+H1TrzRe9tzhuXRuseZdANrUnzDIe6bdz+RCmkl
 sdBCmBDPoChosiAcaX9FkajaAi5XYpZ5Sitdpp9A8ZdVc0Lzr1XLbfLksJRM7WwM
 jSP/JDAGYzJqL86C4hrx46aERUuXgywf/vSM7UoG5OxbtMa/AqbHuXMOnd4jXGYD
 48fLlyMWlZ7+Kd4v3x9QlwSmM0LLsokn93JEWrJhJqFPzdHYUQifU2vlZmrJHWyS
 BjzCJxu+rCmXBO6wlcAvsF9V/kx5IO3CKIGn24UUt/wjSBu4VDO5oSzVseJxPBIQ
 vBV9qZfwKCk9U/F1VN43xvIKvcO+oK+pEE9FB5trffYGmHfSEmBwOq3LuHlyMpeJ
 L+TrJUsZstFtx0ZBmVB3YuERusb2z+x1osnifGJvUHCLqjCgvl0=
 =GoR6
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-2

Documentation:

* describe printf() format codes

UEFI

* enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048

General

* simplify printing short texts for GUIDs
* provide a unit test for printing GUIDs
2022-01-22 15:43:36 -05:00
Heinrich Schuchardt
185f812c41 doc: replace @return by Return:
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 18:11:34 +01:00
Ilias Apalodimas
8699af63b8 lib/crypto: Enable more algorithms in cert verification
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption.  But the limitation is artificial since U-Boot supports
a wider range of algorithms.

The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of <checksum>,<crypto>.  So let's remove the size
checking and create the needed string on the fly in order to support
more hash/signing combinations.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
38040a63a3 efi_loader: printing TCG2 protocol GUID
We support the TCG2 protocol. Allow command efidebug to print it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
7884a0986d efi_selftest: implement printing GUIDs
The ESRT test may try to print a GUID if an error occurs.
Implement the %pU print code.

Correct the ESRT test to use %pU instead of %pUl to avoid the output
of character 'l'.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
983a5a2e72 cmd: printenv: simplify printing GUIDs
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
ce00a7401a efi_loader: use %pUs for printing GUIDs
For printing GUIDs with macro EFI_ENTRY use %pUs instead of %pUl to provide
readable debug output.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
3adae64220 cmd: efidebug: simplify printing GUIDs
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
0487238120 lib: printf code %pUs for GUID text representation
In different places text representations are used for GUIDs, e.g.

* command efidebug
* command part list for GPT partitions

To allow reducing code duplication introduce a new printf code %pUs.
It will call uuid_guid_get_str() to get a text representation. If none is
found it will fallback to %pUl and print a hexadecimal representation.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Heinrich Schuchardt
c1528f324c lib: compile uuid_guid_get_str if CONFIG_LIB_UUID=y
Currently uuid_guid_get_str() is only built if
CONFIG_PARTITION_TYPE_GUID=y.

To make it usable for other GUIDs compile it if CONFIG_LIB_UUID=y.
The linker will take care of removing it if it is unused.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 16:16:33 +01:00
Qu Wenruo
7c3fd5c25d lib: add BLAKE2 hash support
The code is cross-ported from BLAKE2 reference implementation
(https://github.com/BLAKE2/BLAKE2).

With minimal change to remove unused macros/features.

Currently there is only one user inside U-boot (btrfs), and since it
only utilize BLAKE2B, all other favors are all removed.

Signed-off-by: Qu Wenruo <wqu@suse.com>
[trini: Rename ROUND to R to avoid clash with <linux/bitops.h>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-18 08:31:02 -05:00
Tom Rini
d71dbe657c Pull request for efi-2022-04-rc1
Documentation:
 
 * Fix building HTML documentation of readthedocs.io
 * Add ARM Juno board documentation
 * Build requirements for Alpine Linux
 * Include DM headers in API documentation
 
 UEFI:
 
 * Fix section alignment of EFI binaries
 * Fix header length of RISC-V EFI binaries allowing to run them on EDK II
 * Remove kaslr-seed from device tree if the EFI_RNG_PROTOCOL is provided
 
 Other:
 
 * Let 'part list' show all 128 GPT partitions
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHiqKYACgkQxIHbvCwF
 GsTrMA//XQRIS9f8pD3/FsSfVfmtxkCLG9axEe/lRQp7l7109v+m832CJV5Em7pX
 GtRGOSUdj930v1q9fZ/nUx9/IJjf/lnB0eEcMcVai2NVgyuRohGAzX9JWsVLbdOE
 MicDX7D/VZ+86lPxLRJbq61jMj7Dnj+atonJQ3Bc1eBLutUaBOr6aenA99TyLavU
 +guuQmQLpJz6VbyZIYxr7/CZVaVkXS0jmcfEoDHD8BrsBe3pZvNuUC4D9KIFWnLo
 pQYYNuIWiVCPGE/iMbUZGjJfgHnD3qW1DWOfmeWPTysALnTSxx0m8FJrOqlxZk6R
 HkEhcr/RkI2JT89C+07qsXkfvJ7YBg3r6bSNtng4i8VwSm384ffF9Y+cfoBv1285
 7wo+Vbh6LuOlp0OAo3bjAuhW7gpnUkkGoc4sXv7wr560mGOtJAPrp0T1ku17ZANd
 GP0T4TgvL15PAFbK+Yg6NxF+l26Lb5EkvC5bGFlM/5ceafD/B7qA2m8KG9+cR2/t
 UFAyI0FB3yWp1TLfdCRXR4YEHDl3nWjs8GuwdwTPFXLWFPkf73DX/r+ZAnZAY+M+
 FTGJuMZUp71aiqeAs7CHw4ePZMQCt0Hjs9kYbAMekoUncpMCFXwXmp1KxLkHBM+X
 +i6WPflTL/sOSO+3M8fcUeZI7IWerOHZqCu/RTb9W0n3Ee+odBc=
 =NZ+6
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1

Documentation:

* Fix building HTML documentation of readthedocs.io
* Add ARM Juno board documentation
* Build requirements for Alpine Linux
* Include DM headers in API documentation

UEFI:

* Fix section alignment of EFI binaries
* Fix header length of RISC-V EFI binaries allowing to run them on EDK II
* Remove kaslr-seed from device tree if the EFI_RNG_PROTOCOL is provided

Other:

* Let 'part list' show all 128 GPT partitions
2022-01-15 07:39:09 -05:00
Simon Glass
25a326b006 efi: Support the efi command in the app
At present the 'efi' command only works in the EFI payload. Update it to
work in the app too, so the memory map can be examined.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-15 10:57:22 +01:00
Simon Glass
866e2ac5aa efi: Move exit_boot_services into a function
At present this code is inline in the app and stub. But they do the same
thing. The difference is that the stub does it immediately and the app
doesn't want to do it until the end (when it boots a kernel) or not at
all, if returning to UEFI.

Move it into a function so it can be called as needed.

Add a comment showing how to store the memory map so that it can be
accessed within the app if needed, for debugging purposes only. The map
can change without notice.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-15 10:57:22 +01:00
Heinrich Schuchardt
717b33cb9b efidebug: avoid 'dfu_alt_info not defined' message
If variable dfu_alt_info is not defined duplicate messages are displayed.

    => efidebug boot dump
    Scanning disk mmc2.blk...
    Scanning disk mmc1.blk...
    Scanning disk mmc0.blk...
    Found 3 disks
    No EFI system partition
    "dfu_alt_info" env variable not defined!
    Probably dfu_alt_info not defined
    "dfu_alt_info" env variable not defined!
    Probably dfu_alt_info not defined

Remove the 'Probably dfu_alt_info not defined' message.
Instead write a warning if the variable contains no entities.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-15 10:57:22 +01:00
Ilias Apalodimas
a2f1482fc0 efi_loader: Get rid of kaslr-seed if EFI_RNG_PROTOCOL is installed
U-Boot, in some occasions, injects a 'kaslr-seed' property on the /chosen
node. That would be problematic in case we want to measure the DTB we
install in the configuration table, since it would change across reboots.

The Linux kernel EFI-stub completely ignores it and only relies on
EFI_RNG_PROTOCOL for it's own randomness needs (i.e the randomization
of the physical placement of the kernel). In fact it (blindly) overwrites
the existing seed if the protocol is installed. However it still uses it
for randomizing it's virtual placement.
So let's get rid of it in the presence of the RNG protocol.

It's worth noting that TPMs also provide an RNG.  So if we tweak our
EFI_RNG_PROTOCOL slightly and install the protocol when a TPM device
is present the 'kaslr-seed' property will always be removed, allowing
us to reliably measure our DTB.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2022-01-15 10:57:22 +01:00
Eugen Hristev
97f2a749d5 lib: Kconfig: fix PHANDLE_CHECK_SEQ position outside of menu
CONFIG_PHANDLE_CHECK_SEQ is outside of the menu 'Library routines'
thus it's invisible in menuconfig and cannot be selected.
Fix this by moving the 'endmenu' after the PHANDLE_CHECK_SEQ definition

Fixes: c589132a1d ("fdt: Use phandle to distinguish DT nodes with same name")
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Aswath Govindraju <a-govindraju@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-14 14:36:57 -05:00
qianfan Zhao
62649165cb lib: sparse: Make CHUNK_TYPE_RAW buffer aligned
CHUNK_TYPE_RAW buffer is not aligned, and flash sparse images by
fastboot will report "Misaligned operation" if DCACHE is enabled.

Flashing Sparse Image
CACHE: Misaligned operation at range [84000028, 84001028]
CACHE: Misaligned operation at range [84001034, 84002034]
CACHE: Misaligned operation at range [8401104c, 8401304c]

Fix it

Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
2022-01-14 12:26:30 -05:00
Tom Rini
fe04d885fb Merge branch 'next'
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-10 14:01:57 -05:00
Heinrich Schuchardt
675c3ccc5c lib/rsa: avoid -Wdiscarded-qualifiers
The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *.
Our code drops the const qualifier leading to

In file included from tools/lib/rsa/rsa-sign.c:1:
./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’:
./tools/../lib/rsa/rsa-sign.c:631:13: warning:
assignment discards ‘const’ qualifier from pointer target type
[-Wdiscarded-qualifiers]
  631 |         rsa = EVP_PKEY_get0_RSA(pkey);
      |             ^

Add a type conversion.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-10 08:13:24 -05:00
Tom Rini
0dadad6d7c - disable CONFIG_NET_RANDOM_ETHADDR when unnecessary on amlogic based configs
- meson64_android: add board specific env settings, in order to support VIM3/L for android
 - add changes to support VIM3/L android boot by using meson64_android.h config
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEPVPGJshWBf4d9CyLd9zb2sjISdEFAmHYV8MACgkQd9zb2sjI
 SdELkA/+LjyjJB1KI6/KLLg43zyFeeZX/SjQd5BUIx6EfaCgyTkuq2lzQnErGmbi
 HoyMoNLpBxLIL27/5TXPzmKYAeOfKPxA/sXTTtx/l7PG8ncSZIoU0+utqjycdUsK
 tSi7EdFzk7/kDDRkqqA7q9nxsPn/7GQNh/ZC9zstMXKaTO/TEb/sZWCMcvQ0MNoB
 ynZKOCg5t60UkIYIRwZwC/OS/ssn86dovv/Aa/8D6qpL2AbS5DoCXHuAr8Dnz7fJ
 q4rV7oLh7a+WHe/qC7R6ylYFIVVqY5JaIgbLDwuvk1z9o7txchMMQnGgllZ35sN9
 LECD2iSDGjhPaHuGCvQwl3TWtIpvtdcP4sQTyJhsXNPxCG6HHvRz7xY4erUohR1I
 LIddwCCHeCrBiaamXNbCzph2+JhfPSQ5ETCL9M6iBMxNUPunlCxjfjDzlT/pg11p
 EO9PIPjRMR9QhxKtd3gZpyAqPuMBEmIwhDtHI6dL3DNOOsF44ObE4swnzS6qXIDn
 jRZzFCC2f/Vyg11YnzFtV3A5eWwJahGDWAGAnnlg6Y8GCLlLmDJitcgA/rWSALko
 T5fC8L8IFUx2RnHczyitJ/wqJl9FqOAnIaoB3Trpwp8gFQ15dQjbvoXldQnAjSS2
 9bns3zOrx79EF4lbHhwNE9UDLm6OjK5vR3h4bGJvyZBmasVsA90=
 =dLEg
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-amlogic-20220107' of https://source.denx.de/u-boot/custodians/u-boot-amlogic into next

- disable CONFIG_NET_RANDOM_ETHADDR when unnecessary on amlogic based configs
- meson64_android: add board specific env settings, in order to support VIM3/L for android
- add changes to support VIM3/L android boot by using meson64_android.h config
2022-01-09 07:56:31 -05:00
Simon Glass
62725e661a efi: Show when allocated pages are used
Add a message here so that both paths of memory allocation are reported.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 07:02:06 +01:00
Simon Glass
bc53a35ac5 efi: Check for failure when initing the app
The stub checks for failure with efi_init(). Add this for the app as well.
It is unlikely that anything can be done, but we may as well stop.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:50:40 +01:00
Simon Glass
2a1cf03ea4 efi: Share struct efi_priv between the app and stub code
At present each of these has its own static variable and helper functions.
Move them into a shared file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
184be59258 efi: Add a few comments to the stub
Comment some functions that need more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
613cd0c467 efi: Locate all block devices in the app
When starting the app, locate all block devices and make them available
to U-Boot. This allows listing partitions and accessing files in
filesystems.

EFI also has the concept of 'disks', meaning boot media. For now, this
is not obviously useful in U-Boot, but add code to at least locate these.
This can be expanded later as needed.

We cannot use printf() in the early stub or app since it is not compiled
in

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Simon Glass
726cd9836d efi: Make unicode printf available to the app
This is needed to show unicode strings. Enable this code in the app.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-31 06:45:01 +01:00
Ilias Apalodimas
2707610eb7 efi_loader: Don't limit the StMM buffer size explicitly
Currently we allow and explicitly check a single shared page with
StandAloneMM.  This is dictated by OP-TEE which runs the application.
However there's no way for us dynamically discover the number of pages we
are allowed to use.  Since writing big EFI signature list variable
requires more than a page, OP-TEE has bumped the number of shared pages to
four.

Let's remove our explicit check and allow the request to reach OP-TEE even
if it's bigger than what it supports.  There's no need to sanitize the
number of pages internally.  OP-TEE will fail if we try to write more
than it's allowed. The error will just trigger later on,  during the
StMM access.

While at it add an error message to help users figure out what failed.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
2021-12-31 06:44:29 +01:00
Tom Rini
2f8a6db5d8 Finish conversion of CONFIG_SYS_CLK_FREQ to Kconfig
In order to finish moving this symbol to Kconfig for all platforms, we
need to do a few more things.  First, for all platforms that define this
to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to
CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h.  This entails
also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk()
and updating a few preprocessor tests.

With that done, all platforms that define a value here can be converted
to Kconfig, and a fall-back of zero is sufficiently safe to use (and
what is used today in cases where code may or may not have this
available).  Make sure that code which calls this function includes
<clock_legacy.h> to get the prototype.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-12-27 16:20:18 -05:00
Heinrich Schuchardt
3a8b919932 tools: avoid OpenSSL deprecation warnings
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-26 06:57:20 +01:00
Ilias Apalodimas
2b18d95d91 efi_loader: Don't limit the StMM buffer size explicitly
Currently we allow and explicitly check a single shared page with
StandAloneMM.  This is dictated by OP-TEE which runs the application.
However there's no way for us dynamically discover the number of pages we
are allowed to use.  Since writing big EFI signature list variable
requires more than a page, OP-TEE has bumped the number of shared pages to
four.

Let's remove our explicit check and allow the request to reach OP-TEE even
if it's bigger than what it supports.  There's no need to sanitize the
number of pages internally.  OP-TEE will fail if we try to write more
than it's allowed. The error will just trigger later on,  during the
StMM access.

While at it add an error message to help users figure out what failed.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
2021-12-26 06:49:14 +01:00
Simon Glass
275b4832f6 fdt: Add a Kconfig for boards with a prior stage
When U-Boot is started from another firmware program, not just a prior
phase of U-Boot, special behaviour is typically used. In particular, the
device tree may come from that prior stage.

At present this is sort-of indicated by OF_BOARD, although the
correlation is not 1:1, since that option simply means that the board has
a custom mechanism for obtaining the device tree. For example, sandbox
defines OF_BOARD. Also the board_fdt_blob_setup() function can in fact
make use of the devicetree in U-Boot if it wishes, as used by
dragonboard410c until very recently.

Add an explicit Kconfig for this situation. Update the OF_BOARD option to
more-accurately reflect what it is doing, e.g. for sandbox.

Drop the docs in the README as it is out of date.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:40 -05:00
Simon Glass
ff66e7bb73 fdt: Report the devicetree source
It can be confusing to figure out where the devicetree came from. It seems
important enough to warrant a message during boot. Add information about
the number of devices and uclasses too since it is helpful to have some
idea what is going on with driver model.

Report the devicetree source in bdinfo too.

This looks something like this, with > marking the new line.

   U-Boot 2021.10-00190 (Oct 30 2021 - 09:01:29 -0600)

   DRAM:  128 MiB
>  Core:  42 devices, 11 uclasses, devicetree: passage
   Flash: 64 MiB

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:40 -05:00
Simon Glass
39605c6ec3 fdt: Record where the devicetree came from
Keep track of where the devicetree came from, so we can report this later.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:40 -05:00
Simon Glass
9855034397 fdt: Don't call board_fdt_blob_setup() without OF_BOARD
At present this override function is called even when OF_BOARD is not
enabled. This makes it impossible to disable this feature and in fact
makes the OF_BOARD option useless.

Reinstate its intended purpose, so that it is possible to switch between
the appended devicetree and one provided by the board's custom function.

A follower patch adds warnings for this scenario, but for now we don't
have a Kconfig that definitively tells us that OF_BOARD should be used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:40 -05:00
Simon Glass
ba83d8593b fdt: Drop remaining preprocessor macros in fdtdec_setup()
We only have two choices for obtaining the devicetree. Simplify the code
to make that clear.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:40 -05:00
Simon Glass
b5199380fc fdt: Drop OF_CONTROL check in fdtdec_setup()
This function should only be called when OF_CONTROL is enabled. It
fails in fdtdec_prepare_fdt() anyway, since gd->fdt_blob stays as NULL
if OF_CONTROL is not enabled.

Drop this useless check.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:39 -05:00
Simon Glass
931511d089 fdt: Use if() for fdtcontroladdr check
Change this to use if() instead of #if

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:39 -05:00
Simon Glass
66cd511f13 fdt: Drop #ifdef around board_fdt_blob_setup()
This serves no purpose. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:39 -05:00
Simon Glass
d893b8ad09 fdt: Drop CONFIG_SPL_BUILD check in fdtdec_setup()
Move this to the header file to clean up the C code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:39 -05:00
Simon Glass
b4b6daf38d fdt: Drop #ifdefs with MULTI_DTB_FIT
Refactor the code to drop the #ifdefs for this feature.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-23 10:24:39 -05:00
Simon Glass
3f51f78cbd fdt: Move MULTI_DTB_FIT handling out of fdtdec_setup()
This logic is a bit convoluted for one function. Move the mulit-FIT part
into its own function.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-12-23 10:24:39 -05:00
Tom Rini
4afab30cae Prepare v2022.01-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmHArDwACgkQFHw5/5Y0
 tyzxyAv/SjZjoEwG8nu7ptVZqTsZfm+tVwwWmQEBAA40MXy/KSccDtbUwB5GCO6f
 Uvk+qFFDbCkbGZh5VKbQusMmUoB02Xu9zUoSxKxcXL4WfC6Bg5GV/UWN9s8G3Tm6
 4wcP0l8WFcQjjr89UfXugiZH58psvFu6PBbWVY4rMH9gZ5ds0AkNOF0L+HbdVmMR
 a5HBfrcySRY2kiTQuKF+RVlMW6BtaOqJp/XIyy8w6bH09ykMomj/u7z3JP3y9ZzL
 w3FXqCLlIEnvdDcqfWvfjoJ/gm0WcLulgSVpTFGS0jgJpnbeAURtZcuVgj6aPRUW
 FRon+u0tj3wpFjibs2cpyXWd+gw/bLLFpDXx78AUAPjxG31tEKbnR1j8R8wBZJ0B
 TqWZ3pCne/LPOT90y2KW2z6ty2n/yEn6qEFFT9MN9R4L0N+U0er//sYJC/nn/e6u
 fjvQ9OPLbnAfHVrad3ZeIkePrLOIF6XYwNQpsjt9aE2kU9IvV5sTa8TxZuQgasBU
 A46FgXtC
 =MEG2
 -----END PGP SIGNATURE-----

Merge tag 'v2022.01-rc4' into next

Prepare v2022.01-rc4
2021-12-20 17:12:04 -05:00
Simon Glass
6405ab7ad5 Convert CONFIG_PHYSMEM to Kconfig
This converts the following to Kconfig:
   CONFIG_PHYSMEM

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Sean Anderson <seanga2@gmail.com>
2021-12-17 09:44:59 -07:00
Simon Glass
2abd8d1c99 efi: Rename UCLASS_EFI and IF_TYPE_EFI
These names are better used for access to devices provided by an EFI
layer. Use EFI_LOADER instead here, since these are only available in
U-Boot's EFI_LOADER layer.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-09 11:43:25 -08:00
Masahisa Kojima
f9b51dcf29 efi_loader: correctly handle no tpm device error
When the TCG2 protocol is installed in efi_tcg2_register(),
TPM2 device must be present.
tcg2_measure_pe_image() expects that TCP2 protocol is installed
and TPM device is available. If TCG2 Protocol is installed but
TPM device is not found, tcg2_measure_pe_image() returns
EFI_SECURITY_VIOLATION and efi_load_image() ends with failure.

The same error handling is applied to
efi_tcg2_measure_efi_app_invocation().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-12-09 11:43:25 -08:00
Masahisa Kojima
9e32bf9362 efi_loader: check tcg2 protocol installation outside the TCG protocol
There are functions that calls tcg2_agile_log_append() outside
of the TCG protocol invocation (e.g tcg2_measure_pe_image).
These functions must to check that TCG2 protocol is installed.
If not, measurement shall be skipped.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-12-09 11:43:25 -08:00
Masahisa Kojima
54bec17f6b efi_loader: efi_tcg2_register returns appropriate error
This commit modify efi_tcg2_register() to return the
appropriate error.
With this fix, sandbox will not boot because efi_tcg2_register()
fails due to some missing feature in GetCapabilities.
So disable sandbox if EFI_TCG2_PROTOCOL is enabled.

UEFI secure boot variable measurement is not directly related
to TCG2 protocol installation, tcg2_measure_secure_boot_variable()
is moved to the separate function.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-12-09 11:43:25 -08:00
Ruchika Gupta
c0d9bb0b4a efi_loader: Extend PCR's for firmware measurements
Firmwares before U-Boot may be capable of doing tpm measurements
and passing them to U-Boot in the form of eventlog. However there
may be scenarios where the firmwares don't have TPM driver and
are not capable of extending the measurements in the PCRs.
Based on TCG spec, if previous firnware has extended PCR's, PCR0
would not be 0. So, read the PCR0 to determine if the PCR's need
to be extended as eventlog is parsed or not.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-30 09:23:49 +01:00
Ruchika Gupta
2957a1e224 tpm: use more algorithms than sha256 on pcr_read
The current tpm2_pcr_read is hardcoded using SHA256. Make the
actual command to TPM configurable to use wider range of algorithms.
The current command line is kept as is i.e limited to SHA-256 only.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-30 09:23:49 +01:00
Ruchika Gupta
34287efdaf efi_loader: Add check for event log passed from firmware
Platforms may have support to measure their initial firmware components
and pass the event log to u-boot. The event log address can be passed
in property tpm_event_log_addr and tpm_event_log_size of the tpm node.
Platforms may choose their own specific mechanism to do so. A weak
function is added to check if even log has been passed to u-boot
from earlier firmware components. If available, the eventlog is parsed
to check for its correctness and further event logs are appended to the
passed log.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-30 09:23:49 +01:00
Tom Rini
2402c93130 Prepare v2022.01-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmGk/4sACgkQFHw5/5Y0
 tyyjtgwAo0jCRa1Vyc5z2RrINGdARoPhNcCnBNMYEVTjH9uP0/Mzlpo4i1IWX5qP
 nEuVmP01KjtWDRNy7Cpr45/j2PkTZ0THqXGZKpTG/yALdUKZw0wbzeh/CMllWh0A
 9yJfMbv2/IV79rbb6osxItjusSr5PnrU5fHsR+zUfC8NRZpzWGfpH8a6NpfGvGYo
 3OUKNJrGv930C3MqVnUEHPIuz+vL9fWLSs/rK/JHVZt+ALU45uYtz4cKycMoElVd
 IUJe3mhKhw0k8dO8R+p3UAEFrP+LZdcBLgCt8wRQK6Yl4lcxYOtZgYuJuM9Kp20s
 abqIuky3TWwFjpNM60Gmo63Yf967jOeI/lfITq2juZ5TBlNKOO6Z/NRVUsHkNKFG
 7qJC14/NxuSdN4u9s2h+rJBBGYc+BzWVO/ikigHnsCeFQYfafJpGTnPSJr55OU5X
 eeB6l3blx6jwxOPAz0JhLecZb4e027R+eKionirMEnVPENtnJjF1d+CulkekahUO
 LvdqKaBE
 =h4j5
 -----END PGP SIGNATURE-----

Merge tag 'v2022.01-rc3' into next

Prepare v2022.01-rc3

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-11-29 12:00:57 -05:00
Heinrich Schuchardt
9abd2ca96e efi_selftest: simplify endian conversion for FDT test
UEFI code is always little-endian. Remove a superfluous test.

Remove a superfluous type conversion.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-26 21:30:59 +01:00
Heinrich Schuchardt
9d1564dabc efi_loader: segfault in efi_clear_os_indications()
If we call efi_clear_os_indications() before initializing the memory store
for UEFI variables a NULL pointer dereference occurs.

The error was observed on the sandbox with:

    usb start
    host bind 0 sandbox.img
    load host 0:1 $kernel_addr_r helloworld.efi
    bootefi $kernel_addr_r

Here efi_resister_disk() failed due to an error in the BTRFS implementation.

Move the logic to clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
to the rest of the capsule code.

If CONFIG_EFI_IGNORE_OSINDICATIONS=y, we should still clear the flag.
If OsIndications does not exist, we should not create it as it is owned by
the operating system.

Fixes: 149108a3eb ("efi_loader: clear OsIndications")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-26 21:30:59 +01:00
Heinrich Schuchardt
cd9a26bfe5 efi_loader: efi_disk_register() should not fail
Our algorithm for creating USB device paths may lead to duplicate device
paths which result in efi_disk_register() failing. Instead we should just
skip devices that cannot be registered as EFI block devices.

Fix a memory leak in efi_disk_add_dev() caused by the duplicate device
path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-26 21:30:59 +01:00
Tom Rini
3f73e79de8 efi: Call bootm_disable_interrupts earlier in efi_exit_boot_services
If we look at the path that bootm/booti take when preparing to boot the
OS, we see that as part of (or prior to calling do_bootm_states,
explicitly) the process, bootm_disable_interrupts() is called prior to
announce_and_cleanup() which is where udc_disconnect() /
board_quiesce_devices() / dm_remove_devices_flags() are called from.  In
the EFI path, these are called afterwards.  In efi_exit_boot_services()
however we have been calling bootm_disable_interrupts() after the above
functions, as part of ensuring that we disable interrupts as required
by the spec.  However, bootm_disable_interrupts() is also where we go
and call usb_stop().  While this has been fine before, on the TI J721E
platform this leads us to an exception.  This exception seems likely to
be the case that we're trying to stop devices that we have already
disabled clocks for.  The most direct way to handle this particular
problem is to make EFI behave like the do_bootm_states() process and
ensure we call bootm_disable_interrupts() prior to ending up in
usb_stop().

Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-26 21:30:59 +01:00
Ilias Apalodimas
d6b55a420c efi_loader: startup the tpm device when installing the protocol
Due to U-Boot's lazy binding mentality the TPM is probed but not properly
initialized.  The user can startup the device from the command line
e.g 'tpm2 startup TPM2_SU_CLEAR'.  However we can initialize the TPM during
the TCG protocol installation,  which is easier to use overall.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-20 10:53:01 +01:00
Ilias Apalodimas
5ba0397049 efi_loader: fix FinalEvents table if an EFI app invoked GetEventLog
As described in the TCG spec [1] in sections 7.1.1 and 7.1.2 the FinalEvent
table should include events after GetEventLog has been called.  This
currently works for us as long as the kernel is the only EFI application
calling that.  Specifically we only implement what's described in 7.1.1.

So refactor the code a bit and support EFI application(s) calling
GetEventLog.  Events will now be logged in both the EventLog and FinalEvent
table as long as ExitBootServices haven't been invoked.

[1] https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20 10:53:00 +01:00
Heinrich Schuchardt
22ad3f5f7b efi_selftest: unit test for EFI_GROUP_BEFORE_EXIT_BOOT_SERVICE
Add a test for the EFI_GROUP_BEFORE_EXIT_BOOT_SERVICE event group.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-20 10:53:00 +01:00
Heinrich Schuchardt
43eaf5b13f efi_loader: EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES
Implement the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group
handling.

Add the definition of EFI_EVENT_GROUP_AFTER_READY_TO_BOOT.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-20 10:53:00 +01:00
Masami Hiramatsu
5d49b32f0a efi_loader: capsule: Record capsule result only if capsule is read
Record capsule update result only if the capsule file is
successfully read, because the capsule GUID is not sure when
the file can not be read or the file is not a capsule.
Without this fix, if user puts a dummy (non-capsule) file
under (ESP)EFI/UpdateCapsule, U-Boot causes a synchronous
abort.

This also fixes use-after-free bug of the 'capsule' variable.

Fixes: c74cd8bd08 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20 10:53:00 +01:00
Masahisa Kojima
3961bd9b55 efi_loader: Reduce efi_tcg2 logging statement
log_info() is used for the debug level logging statement
which should use log_debug() instead. Convert it to reduce the
log output.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-20 10:53:00 +01:00
Heinrich Schuchardt
ac7606af7d lmb: fix typo 'commun'
%s/commun/common/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20 10:53:00 +01:00
Tom Rini
b5f2c68d5c TPM1.2 and Atmel fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmGXVGcACgkQgS8AYozs
 +qLoVA/8CDEhyU20XorNzyk/+Dpy4+7s91wnRiNuQxDcwJke5dcgCtJ62cURsWI/
 69gnijt1Pif1ODPWECj9Fh8SYp0S8ZL/7YBS9JjpgHNCPvOuxoaSvO4Q0CejDBWO
 7Yj2UZwR2AvUO57bD3pOVQJns5PiCyF94zt/5LO9NCCnAoXxc2dH2M2Eelxac5wA
 zx4PksKeX72k1HkSywQgM4uWOweWs8OzgSE5mBiGQTP/9aYCeRtPv3i7JlClqw4R
 uNqSGJrDEKfJnV3kmZpKAACl91vS+4g7rfQbOyB7DOL1hNpJ7/7d2++/j8P8jB17
 zCXW+mK60+4/0pJ2Bk/6XddbTYvMskija+lQib1FHshAPbDrbXNbS8WrDInMFC3L
 RfCugrxG9fgtu3yWqy1+GyDEN3s5yATYBSo27xfOvW5919McMTEy1YGjA7R1K5l/
 WLFO9oBSLYolZPZgEqi0Z7sNr2BSVmodk0KCJkcXR8J5YIc8r4dtfSRhw0lcdcD8
 c/Wi5+i0PX4ZmuDrbjffjvUJ1Mz2n9igI3ADK2Xn/Lf7KVHW7oiPcQYeijqhTAVa
 zu9DXIw+E8o4Nq3/u4VDecTRZcGUVWR83DJYGn4U0NDMC9PCLj3TBG9KogKt/Ceo
 au1F50co7qxqehmtnm8Bej/He87fIJmZmbaqT388ZXNwMEVPTNo=
 =m8lp
 -----END PGP SIGNATURE-----

Merge tag 'tpm-19112021' of https://source.denx.de/u-boot/custodians/u-boot-tpm

TPM1.2 and Atmel fixes

# gpg verification failed.
2021-11-19 16:33:23 -05:00
Marek Vasut
b1f3f982fa arm64: Add missing GD_FLG_SKIP_RELOC handling
In case U-Boot enters relocation with GD_FLG_SKIP_RELOC, skip the
relocation. The code still has to set up new_gd pointer and new
stack pointer.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
2021-11-18 18:20:19 -05:00
Marek Vasut
bd994c007a lmb: Reserve U-Boot separately if relocation is disabled
In case U-Boot starts with GD_FLG_SKIP_RELOC, the U-Boot code is
not relocated, however the stack and heap is at the end of DRAM
after relocation. Reserve a LMB area for the non-relocated U-Boot
code so it won't be overwritten.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
2021-11-18 18:20:19 -05:00
Chia-Wei Wang
89c36cca0b crypto: aspeed: Add AST2600 ACRY support
ACRY is designed to accelerate ECC/RSA digital signature
generation and verification.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-11-17 17:05:00 -05:00
Mathew McBride
e845dd7c8b cmd: tpm-v1: fix load_key_by_sha1 compile errors
This command is not compiled by default and has not been updated alongside
changes to the tpmv1 API, such as passing the TPM udevice to the relevant
functions.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-17 13:47:27 +02:00
Tom Rini
b8a156f54e Pull request for efi-2022-01-rc2-2
UEFI:
 * fix measurement of BootOrder variable for TCG2 protocol
 
 TPM:
 * TIS mmio driver. This driver supports QEMU's emulated TPM.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmGQD7kACgkQxIHbvCwF
 GsStWA/9HmYlBuc0ZNNVVvBtD9QKe1rliXnGubVA52ZhnZHlIijdbpXSZBbA2uQy
 auMox1eQ7isdQFgC8GGZF5O3VpwdT5E/mz1BYukkvHUFdYmwOSKfH++7Tt88P+Uc
 ZK/uIfhZApl9UiuzzLr6M/8T7K/NWg7BtsdNivSe6sBHPIBfAfl0K1CGxU9v1lm1
 0DvPDaby5J3SbZUiln6mzxZ9Yjmqz85s3W7IUvY7I7xWgApaP6IuvQa4pkrGzDeQ
 ofICVozr75yCk1kW+xB5lSQ/iI//ppOL4Ng7aL87eSoAzp1W+5TZrWA6pIYGfWVD
 bgmMI3OileCFrU3uNGKY7dbObP7FZz7lVykXoejMfHNG/Zfmo+f+2qS9PgT83Rnr
 KC4eMqS+0wYiO2Qru+ZJwija9JsS5SO9v7Vp2L0vT2u+CU35dDuy5epi1IHzfSL0
 bO1feAtUYwK/An2jwlSG7EO4AxJ7Yh+WlxL5TgsSqJGdyL/uI3pussuXRnHHshrS
 2xmV9M8dSFy2RQTNO958nloj01XNzPRmcBl5uVF5htye0PI5VFk7Lo8oUj6UzuXt
 14gNl1pumnihkEl4C+/TR7HL9/Q/tgm4EEYIU7+kbEyS0MFEzsjOt0y+Sm12qD7S
 wQ1jnLcstp88e7erMyursv/HUlD8Kn5HWckpGT+wnBKsN4xMSQk=
 =VSW9
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-01-rc2-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-01-rc2-2

UEFI:
* fix measurement of BootOrder variable for TCG2 protocol

TPM:
* TIS mmio driver. This driver supports QEMU's emulated TPM.
2021-11-13 18:13:35 -05:00
Simon Glass
4a255ea3b6 lib: Add a function to convert a string to a hex value
Add an xtoa() function, similar to itoa() but for hex instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
2021-11-11 19:02:34 -05:00
Masahisa Kojima
c9c1cdbda3 efi_loader: fix BootOrder variable measurement handling
UEFI specification does not require that BootOrder is defined.
In current implementation, boot variable measurement fails and
returns EFI_NOT_FOUND if BootOrder is not defined.

This commit correcly handles this case, skip the boot variable
measurement if BootOrder is not defined.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-10 20:57:54 +01:00
Masahisa Kojima
aa1b504927 efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
This commit adds the missing EFI_TCG2_PROTOCOL selftest
and Measured Boot selftest in lib/efi_selftest.

This selftest includes PE/COFF image measurement test, some PCR values are
different in each architecture. With that, this commit also adds pre-built
versions of lib/efi_selftest/efi_miniapp_file_image_exit.c for PE/COFF
image measurement test for 32-bit arm, arm64, ia32, x86_64, riscv32 and
riscv64. Prebuilding avoids the problem of reproducible builds.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Make the test 'onrequest'.
Add code comments to the includes with the binaries.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Simon Glass
f844573762 efi: Add a way to obtain boot services in the app
Add a function to return this information along with a stub for the
efi_info_get() function, since calling it otherwise hangs U-Boot.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Simon Glass
9c297a3dab x86: Don't duplicate global_ptr in 64-bit EFI app
This variable is already defined by the EFI code. Drop the duplicate
definition when building a 64-bit EFI app.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Simon Glass
e16c47fa3d efi: Create a 64-bit app
Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app
that runs under that. Add a (non-functional) build for this.

Note that --whole-archive causes the gcc 9.2 linker to crash, so disable
this for now. Once this is resolved, things should work.

For now, avoid mentioning the documentation for the 64-bit app, since it
does not work.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Simon Glass
f4d227c99f x86: Create a 32/64-bit selection for the app
Most EFI implementations use 64-bit but U-Boot only supports running as
a 32-bit app at present. While efi-x86_payload64 does boot from 64-bit
UEFI it immediately changes back to 32-bit before starting U-Boot.

In order to support a 64-bit U-Boot app, update the Kconfig to add an
option for 32/64 bit. Update the prompt for the existing option so it is
clear it relates to the stub. Move both up to just under the choice that
controls them, since this looks better and the menu.

Use CONFIG_EFI_APP in the Makefile instead of CONFIG_TARGET_EFI_APP,
since the latter is specific to a single target and we will have two.

Memory size is set to 32MB for now so that it can run on qemu without
increasing the default memory size. We may need to increase the default
later.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Masahisa Kojima
7fc93cae49 efi_loader: add EFI_TCG2_PROTOCOL.SubmitCommand
This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand
required in the TCG PC Client PFP spec.
SubmitCommand enables to send the raw command to the TPM device.

To implement this api, tpm2_submit_command() is added
into tpm-v2.c.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-07 18:36:55 +01:00
Masahisa Kojima
14cbb330fe efi_loader: use byteshift unaligned access helper
Calling unaligned/access-ok.h version of put_unaligned_le64()
causes data abort in arm 32-bit QEMU.

The similar issue also occurs in linux kernel,
unaligned/access-ok.h is no longer used in linux kernel[1].

This commit uses the unaligned/be_byteshift.h and
unaligned/le_byteshift.h helper instead of unaligned/access-ok.h.

[1]https://lore.kernel.org/all/20210507220813.365382-8-arnd@kernel.org/

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-07 18:36:55 +01:00
AKASHI Takahiro
50b05eb606 efi_loader: capsule: drop __weak from efi_get_public_key_data()
As we discussed in ML, currently a device tree is the only place
to store public keys for capsule authentication. So __weak is not
necessary for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-11-07 18:36:55 +01:00
Ilias Apalodimas
e7fb789612 sandbox: Remove OF_HOSTFILE
OF_HOSTFILE is used on sandbox configs only.  Although it's pretty
unique and not causing any confusions,  we are better of having simpler
config options for the DTB.

So let's replace that with the existing OF_BOARD.  U-Boot would then
have only three config options for the DTB origin.
- OF_SEPARATE, build separately from U-Boot
- OF_BOARD, board specific way of providing the DTB
- OF_EMBED embedded in the u-boot binary(should not be used in production

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-27 16:38:26 -04:00
Tom Rini
670d657dfb Pull request for efi-2022-01-rc1-2
doc:
 	Remove obsolete PPC4XX references
 
 UEFI:
 	Implement missing TCG2 measurements
 	Code clean up
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmF4eZ8ACgkQxIHbvCwF
 GsSDRxAAlujYTep5xp0/yzSvUvS5ocJBstgw0YuO4GY1RtXN9Zgdd1PeETdEh7HW
 HKNOrx3Bk1LlyLeObyKX6Dq3p4PkYX8q4ciaWkTqPoId2LKeXYJGxABled6EW8OJ
 68/smhQOoivQPuDTZsUCJXdsRnnoxAhO5S03JEgIZKeusOJjZQ5QVS0a91ovOllB
 sjMcpm4HDO0hkEo59ExP2unlRrBuB7L0VwA+SxvXB1e8vruWxye8i5Fw/hN9g73h
 Atrl9/Mbn1ppWqHgOMaMawxPhuceZjINpRJXIZ5H5m4bgwYrjk9HFJGV3C1eOo5a
 Vdc8/I1X5GXetn6kFae7vSJhU9QgHK1QsXjObs/ksOwS0+K4QRFc1X6aMkdO8QPI
 3EfVUaeedDdzrQdtATu9L9a6dVuE79abNNevUglmZrvKWqgMIl61M1Ffl7IWuCJo
 t6YyCZmBvt4rNh1/UEbkL9d7y5lkoCJafe9EMYwZk0zfPamw08bB8KWDIJrm0P0w
 fnSdEDQdnHvFfZ//th/u7Q6zpfN9waxZ93mMvfBkmjCi8aa0GLMIStcYcOoJm+Z6
 QdzaP5XPQ4gC2A7lqSOPwExUgvcfx0y6AuIoTdusqU7w5+obqnc+e4FN7UFxzr5K
 ZCf6+8JO3rbD9ptWpCEDFpFdMbq32MwGTKM2Jy7kL1nzGKcNdPE=
 =LkPN
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-01-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-01-rc1-2

doc:
	Remove obsolete PPC4XX references

UEFI:
	Implement missing TCG2 measurements
	Code clean up

# gpg: Signature made Tue 26 Oct 2021 05:56:47 PM EDT
# gpg:                using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4
# gpg: Good signature from "Heinrich Schuchardt <xypron.glpk@gmx.de>" [unknown]
# gpg:                 aka "[jpeg image of size 1389]" [unknown]
# Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7  6D33 C481 DBBC 2C05 1AC4
2021-10-26 18:42:52 -04:00
Masahisa Kojima
65aa259aa7 efi_loader: add DeployedMode and AuditMode variable measurement
This commit adds the DeployedMode and AuditMode variable
measurement required in TCG PC Client Platform Firmware
Profile Specification.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:33:19 +02:00
Masahisa Kojima
96485d2f3f efi_loader: simplify tcg2_measure_secure_boot_variable()
This commit simplifies tcg2_measure_secure_boot_variable()
using secure_variables table.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:33:19 +02:00
Masahisa Kojima
ce3dbc5d08 efi_loader: add UEFI GPT measurement
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client Platform Firmware
Profile Specification

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:32:46 +02:00
Patrick Delaunay
70a9f4d25b lib: uuid: fix the test on RNG device presence
Correct the test on RNG device presence,when ret is equal to 0,
before to call dm_rng_read function.

Without this patch the RNG device is not used when present (when ret == 0)
or a data abort occurs in dm_rng_read when CONFIG_DM_RNG is activated but
the RNG device is not present in device tree (ret != 0 and devp = NULL).

Fixes: 92fdad28cf ("lib: uuid: use RNG device if present")
CC: Matthias Brugger <mbrugger@suse.com>
CC: Torsten Duwe <duwe@suse.de>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-26 15:26:45 -04:00
Philippe Reynes
b560c704d6 lib: rsa: rsa-verify: also check that padding is not NULL
This commit adds a check on the padding in the function rsa_verify_key
to avoid using a NULL pointer.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-26 15:26:45 -04:00
Masahisa Kojima
3d49ee8510 efi_loader: add SMBIOS table measurement
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).

The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.

Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.

This commit also fixes the following compiler warning:

lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
  const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 17:58:14 +02:00
Heinrich Schuchardt
a45dac1785 efi_loader: simplify tcg2_measure_secure_boot_variable()
Don't duplicate GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
02fef8b101 efi_loader: simplify efi_sigstore_parse_sigdb()
Simplify efi_sigstore_parse_sigdb() by using existing functions.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
e618d1d285 efi_loader: function to get GUID for variable name
In multiple places we need the default GUID matching a variable name.
The patch provides a library function. For secure boot related variables
like 'PK', 'KEK', 'db' a lookup table is used. For all other variable
names EFI_GLOBAL_VARIABLE is returned.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
Heinrich Schuchardt
d47671c631 efi_loader: treat UEFI variable name as const
UEFI variable names are typically constants and hence should be defined as
const. Unfortunately some of our API functions do not define the parameters
for UEFI variable names as const. This requires unnecessary conversions.

Adjust parameters of several internal functions to tre UEFI variable names
as const.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
AKASHI Takahiro
7a6fb28c8e efi_loader: capsule: add back efi_get_public_key_data()
The commit 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
.rodata"") failed to revert the removal of efi_get_public_key_data().

Add back this function and move it under lib/efi_loader so that other
platforms can utilize it. It is now declared as a weak function so that
it can be replaced with a platform-specific implementation.

Fixes: 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
	.rodata"")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Masahisa Kojima
f86352eb82 efi_loader: add missing const qualifier
This commit fixes the following compilation warning
of boottime->install_configuration_table() function.

lib/efi_selftest/efi_selftest_tcg2.c:475:46:
warning: passing argument 1 of ‘boottime->install_configuration_table’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  ret = boottime->install_configuration_table(&smbios_guid, dmi);

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Tom Rini
f055f2e5a2 Pull request for efi-2022-01-rc1
Documentation:
 	Use Sphinx 3.43.
 	Move system reset documentation to HTML
 
 UEFI:
 	Fix linking EFI apps with LLVM
 	Fix alignment of loaded image
 	Correct simple network protocol test
 	Code cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmFyqecACgkQhO4vgnE3
 U0vdwA//Vwg4q3fbMB/FeoI4cbdSJl1+IYnPdbZC1+TAnyv9kLuPlYON54GMwBo5
 K4qbvuzn8clAohJUPjUqPJumFLSzUqdVxCKqg4gFxfufTSH8T+LvmcooSbZW3y6d
 S4lgybbg5i5cwhi141sbL3wxQibNeFDhY3aIA6v8cKYtH+37MDFsTJ4rwq93r+bF
 cZlN6vHPZsklgTs66jJnlZs809ECH/3+BurM3+NQBz+AJFpKhxIpHkE/He16Yt/t
 6vLBfux4iRYF8OtEP1/7pPu4NKXfXOE3MkGTTzoYAiG7LM3kIuGn+De2dY/Z3CGE
 6WXTt7trzkwW1z1sXafMFFiV8n0Gj/ubDLTD3X9AVVWvp7LAIJmcU8dx79C0eKzJ
 HWHZqwAl4ZYlaxUbf7n/C6Mlhjnis0WUNiqc/OSgGhVmn4HeOOgrjVted3uvvm/9
 enR2HlSqibF8KOzcZec5fsPt9GxS/ZlGcUKMiYO1+wKbM+EQG0bz0v2uiers/U8o
 ixurj0Hj0tJEvaOEcHCQH99ug2PKpFDysOPc31lOrmg8jfD1Bxq728UWxfFYDSmI
 2cxv3G8K65imCrI7eTMTDG3AmdF142CET7MzNOMUlwcnqCskax2UhPVncXJdvFlT
 z00DdMF5Z6/gHfIYGu7KRt1MZ/yBWJOjt8J78ttIo40o1jJP4Rk=
 =EhtP
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-01-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-01-rc1

Documentation:
	Use Sphinx 3.43.
	Move system reset documentation to HTML

UEFI:
	Fix linking EFI apps with LLVM
	Fix alignment of loaded image
	Correct simple network protocol test
	Code cleanup
2021-10-22 12:43:30 -04:00
Heinrich Schuchardt
db61e70e0d efi_loader: efi_dp_from_lo() should skip VenMedia node
The 'efidebug boot dump' command should not display the VenMedia() device
path node preceding the device path of the initial ram disk.

By letting efi_dp_from_lo() skip the VenMedia() device path node we can
simplify the coding.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
9ad37fe405 efi_loader: avoid multiple local copies of lf2_initrd_guid
Create the GUID as a global variable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
05345425ca efi_loader: efi_dp_from_lo() unused parameter size
Parameter size is never used in function efi_dp_from_lo(). Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
0421735dd8 efi_loader: efi_dp_from_lo() don't copy GUID
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Ilias Apalodimas
ebdea88d57 efi_loader: Fix loaded image alignment
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).

So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.

[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
fa00b6fc3f efi_loader: don't load Shim's MOK database from file
When using a file to store UEFI variables we must make sure that secure
boot related variables are not loaded from this file. With commit
9ef82e2947 ("efi_loader: don't load signature database from file")
this has already been implemented for variables defined in the UEFI
specification. As most Linux distributions use Shim we should do the same
for Shim's MOK database.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-21 03:46:04 +02:00
Simon Glass
c779e0d923 efi_loader: Drop code that doesn't work with driver model
This code should never have been added as it builds a new feature on top
of legacy code. This has already been improved with the dependency on BLK.

Add a dependency on DM_ETH also, to avoid needing to deal with this old
code.

Boards which want EFI_LOADER should migrate to driver model first.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
28fc87ee3a efi_selftest: Receive the packets until the receive buffer is empty
Repeatedly receive the packets until the receive buffer is empty.
If the buffer is empty, EFI_SIMPLE_NETWORK_PROTOCOL::Receive()
returns EFI_NOT_READY. We don't need to use the wait_for_event()
every time.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
9845b92436 efi_selftest: Do not check EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT
Do not check EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT in packet
receiving loop. This depends on the implementation and not
related to whether the packet can be received or not.

Whether the received packets are available or not is ensured
by wait_for_packet, and that is already done in the loop.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
39a37adf51 efi_selftest: Use EFI_SIMPLE_NETWORK_PROTOCOL::GetStatus() for media check
According to the UEF specification v2.9, the main purpose of the
EFI_SIMPLE_NETWORK_PROTOCOL::GetStatus() is for checking the link
status via EFI_SIMPLE_NETWORK_MODE::MediaPresent.
So this uses net->get_status() for checking the link status before
running network test.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Tom Rini
79b8849d4c u-boot-imx-20211020
-------------------
 
 First PR from u-boot-imx for 2022.01
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/9535
 
 - new board: kontron-sl-mx8mm
 - imx8m:
 	- fix secure boot
 - imx ESDHC: fixes
 - i.MX53: Support thum2, bmode and fixes for Menlo board
 	  usbarmory switch to Ethernet driver model
 - imx6 :
 	- DDR calibration for Toradex boards
 - imx7:
 	- Fixes
 - Updated gateworks boards (ventana / venice)
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYXAPLA8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76ZZdwCfQBZyd9IWYk3vY0lYgCZsBYl8oXoAn0o9BjVu
 tMJRAcFOLxegM4CJAeqC
 =zg72
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20211020' of https://source.denx.de/u-boot/custodians/u-boot-imx

u-boot-imx-20211020
-------------------

First PR from u-boot-imx for 2022.01

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/9535

- new board: kontron-sl-mx8mm
- imx8m:
	- fix secure boot
- imx ESDHC: fixes
- i.MX53: Support thum2, bmode and fixes for Menlo board
	  usbarmory switch to Ethernet driver model
- imx6 :
	- DDR calibration for Toradex boards
- imx7:
	- Fixes
- Updated gateworks boards (ventana / venice)

# gpg verification failed.
2021-10-20 14:24:09 -04:00
Ilias Apalodimas
d6f8ab30a2 treewide: Remove OF_PRIOR_STAGE
The previous patches removed OF_PRIOR_STAGE from the last consumers of the
Kconfig option.  Cleanup any references to it in documentation,  code and
configuration options.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-18 13:19:50 -04:00
Thierry Reding
b9aad37591 fdtdec: Support reserved-memory flags
Reserved memory nodes can have additional flags. Support reading and
writing these flags to ensure that reserved memory nodes can be properly
parsed and emitted.

This converts support for the existing "no-map" flag to avoid extending
the argument list for fdtdec_add_reserved_memory() to excessive length.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
9019487608 fdtdec: Reorder fdtdec_set_carveout() parameters for consistency
The fdtdec_set_carveout() function's parameters are inconsistent with
the parameters passed to fdtdec_add_reserved_memory(). Fix up the order
to make it more consistent.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
46cb067803 fdtdec: Support compatible string list for reserved memory
Reserved memory nodes can have a compatible string list to identify the
type of reserved memory that they represent. Support specifying an
optional compatible string list when creating these nodes.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
4bf88ba76a fdtdec: Support retrieving the name of a carveout
When retrieving a given carveout for a device, allow callers to query
the name. This helps differentiating between carveouts when there are
more than one.

This is also useful when copying carveouts to help assign a meaningful
name that cannot always be guessed.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
d5598cfa9b fdtdec: Allow using fdtdec_get_carveout() in loops
In order make it possible to use fdtdec_get_carveout() in loops, return
FDT_ERR_NOTFOUND when the passed-in index exceeds the number of phandles
present in the given property.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Tom Rini
f331497d3a - add 30bpp support (EFI, simplefb, vidconsole)
- fix video console name in CONSOLE_MUX Kconfig help
  - move mxsfb driver config option to Kconfig
  - remove unused mx3fb driver
 -----BEGIN PGP SIGNATURE-----
 
 iGwEABECACwWIQSC4hxrSoIUVfFO0kRM6ATMmsalXAUCYWHeIw4cYWd1c3RAZGVu
 eC5kZQAKCRBM6ATMmsalXPMXAJsEn/v2k7xaWSjP11DfkPdoj2rmGQCeIijNt60a
 4UNYJe3S4pPBiNMamJo=
 =spnC
 -----END PGP SIGNATURE-----

Merge tag 'video-20211009' of https://source.denx.de/u-boot/custodians/u-boot-video

 - add 30bpp support (EFI, simplefb, vidconsole)
 - fix video console name in CONSOLE_MUX Kconfig help
 - move mxsfb driver config option to Kconfig
 - remove unused mx3fb driver

# gpg verification failed.
2021-10-09 17:47:27 -04:00
Simon Glass
2a2d8e94dd lz4: Use a private header for U-Boot
At present U-Boot has a header file called lz4.h for its own use. If the
host has its own lz4 header file installed (e.g. from the 'liblz4-dev'
package) then host builds will use that instead.

Move the U-Boot file into its own directory, as is done with various
other headers with the same problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-09 13:09:56 -04:00
Mark Kettenis
79f9defeba efi_loader: GOP: Fix 30bpp block transfer support
Convert pixel values when necessary like we do for 16bpp
framebuffers.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-09 18:50:31 +02:00
Mark Kettenis
01fcf0eea6 efi_loader: GOP: Add 30bpp support
Provide correct framebuffer information for 30bpp modes.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
2021-10-09 18:46:13 +02:00
Simon Glass
13c133b995 image: Drop unnecessary #ifdefs from image.h
This file has a lot of conditional code and much of it is unnecessary.
Clean this up to reduce the number of build combinations.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:27 -04:00
Simon Glass
1eccbb16a2 efi: Correct dependency on FIT_SIGNATURE
At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.

This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.

It might be better to avoid using 'select' in this situation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:27 -04:00
Simon Glass
e7d285b2f3 image: Use the correct checks for CRC32
Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
2bbed3ff8c image: Use Kconfig to enable FIT_RSASSA_PSS on host
Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.

Drop the #ifdef around padding_pss_verify() too since it is not needed.
Use the compiler to check the config where possible, instead of the
preprocessor.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
0c303f9a66 image: Drop IMAGE_ENABLE_OF_LIBFDT
Add a host Kconfig for OF_LIBFDT. With this we can use
CONFIG_IS_ENABLED(OF_LIBFDT) directly in the tools build, so drop the
unnecessary indirection.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
2c21256b27 hash: Use Kconfig to enable hashing in host tools and SPL
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
603d15a572 spl: cypto: Bring back SPL_ versions of SHA
Unfortunately these were removed by mistake. This means that adding hash
support to SPL brings in all software algorithms, with a substantial
increase in code size.

The origin of the problem was renaming them to SPL_FIT_xxx and then these
were removed altogether in a later commit.

Add them back. This aligns with CONFIG_MD5, for example, which has an SPL
variant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f5bc9c25f3 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx")
Fixes: eb5171ddec ("common: Remove unused CONFIG_FIT_SHAxxx selectors")
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
5a4f10d71b gzip: Avoid use of u64
The gzip API uses the u64 type in it, which is not available in the host
build. This makes it impossible to include the header file.

We could make this type available, but it seems unnecessary. Limiting the
compression size to that of the 'unsigned long' type seems good enough. On
32-bit machines the limit then becomes 4GB, which likely exceeds available
RAM anyway, therefore it should be sufficient. On 64-bit machines this is
effectively u64 anyway.

Update the header file and implementation to use 'ulong' instead of 'u64'.

Add a definition of u32 for the cases that seem to need exactly that
length. This should be safe enough.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
94d0a2efc0 zstd: Create a function for use from U-Boot
The existing zstd API requires the same sequence of calls to perform its
task. Create a helper for U-Boot, to avoid code duplication, as is done
with other compression algorithms. Make use of of this from the image
code.

Note that the zstd code lacks a test in test/compression.c and this should
be added by the maintainer.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
67bc59df05 Add support for an owned buffer
When passing a data buffer back from a function, it is not always clear
who owns the buffer, i.e. who is responsible for freeing the memory used.
An example of this is where multiple files are decompressed from the
firmware image, using a temporary buffer for reading (since the
compressed data has to live somewhere) and producing a temporary or
permanent buffer with the resuilts.

Where the firmware image can be memory-mapped, as on x86, the compressed
data does not need to be buffered, but the complexity of having a buffer
which is either allocated or not, makes the code hard to understand.

Introduce a new 'abuf' which supports simple buffer operations:

- encapsulating a buffer and its size
- either allocated with malloc() or not
- able to be reliably freed if necessary
- able to be converted to an allocated buffer if needed

This simple API makes it easier to deal with allocated and memory-mapped
buffers.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
930c887e0f lib: Add memdup()
Add a function to duplicate a memory region, a little like strdup().

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Ricardo Salveti
7ce83854f2 Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP
The CAAM on IMX7ULP doesn't support public key hardware acceleration
(PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP
too.

Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX")
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2021-10-07 16:53:50 +02:00
Oleksandr Suvorov
d4f05b3198 lib: rsa: fix dependency for SPL_RSA_VERIFY
SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct
dependency.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2021-10-06 09:15:14 -04:00
Pali Rohár
a3423b3f23 acpi: Use U-Boot version for OEM_REVISION
OEM_REVISION is 32-bit unsigned number. It should be increased only when
changing software version. Therefore it should not depend on build time.

Change calculation to use U-Boot version numbers and set this revision
to date number.

Prior this change OEM_REVISION was calculated from build date and stored in
the same format.

After this change macro U_BOOT_BUILD_DATE is not used in other files so
remove it from global autogenerated files and also from Makefile.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-06 09:15:14 -04:00
Alexandru Gagniuc
c5b68ef8af arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee
This config is only used by three boards with this SOC. Most other
platforms derive this information from devicetree, and are unlikely
to ever need this config.

Moreover, it is confusing when Kconfig asks for this value under
"Support OPTEE images", but does not do anything with the value.
Move it to imx7 for those boards who still make use of it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:50:14 -04:00
Alexandru Gagniuc
f6953047cb lib: optee: Remove CONFIG_OPTEE_LOAD_ADDR
This value is not used by u-boot, and it should not. The load address
of an OPTEE image is defined by said image. Either a uImage or a FIT
will have a defined load address and entry point. Those values are the
correct ones, not CONFIG_OPTEE_LOAD_ADDR.

Commit f25006b96e ("optee: Add CONFIG_OPTEE_LOAD_ADDR") justifies
this config by requiring its presence in u-boot's .config for other
images as part of a larger build, claiming it is "the best way".

This argument is not persuasive. U-boot's configuration is driven by
platform requirements, not the other way around. It seems more likely
that the argument is conflating tooling issues with Kconfig. Yocto and
buildroot have excellent mechanisms for defining values across the
board (pun intended). u-boot's Kconfig is the wrong place to do it.

Furthermore, it is not "best" for u-boot because it hardcodes a value
which is then not used. In fact the load address that u-boot uses is
the one derived from the OPTEE image.

Confused yet? I sure was. To prevent future confusion, remove
CONFIG_OPTEE_LOAD_ADDR.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:47:13 -04:00
Alexandru Gagniuc
1ab968b2fb lib: optee: Remove CONFIG_OPTEE_TZDRAM_BASE
It is no longer used in u-boot. Information about the TZDRAM location
is usually available in the devicetree as "/reserved-memory/" nodes.
Because this isn't used, remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:46:56 -04:00
Alexandru Gagniuc
26fc66709c lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image()
The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the
memory allocated to the OPTEE region. according to according to commit
c5a6e8bd00 ("optee: Add optee_verify_bootm_image()"). The TZDRAM is
with some limitations, described by "/reserved-memory" nodes in the
devicetree.

Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary
regions which have nothing to do with actual DRAM. They are not used
to configure the hardware or set up the Trust Zone Controller (TZC)
for OP-TEE -- the devicetree values are used instead.

When a valid OP-TEE image does not fall within the region described by
these configs, u-boot will refuse to load it. In fact, it mostly
serves to cause "bootm" to reject perfectly good OP-TEE images.

Ironically, someone has to correctly configure the devicetree for
TZDRAM, then go back and enter the same information in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:46:23 -04:00
Patrick Delaunay
51827f9a8b lib: optee: remove the duplicate CONFIG_OPTEE
The configuration CONFIG_OPTEE is defined 2 times:
1- in lib/optee/Kconfig for support of OPTEE images loaded by bootm command
2- in drivers/tee/optee/Kconfig for support of OP-TEE driver.

It is abnormal to have the same CONFIG define for 2 purpose;
and it is difficult to managed correctly their dependencies.

Moreover CONFIG_SPL_OPTEE is defined in common/spl/Kconfig
to manage OPTEE image load in SPL.

This definition causes an issue with the macro CONFIG_IS_ENABLED(OPTEE)
to test the availability of the OP-TEE driver.

This patch cleans the configuration dependency with:
- CONFIG_OPTEE_IMAGE (renamed) => support of OP-TEE image in U-Boot
- CONFIG_SPL_OPTEE_IMAGE (renamed) => support of OP-TEE image in SPL
- CONFIG_OPTEE (same) => support of OP-TEE driver in U-Boot
- CONFIG_OPTEE_LIB (new) => support of OP-TEE library

After this patch, the macro have the correct behavior:
- CONFIG_IS_ENABLED(OPTEE_IMAGE) => Load of OP-TEE image is supported
- CONFIG_IS_ENABLED(OPTEE) => OP-TEE driver is supported

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-10-05 08:44:48 -04:00
Tom Rini
1d1f98c8ee Various of-platdata improvements, including CONFIG_OF_REAL
-----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmFR2fMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreaAnAf/ZKPy3CRphbgAmbLhNQhQGpLosLcFp343
 cv53gfsv1DakLRrhqMSnOQSVoTg9P22uHbooDDR9WHfZyEL6tvGZ+dgN2/wlDhDj
 wbvvsM7FB+uvLVfMF3MURQBvy4dPO+FyCm/uHmry2V2uqWPw4ss+aVhxeQ5s4/oI
 LpS6yaiM8UAj2GTUZSqJ1+/W7YG9N6tL73n0PDyCvSrdCkyPWqpww1rtST88SfFI
 bBEWc6ksna/29haOwHQ2xopEbVxtHv2byULfqUtnsbtE4Ozw8o0fx66tdwPHTQlM
 7eSuRiEbqjlJuUZFIbMat7nb7inZkaWupZ/Sr1HUUiDdKMygrRsQhg==
 =x8Uf
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-next-27sep21' of https://source.denx.de/u-boot/custodians/u-boot-dm into next

Various of-platdata improvements, including CONFIG_OF_REAL
2021-09-27 11:09:23 -04:00
Tom Rini
e908d20fcb Prepare v2021.10-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFRyIMACgkQFHw5/5Y0
 tyz1jgv/aTtHWVcGiw+nvvnnlgdrY4h9yVP5AfBLhOR7ogYOw2B9xHmdh+9oCas9
 Rt45AC4nFvUszxCPJqg36kjljTKRVapemHqhCbgGGeb9GYMkNb1zjk79WnuqgeJy
 ydBUCh1NQI5pOvrpDv7kWRx1IyDi/gUgQO3RBdufbunNmn4Zj4jlw5RmMTgDACRC
 cvTr39gVQq1LOzL2W7+XkSfiEejtGERNs32Nt+jzyAm5a2PkngULUnPW6WsHu+qy
 5YJTR50TK55QgPIdoiqY14BUDpqEbHlNKsE7p6hHkDf6XSS7gLHYW2tVVt2Z8ocg
 9cW35Qotov7MeiSClc3SIEPiIefwh2oTVf0uYoP+uvlRAComvcIzphq68NIQe6Av
 es+ZJI1Qx5ERvDQMMW3xOHTlcBGgpqA0Y/QVr62rE8bEzK/1gvTiP+hVVqzUrnHJ
 f3ZAVt16clIfXKAxGsW4Am05iMmT+rtcS5IrUMuEzmkb0KK58YXsOVmsKHLX9aI1
 T74ewXfu
 =y67Q
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc5' into next

Prepare v2021.10-rc5
2021-09-27 09:45:36 -04:00
Simon Glass
f99cbe4e86 fdt: Update Makefile rules with the new OF_REAL Kconfig
Simplify some of the Makefile rules using this Kconfig.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-25 09:46:15 -06:00
Simon Glass
7de8bd03c3 treewide: fdt: Move fdt_get_config_... to ofnode_conf_read...
The current API is outdated as it requires a devicetree pointer.

Move these functions to use the ofnode API and update this globally. Add
some tests while we are here.

Correct the call in exynos_dsim_config_parse_dt() which is obviously
wrong.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-25 09:46:15 -06:00
Ruchika Gupta
346cee3ac5 efi_loader: Fix spec ID event creation
TCG EFI Protocol Specification defines the number_of_algorithms
field in spec ID event to be equal to the number of active
algorithms supported by the TPM device. In current implementation,
this field is populated with the count of all algorithms supported
by the TPM which leads to incorrect spec ID event creation.

Similarly, the algorithm array in spec ID event should be a variable
length array with length being equal to the number_of_algorithms field.
In current implementation this is defined as a fixed length array
which has been fixed.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
CC: Masahisa Kojima <masahisa.kojima@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-25 12:31:08 +02:00
Marek Vasut
1274698d13 lmb: Add generic arch_lmb_reserve_generic()
The arc/arm/m68k/microblaze/mips/ppc arch_lmb_reserve() implementations
are all mostly the same, except for a couple of details. Implement a
generic arch_lmb_reserve_generic() function which can be parametrized
enough to cater for those differences between architectures. This can
also be parametrized enough so it can handle cases where U-Boot is not
relocated to the end of DRAM e.g. because there is some other reserved
memory past U-Boot (e.g. unmovable firmware for coprocessor), it is not
relocated at all, and other such use cases.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Alexey Brodkin <alexey.brodkin@synopsys.com>
Cc: Angelo Dureghello <angelo@sysam.it>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Cc: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Cc: Hai Pham <hai.pham.ud@renesas.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Wolfgang Denk <wd@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-23 14:15:32 -04:00
Marek Vasut
270f8710f9 crc32: Add crc32 implementation using __builtin_aarch64_crc32b
ARMv8.0 has optional crc32 instruction for crc32 calculation. The
instruction is mandatory since ARMv8.1. The crc32 calculation is
faster using the dedicated instruction, e.g. 1.4 GHz iMX8MN gives:

  => time crc32 0x50000000 0x2000000
  time: 0.126 seconds # crc32 instruction
  time: 0.213 seconds # software crc32

Add implementation using the compiler builtin wrapper for the crc32
instruction and enable it by default, since we don't support any
platforms which do not implement this instruction.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
[trini: Make crc32_table guarded by CONFIG_ARM64_CRC32]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-23 14:15:32 -04:00
Simon Glass
47a25e81d3 Revert "efi_capsule: Move signature from DTB to .rodata"
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.

Revert it before too many other things are built on top of it.

This reverts commit ddf67daac3.
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-18 03:47:50 -06:00
Pali Rohár
121a165c51 Remove including timestamp.h in version.h
Header file version.h does not use anything from timestamp.h. Including of
timestamp.h has side effect which cause recompiling object file at every
make run because timestamp.h changes at every run.

So remove timestamp.h from version.h and include timestamp.h in files
which needs it.

This change reduce recompilation time of final U-Boot binary when U-Boot
source files were not changed as less source files needs to be recompiled.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Add in lib/acpi/acpi_table.c and test/dm/acpi.c, rework a few others]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Pali Rohár
bdfb6d70bb version: Move version_string[] from version.h to version_string.h
More C files do not use compile time timestamp macros and do not have to be
recompiled every time when SOURCE_DATE_EPOCH changes.

This patch moves version_string[] from version.h to version_string.h and
updates other C files which only needs version_string[] string to include
version_string.h instead of version.h. After applying this patch these
files are not recompiled every time when SOURCE_DATE_EPOCH changes.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Pali Rohár
fa9c5da702 efi_loader: Use directly version_string variable
Macro U_BOOT_VERSION_STRING is already stored in variable version_string.
So use directly this variable instead of storing U_BOOT_VERSION_STRING into
temporary variable.

Signed-off-by: Pali Rohár <pali@kernel.org>
[trini: This area was reworked since posted, what is here is now really
        inspired by the previous version, so drop Ilias' Acked-by]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Tom Rini
6674edaabf Prepare v2021.10-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFBKRgACgkQFHw5/5Y0
 tyw/PwwAtGB3rBeYW4rjWuMC5WP1UDTnvZIAok5ImWumWDahjDm8Yq2VCzAe9adw
 EYBjuNmaNl9aQvGVqlVJeIcLku5MLuLQu2za8vhc1R8X9VTPPY+LLTcdOokOmB8y
 8JiaE7fJsb1bZeV+diF9tss3B0IkUrwSJtW1d+qfdz/4UiRvwK5BhnZgzIobDldO
 g1Ldz/xiR2GOAXlUMwDrNAi6qNvmeAqRsQxySVrjltAV2ST7LJnOiHuWvJX6g6VS
 l796Hleh/kULfEW6n+1ZaTNqvVRcJ8xYSOG8w8y9u6HuPBA3JrYH1p1Eo5n7PPDv
 US71Iy/ncweTyfTMEBThWLqjHOQ05sVkWX/r4fj2iJRli+Og53lE1fVJ4ajIx7vz
 Tc76wI43i0I5lr2yTErjUG6EzDDoueqd+c8BwxihNLUK/+QG31xoCEMfC80C25ro
 QhYVFgiPWN0ySUD5M5tbGXODvfNNIDKXpY5oSOTVtemZtDEMpO2zBM1s/K3RV7Ud
 Je9Pj0Cu
 =Me42
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc4' into next

Prepare v2021.10-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>

# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	board/Arcturus/ucp1020/spl.c
#	cmd/mvebu/Kconfig
#	common/Kconfig.boot
#	common/image-fit.c
#	configs/UCP1020_defconfig
#	configs/sifive_unmatched_defconfig
#	drivers/pci/Kconfig
#	include/configs/UCP1020.h
#	include/configs/sifive-unmatched.h
#	lib/Makefile
#	scripts/config_whitelist.txt
2021-09-16 10:29:40 -04:00
Alexandru Gagniuc
de41f0ee0d image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")

The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.

To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")

One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:

Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.

Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-14 11:46:48 -04:00
Oleksandr Suvorov
5145bc73bd lib: fix typos in Kconfig
There are trivial typos in the Kconfig file. Fixed them.
Also, fixed grammar in the descriptions with typos.

Fixes: d56b4b1974 ("configs: Migrate RBTREE, LZO, CMD_MTDPARTS, CMD_UBI and CMD_UBIFS")
Fixes: 7264f2928b ("spl: fit: Eanble GZIP support for image decompression")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-09-14 09:07:18 -04:00
Heinrich Schuchardt
d607dfd878 lib/rsa: don't use NULL as key_id
If keydir is not provided but name is we want to use name as key_id.

But with the current coding name is only used on its own if it is NULL
and keydir is provided which never occurs.

Fixes: 824ee745fb ("lib/rsa: Use the 'keyfile' argument from mkimage")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-14 09:07:18 -04:00
Simon Glass
b717f2f2d1 pci: Drop DM_PCI check from fdtdec
We don't need this check anymore since when PCI is enabled, driver model
is always used.

Sadly this doesn't work with nds32 for some reason to do with the
toolchain. Add a work-around for that.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-13 18:23:13 -04:00
Tom Rini
56a85b831f Pull request for efi-2021-10-rc4-2
Documentation:
 
 * improve documentation of U-Boot for /config DT node
 * integrate bloblist documentation
 
 UEFI:
 
 * correct usage of EFI_CALL()
 * code tidy up
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmE8coEACgkQxIHbvCwF
 GsSB4Q//VpVKE5/xKiDFkdFjrjgXLWv1ORuQ1glBf5Br/0SnYjTI570RKWtJRfn4
 ugW/ytZpfudi60EMOwmPEAx2nd6ERJeFewUkcsJjvRC/2gX1u49XkSHxoolqQlji
 1DaeWz3CH6LLq8d09ha1AsYWL2aFqZd8YrpICq47BmKJNitGd1puI+co2w0HpAFj
 mn2+J9ctbn3Evl0ipSzLB2MMR65Q79qyM3eJXUqli2t1BkWMsyqHtVDNVCTUKj4I
 TKOU7DNkwNcalKayzplSrMzzucQnkaQQbErhd78aYRsC2sIY2HTkhi2J7iFhN6/I
 tCZ45AD6+8UpCs1jy5xCJAJJ0nW44xmW7Q+UM61P75DJMccaUb2cKMvZKidiSu9m
 8ck5IBU8fVN9khhMxoVR54aKLK9tmJRjVX1ugrVCXoh32Dzu+Ikf9n91ACHaduU8
 s92DIrH3f9tyBQIHNLL0LGgDLB6YYTzLrmlcPC/t7n5iJUoznDdQddrhS4/9qx+l
 fpyyGLo8Vk/krvyNrYpiamRi2kGKV0CAWvig1YGjeDT6baC4NsEYjgL6JKKN6QPi
 xeENZ+yJJMvY5DXdaoERRMJutfuep64XkLx8mqYSNCIcLIjOpGrV7rk0O6qU5Ww+
 +9kLQq1ygWeDR0t6BWHlX5nEImvqc1+vDPb8IMt9r6aIZ/ED9/U=
 =hPaX
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc4-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc4-2

Documentation:

* improve documentation of U-Boot for /config DT node
* integrate bloblist documentation

UEFI:

* correct usage of EFI_CALL()
* code tidy up
2021-09-12 20:33:21 -04:00
Heinrich Schuchardt
aec7c0925c efi_loader: simplify efi_watchdog_timer_notify()
We can call do_reset() directly without invoking the UEFI API.
This decreases the code size.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Ilias Apalodimas
0bf538ce0c efi_loader: Remove incorrect calls of EFI_CALL in TCG2
There is two unneeded EFI_CALL references in tcg2_measure_pe_image().
The first one in efi_search_protocol() and the second on in the device path
calculation.  The second isn't even a function we should be calling, but a
pointer assignment, which happens to work with the existing macro.

While at it switch the malloc call to a calloc, remove the unnecessary cast
and get rid of an unneeded if statement before copying the device path

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Heinrich Schuchardt
6919619f9c efi_loader: require CONFIG_BLK
The move to driver model should by now be completed. To be able to remove
pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI
support.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Masahisa Kojima
bad49da2bc efi_loader: boot_service_capability_min should be capitalized
boot_service_capability_min is constant, it should be capitalized.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Tom Rini
465bff8b10 Kconfig: Drop duplicate 'select SHA512' instances
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting  both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice.  Kconfig doesn't complain, but this is still wrong
and should be corrected.

Fixes: e60e449931 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-09 11:11:33 -04:00
Alexandru Gagniuc
fe54aeaa4a common: Move MD5 hash to hash_algo[] array.
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
0721209699 common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT.  This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
e60e449931 lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-08 16:11:46 -04:00
Simon Glass
5ed16a9511 net: Rename SPL_NET_SUPPORT to SPL_NET
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-04 12:48:53 -04:00
Simon Glass
2a73606668 serial: Rename SERIAL_SUPPORT to SERIAL
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-04 12:26:01 -04:00
Masahisa Kojima
538c0f2d37 efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Masahisa Kojima
580d7242b1 efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
7219856dae efi_loader: correct determination of secure boot state
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.

* If a platform key PK is present and DeployedMode=1, we are in deployed
  mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
b191aa429e efi_loader: efi_auth_var_type for AuditMode, DeployedMode
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
9ef82e2947 efi_loader: don't load signature database from file
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
f3a343d733 efi_loader: rounding of image size
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.

Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
1ea133acd6 efi_loader: sections with zero VirtualSize
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.

Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
2021-09-04 12:03:57 +02:00
Andreas Schwab
c8291f53b0 lib: add crc16.o if CONFIG_MMC_SPI_CRC_ON for SPL build
CONFIG_MMC_SPI_CRC_ON needs the crc16 functions, but it was not included
in an SPL build.  For non-SPL builds, crc16.o is already added
unconditionally.  This also removes CONFIG_SPL_YMODEM_SUPPORT from the
sifive board configs, which is only relevant for some ARM boards and was
only set for its side effect of adding crc16.o.
2021-09-02 10:17:45 -04:00
Heinrich Schuchardt
295ab733df lib: -Wformat-truncation in rsa_engine_get_priv_key
With glibc 2.33 (Ubuntu package glibc6 2.33-0ubuntu9) building
sifive_unmatched_defconfig results in:

In file included from /usr/include/stdio.h:866,
                  from ././include/compiler.h:26,
                  from <command-line>:
In function ‘snprintf’,
     inlined from ‘rsa_engine_get_priv_key’ at ./tools/../^:273:4:
/usr/include/riscv64-linux-gnu/bits/stdio2.h:71:10: warning:
‘%s’ directive argument is null [-Wformat-truncation=]
    71 |   return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
       |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    72 |        __glibc_objsize (__s), __fmt,
       |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    73 |        __va_arg_pack ());
       |        ~~~~~~~~~~~~~~~~~

Avoid passing a NULL string.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-01 19:25:37 -04:00
Chia-Wei Wang
74bda4fe3d lib/md5: Export progressive APIs
Export the MD5 hash init/update/finish progressive APIs
for better flexibility.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-09-01 19:25:37 -04:00
Alexandru Gagniuc
fe68a67a5f lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Older OpenSSL and libressl versions have a slightly different API.
This require #ifdefs to support. However, we still can't support it
because the ECDSA path does not compile with these older versions.
These #ifdefs are truly a vestigial appendage.

Alternatively, the ECDSA path could be updated for older libraries,
but this requires significant extra code, and #ifdefs. Those libraries
are over three years old, and there concerns whether it makes sense to
build modern software for real world use against such old libraries.

Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-01 19:25:37 -04:00
Michal Simek
b4c2c151b1 Kconfig: Remove all default n/no options
default n/no doesn't need to be specified. It is default option anyway.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31 17:47:49 -04:00
Tom Rini
4865db0716 Pull request for efi-2021-10-rc3
Documentation:
 
 * Rename Freescale to NXP
 * Document structures used for the UEFI TCG2 protocol
 
 UEFI:
 
 * Device paths must use EfiBootServicesData
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmEf+AgACgkQhO4vgnE3
 U0skxhAAjjv6yMYLYlj2YNTtYDS2zVsnsY8i/vmWNmGYvwfrlcUC/e3J00ftBIjI
 DEwImrzefvQwr4NOZgIlyxR81NwboWULxvHSF5avwctxQVoTElkSfE2Ji+nFYa23
 P/L7E/Zf+NwTHBlE1wfkNJPZ/zya73DTOe+MGWvLnvOX56JZqEJOgmTtcQntRUll
 9zkB76j6sCk8B3ydFZmzGqhB4aslJBypG+bQB72XXGVBZoHb9pEPv90hBl616AN/
 5H8WewxTE2s6z3IfexxPAc7ssMQuW3RWw0WsJvBVviw8tSPj4SZjg5HNHAM3mz/i
 EXHUqAEySP1oT6P4hVef7Xc9gC67N+dVZGAA1QcZBkAnH+BQQ2GmIWX5+3mZJflq
 3eHWhMUHWc4q76MbN9QqReAo3wJ3GsBqdA1oORR5FgIPwEVl0jwQMYv6frC/vB6/
 6VX8WcbAWsixjf8QeQlibfMqBO9xZI1Iue5rN6DcwMey6dZrDnXGMdk7Woj6F4ga
 tERYBt+UBawTf2ww24wMXc7Hw2dZ6kj44ls2doRFKqHOpaY9Mk2QPTaVPrFkj33J
 3xlH2BYdB3ALriS1jN6Qcq6xEwyaMdkj5MzVyitunaCLiAKKORwGf0chkqiRiA+k
 zEET0uDBtO7beraiUJU9jeMPcVj3mYpiFR/CZBD/HWOVB/KwhGU=
 =gMKg
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc3

Documentation:

* Rename Freescale to NXP
* Document structures used for the UEFI TCG2 protocol

UEFI:

* Device paths must use EfiBootServicesData
2021-08-23 12:44:12 -04:00
Matwey V. Kornilov
f52352f65e display_options: Do not use %llu in print_size
tiny-printf variant doesn't know how to handle %llu format string, but both
tiny-printf and print_size can meet in SPL when TFTP is used to obtain main
u-boot image. This is known to lead to critical boot issue at AM335x platform
when printf is catched in infinite loop.

To avoid such issues and make print_size function tiny-printf friendly, use %u
instead of %luu. Note, that the size value is guaranteed to be less than 1024
in this conditional branch, so the cast to unsigned int is safe.

Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-21 18:23:02 -04:00
Matwey V. Kornilov
c091f65234 tiny-printf: Handle %pM format when CONFIG_SPL_NET_SUPPORT is enabled
%pM format string is used to print MAC-address and this is required while SPL
network boot.

This patch fixes the SPL boot issues like the following:

    Trying to boot from USB eth
    ## Error: flags type check failure for "ethaddr" <= "40309614M" (type: m)
    ## Error inserting "ethaddr" variable, errno=1
    eth0: eth_cpsw## Error: flags type check failure for "eth1addr" <=
    "81f01114M" (type: m)
    ## Error inserting "eth1addr" variable, errno=1
    , eth1: usb_ether
    eth_cpsw Waiting for PHY auto negotiation to complete......... TIMEOUT !
    Problem booting with BOOTP
    SPL: failed to boot from all boot devices
    ### ERROR ### Please RESET the board ###

Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-21 18:23:02 -04:00
Heinrich Schuchardt
9a4b3c8e91 efi_loader: use EfiBootServicesData for DP to text
Memory allocated in the implementation of the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL must be of type EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
426a15893f efi_loader: use EfiBootServicesData for device path
dp_alloc() was using a constant from the wrong enum resulting in creating
device paths in EfiReservedMemory.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
49d225e7bf efi_loader: use correct type for AllocatePages, AllocatePool
Use enum efi_memory_type and enum_allocate_type in the definitions of the
efi_allocate_pages(), efi_allocate_pool().

In the external UEFI API leave the type as int as the UEFI specification
explicitely requires that enums use a 32bit type.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Alexandru Gagniuc
928a8be794 lib: ecdsa: Implement UCLASS_ECDSA verification on target
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Masahisa Kojima
61ee780352 efi_loader: refactor efi_append_scrtm_version()
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
fdff03e5b3 efi_loader: add ExitBootServices() measurement
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
8fc4e0b427 efi_loader: add boot variable measurement
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.

TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
cfbcf054a3 efi_loader: add secure boot variable measurement
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".

Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Heinrich Schuchardt
148ce20520 efi_loader: Uri() device path node
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Tom Rini
b91c704333 Merge https://source.denx.de/u-boot/custodians/u-boot-samsung 2021-08-03 09:07:01 -04:00
Simon Glass
e6951139c0 lib: Allow using 0x when a decimal value is requested
U-Boot mostly uses hex for value input, largely because addresses are much
easier to understand in hex.

But in some cases a decimal value is requested, such as where the value is
small or hex does not make sense in the context. In these cases it is
sometimes useful to be able to provide a hex value in any case, if only to
resolve any ambiguity.

Add this functionality, for increased flexibility.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
5a94546e1c lib: Move common digit-parsing code into a function
The code to convert a character into a digit is repeated twice in this
file. Factor it out into a separate function. This also makes the code a
little easier to read.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
96b23440c1 lib: Drop unnecessary check for hex digit
If we see 0x then we can assume this is the start of a hex value. It
does not seem necessary to check for a hex digit after that since it will
happen when parsing the value anyway.

Drop this check to simplify the code and reduce size. Add a few more test
cases for when a 0x prefix is used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
0b1284eb52 global: Convert simple_strtoul() with decimal to dectoul()
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Heinrich Schuchardt
78e6b871fd efi_loader: typo cerificate
%s/cerificate/certificate/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-02 08:21:12 +02:00
Heinrich Schuchardt
fa3f1f1dbd lib: disable CONFIG_SPL_HEXDUMP by default
CONFIG_HEXDUMP is needed to display UEFI variables using 'printenv -e'.

Enabling CONFIG_SPL_HEXDUMP only makes sense for debugging purposes.
Hence CONFIG_SPL_HEXDUMP should not be enabled by default.

The following boards currently have CONFIG_SPL_HEXDUMP=y. This includes
boards that don't use SPL at all.

axm_defconfig
imx8mm-cl-iot-gate_defconfig
imx8mm_venice_defconfig
imxrt1020-evk_defconfig
imxrt1050-evk_defconfig
kontron_sl28_defconfig
kp_imx53_defconfig
lx2160ardb_tfa_stmm_defconfig
mt7622_rfb_defconfig
octeon_ebb7304_defconfig
octeon_nic23_defconfig
qemu_arm64_defconfig
qemu_arm_defconfig
qemu-riscv32_defconfig
qemu-riscv32_smode_defconfig
qemu-riscv64_defconfig
qemu-riscv64_smode_defconfig
qemu-x86_64_defconfig
qemu-x86_defconfig
sandbox64_defconfig
sandbox_defconfig
stm32mp15_basic_defconfig
stm32mp15_trusted_defconfig
synquacer_developerbox_defconfig
taurus_defconfig
xilinx_versal_virt_defconfig

The patch only keeps it enabled on

sandbox_spl_defconfig

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-01 15:45:11 +02:00
Marc Kleine-Budde
62b27a561c mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine
This patch adds the possibility to pass the PIN the OpenSSL Engine
used during signing via the environment variable MKIMAGE_SIGN_PIN.
This follows the approach used during kernel module
signing ("KBUILD_SIGN_PIN") or UBIFS image
signing ("MKIMAGE_SIGN_PIN").

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2021-07-28 20:46:34 -04:00
Chan, Donald
6d59ace988 lib: rsa: rsa-sign: Minor bug in debug message
*sig_size isn't set until later so use the correct variables.

Signed-off-by: Donald Chan <hoiho@lab126.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-28 20:46:34 -04:00
Thomas Perrot
0eadb2b2da lib: rsa: rsa-verify: Fix a typo in a debug message
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
2021-07-28 20:46:34 -04:00
Simon Glass
1a46cb6c7e lib: Create a new Kconfig option for charset conversion
Rather than looking at two KConfig options in the Makefile, create a new
Kconfig option for compiling lib/charset.c

Enable it for UFS also, which needs this support.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-28 14:27:54 -04:00
Roland Gaudig
0b016428a7 lib: strto: add simple_strtoll function
Add simple_strtoll function for converting a string containing digits
into a long long int value.

Signed-off-by: Roland Gaudig <roland.gaudig@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-27 14:50:47 -04:00
Simon Glass
5e19f4aa13 samsung: exynos: Convert SROMC interface to a driver
Add a bus driver for this and use it to configure the bus parameters for
the Ethernet interface. Drop the old pre-driver-model code.

Switch over to use driver model for Ethernet.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
2021-07-27 10:34:27 +09:00
AKASHI Takahiro
86a3d43bff efi_loader: remove asm/setjmp.h from efi_api.h
In the commit c982874e93 ("efi_loader: refactor
efi_setup_loaded_image()"), setjmp-related definitions were moved to
efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer
refererenced in efi_api.h.

This also fixes some error when efi_api.h will be included in
mkeficapsule.c.

Fixes: c982874e93 ("efi_loader: refactor efi_setup_loaded_image()")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-24 10:49:51 +02:00
AKASHI Takahiro
c2cc60c1f9 efi_loader: capsule: remove authentication data
If capsule authentication is disabled and yet a capsule file is signed,
its signature must be removed from image data to flush.
Otherwise, the firmware will be corrupted after update.

Fixes: 04be98bd6b ("efi: capsule: Add support for uefi capsule
	authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2021-07-24 10:49:51 +02:00
AKASHI Takahiro
ef890f6331 efi_loader: capsule: remove unused guid
efi_guid_capsule_root_cert_guid is never used.
Just remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-24 10:49:51 +02:00
Heinrich Schuchardt
c193d9bd28 smbios: error handling for invalid addresses
SMBIOS tables only support 32bit addresses. If we don't have memory here
handle the error gracefully:

* on x86_64 fail to start U-Boot
* during UEFI booting ignore the missing table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-24 10:49:51 +02:00
Pali Rohár
11275e4f72 smbios: Fix calculating BIOS Release Date
BIOS Release Date must be in format mm/dd/yyyy and must be release date.
U-Boot currently sets BIOS Release Date from U_BOOT_DMI_DATE macro which is
generated from current build timestamp.

Fix this issue by setting U_BOOT_DMI_DATE macro to U-Boot version which is
better approximation of U-Boot release date than current build timestamp.
Current U-Boot versioning is in format yyyy.mm so as a day choose 01.

Some operating systems are using BIOS Release Date for detecting when was
SMBIOS table filled or if it could support some feature (e.g. BIOS from
1990 cannot support features invented in 2000). So this change also ensures
that recompiling U-Boot from same sources but in different year does not
change behavior of some operating systems.

Macro U_BOOT_DMI_DATE is not used in other file than lib/smbios.c
so remove it from global autogenerated files and also from Makefile.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-24 10:49:51 +02:00
Steffen Jaeckel
29bbe71ccf lib: wrap crypt API to hide errno usage
In order to prevent using the global errno, replace it with a static
version and create a wrapper function which returns the error value.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
26dd993657 lib: add crypt subsystem
Add the basic functionality required to support the standard crypt
format.
The files crypt-sha256.c and crypt-sha512.c originate from libxcrypt and
their formatting is therefor retained.
The integration is done via a crypt_compare() function in crypt.c.

```
libxcrypt $ git describe --long --always --all
tags/v4.4.17-0-g6b110bc
```

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-23 13:36:14 -04:00
Ilias Apalodimas
ddf67daac3 efi_capsule: Move signature from DTB to .rodata
The capsule signature is now part of our DTB.  This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata.  This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.

Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-07-18 14:43:56 +02:00
Masahisa Kojima
d934ed577e efi_loader: increase eventlog buffer size
TCG PC Client PFP spec says "The Log Area Minimum Length
for the TCG event log MUST be at least 64KB." in ACPI chapter.
This commit increase the buffer size to 64KB.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-18 14:43:56 +02:00
Masami Hiramatsu
484d7d80cb efi_loader: Use %pD to log device-path instead of local efi_dp_str()
Use %pD to log device-path instead of using efi_dp_str() and
efi_free_pool() locally in find_boot_device().
This is a cleanup patch, no feature update nor fix.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-18 14:43:56 +02:00
Alfonso Sánchez-Beato
17f8cda505 efi_loader: set partition GUID in device path for SIG_TYPE_GUID
Previously, the GPT device GUID was being used instead of the partition,
which was incorrect.

Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>

Let EFI_LOADER select CONFIG_PARTITION_UUIDS.
Use log_warning() instead of printf() for warning.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-07-18 14:43:56 +02:00
Alexandru Gagniuc
6909edb4ce image: rsa: Move verification algorithm to a linker list
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.

Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:38:49 -04:00
Simon Glass
ad74aed11e image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
Drop the ENABLE and SUPPORT parts of this, which are redundant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Rasmus Villemoes
23b542aa3f lib/vsprintf.c: remove unused ip6_addr_string()
There's currently no user of %p[iI]6, so including ip6_addr_string()
in the image is a waste of bytes. It's easy enough to have the
compiler elide it without removing the code completely.

The closest I can find to anybody "handling" ipv6 in U-Boot currently
is in efi_net.c which does

        if (ipv6) {
                ret = EFI_UNSUPPORTED;

As indicated in the comment, it can easily be put back, but preferably
under a config knob.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2021-07-15 18:44:36 -04:00
Rasmus Villemoes
ce452157e6 lib/vsprintf.c: remove stale comment
U-Boot doesn't support %pS/%pF or any other kind of kallsyms-like
lookups. Remove the comment.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2021-07-15 18:44:36 -04:00
Rasmus Villemoes
9758778646 lib/vsprintf.c: implement printf() in terms of vprintf()
This saves some code, both in terms of #LOC and .text size, and it is
also the normal convention that foo(...) is implemented in terms of
vfoo().

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2021-07-15 18:44:36 -04:00
Simon Glass
fdfae3727c tpm: Check outgoing command size
In tpm_sendrecv_command() the command buffer is passed in. If a mistake is
somehow made in setting this up, the size could be out of range. Add a
sanity check for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331152)
2021-07-15 18:42:05 -04:00
Heinrich Schuchardt
e94ef57952 lib: move rtc-lib.c to lib
Function rtc_to_tm() is needed for FAT file system support even if we don't
have a real time clock. So move it from drivers/ to lib/.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-07-14 16:57:35 -04:00
Masami Hiramatsu
b0b1449b3b efi_loader: Fix to set bootdev_root correctly if bootdev found
Fix find_boot_device() to set bootdev_root if it finds the
bootdev from BootNext. Currently it sets the bootdev_root only
when it finds bootdev from BootOrder.

Fixes: c74cd8bd08 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Accked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:38:16 +02:00
Heinrich Schuchardt
70bad5462c efi_loader: set CapsuleLast after each capsule
If multiple capsules are applied, the FMP drivers for the individual
capsules can expect the value of CapsuleLast to be accurate. Hence
CapsuleLast must be updated after each capsule.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:30:48 +02:00
Heinrich Schuchardt
d7eedd9d50 efi_loader: missing EFI_CALL() in set_capsule_result
efi_set_variable() should be called with EFI_CALL(). Use
efi_set_variable_int() instead.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:30:48 +02:00
Heinrich Schuchardt
3e49119efb efi_loader: rework messages for capsule updates
* Use log category LOGC_EFI. This allows to remove 'EFI:' prefixes in
  messages.
* Rephrase some of the messages.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:30:48 +02:00
Heinrich Schuchardt
79a61ccb23 efi_loader: provide file attributes in EFI_FILE_PROTOCOL.Read()
When reading a directory using EFI_FILE_PROTOCOL.Read() provide file
attributes and timestamps.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:30:48 +02:00
Heinrich Schuchardt
cbe3ab986b lib: remove superfluous #ifdefs from date.c
We should avoid #ifdef in C modules. Unused functions are eliminated by the
linker.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-12 20:30:48 +02:00
Tom Rini
6194b45a83 Merge branch 'next' 2021-07-05 11:20:30 -04:00
Ilias Apalodimas
0fa5020c02 efi_loader: Allow capsule update on-disk without checking OsIndications
Although U-Boot supports capsule update on-disk, it's lack of support for
SetVariable at runtime prevents applications like fwupd from using it.

In order to perform the capsule update on-disk the spec says that the OS
must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in
the OsIndications variable.  The firmware then checks for the
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications
variable, which is set by the submitter to trigger processing of the
capsule on the next reboot.

Let's add a config option which ignores the bit and just relies on the
capsule being present. Since U-Boot deletes the capsule while processing
it, we won't end up applying it multiple times.

Note that this is allowed for all capsules. In the future, once
authenticated capsules are fully supported, we can limit the functionality
to those only.

Signed-off-by: apalos <ilias.apalodimas@linaro.org>

Reword Kconfig description.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 18:29:06 +02:00
Heinrich Schuchardt
149108a3eb efi_loader: clear OsIndications
After each reboot we must clear flag
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in variable
OsIndications.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00
Masami Hiramatsu
417a3c24c9 efi_loader: Improve the parameter check for QueryVariableInfo()
Improve efi_query_variable_info() to check the parameter settings and
return correct error code according to the UEFI Specification 2.9,
and the Self Certification Test (SCT) II Case Specification, June
2017, chapter 4.1.4 QueryVariableInfo().

Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00
Heinrich Schuchardt
abd62e4d41 efi_loader: missing parentheses in query_console_size
After if we should use parentheses to keep the code readable.

Fixes: a95f4c8859 ("efi_loader: NULL dereference in EFI console")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00
Ilias Apalodimas
6e0184b86f efi_loader: Always install FMPs
We only install FMPs if a CapsuleUpdate is requested.  Since we now have an
ESRT table which relies on FMPs to build the required information, it
makes more sense to unconditionally install them. This will allow userspace
applications (e.g fwupd) to make use of the ERST and provide us with files
we can use to run CapsuleUpdate on-disk

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00
Ilias Apalodimas
b891ff18f8 efi_loader: Force a single FMP instance per hardware store
Chapter 23 of the EFI spec (rev 2.9) says:
"A specific updatable hardware firmware store must be represented by
exactly one FMP instance".
This is not the case for us, since both of our FMP protocols can be
installed at the same time because they are controlled by a single
'dfu_alt_info' env variable.
So make the config options depend on each other and allow the user to
install one of them at any given time.  If we fix the meta-data provided
by the 'dfu_alt_info' in the future,  to hint about the capsule type
(fit or raw) we can revise this and enable both FMPs to be installed, as
long as they target different firmware hardware stores

Note that we are not using a Kconfig 'choice' on purpose, since we
want to allow both of those to be installed and tested in sandbox

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00
Masami Hiramatsu
3ef772230d efi: Fix to use null handle to create new handle for efi_fmp_raw
When running the efidebug capsule disk-update command, the efi_fmp_raw
protocol installation fails with 2 (EFI_INVALID_PARAMETER) as below.
This is because the code passes efi_root instead of the handle local var.

=> efidebug capsule disk-update
EFI: Call: efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
  EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbaf5988)
    EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
      EFI: Entry efi_install_protocol_interface(00000000fbaf5988, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6ee8)
        EFI: new handle 00000000fbb37520
      EFI: Exit: efi_install_protocol_interface: 0
    EFI: 0 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
  EFI: Exit: efi_install_multiple_protocol_interfaces: 0
EFI: 0 returned by efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
EFI: Call: efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
  EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbfec648)
    EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
      EFI: Entry efi_install_protocol_interface(00000000fbfec648, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6f18)
        EFI: handle 00000000fbaf8520
      EFI: Exit: efi_install_protocol_interface: 2
    EFI: 2 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
  EFI: Exit: efi_install_multiple_protocol_interfaces: 2
EFI: 2 returned by efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
Command failed, result=1

To fix this issue, pass the handle local var which is set NULL right
before installing efi_fmp_raw as same as the installing efi_fmp_fit.
(In both cases, the local reference to the handle will be just discarded)

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-02 09:37:01 +02:00