Commit graph

1086 commits

Author SHA1 Message Date
Heinrich Schuchardt
9d1564dabc efi_loader: segfault in efi_clear_os_indications()
If we call efi_clear_os_indications() before initializing the memory store
for UEFI variables a NULL pointer dereference occurs.

The error was observed on the sandbox with:

    usb start
    host bind 0 sandbox.img
    load host 0:1 $kernel_addr_r helloworld.efi
    bootefi $kernel_addr_r

Here efi_resister_disk() failed due to an error in the BTRFS implementation.

Move the logic to clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
to the rest of the capsule code.

If CONFIG_EFI_IGNORE_OSINDICATIONS=y, we should still clear the flag.
If OsIndications does not exist, we should not create it as it is owned by
the operating system.

Fixes: 149108a3eb ("efi_loader: clear OsIndications")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-26 21:30:59 +01:00
Heinrich Schuchardt
cd9a26bfe5 efi_loader: efi_disk_register() should not fail
Our algorithm for creating USB device paths may lead to duplicate device
paths which result in efi_disk_register() failing. Instead we should just
skip devices that cannot be registered as EFI block devices.

Fix a memory leak in efi_disk_add_dev() caused by the duplicate device
path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-26 21:30:59 +01:00
Tom Rini
3f73e79de8 efi: Call bootm_disable_interrupts earlier in efi_exit_boot_services
If we look at the path that bootm/booti take when preparing to boot the
OS, we see that as part of (or prior to calling do_bootm_states,
explicitly) the process, bootm_disable_interrupts() is called prior to
announce_and_cleanup() which is where udc_disconnect() /
board_quiesce_devices() / dm_remove_devices_flags() are called from.  In
the EFI path, these are called afterwards.  In efi_exit_boot_services()
however we have been calling bootm_disable_interrupts() after the above
functions, as part of ensuring that we disable interrupts as required
by the spec.  However, bootm_disable_interrupts() is also where we go
and call usb_stop().  While this has been fine before, on the TI J721E
platform this leads us to an exception.  This exception seems likely to
be the case that we're trying to stop devices that we have already
disabled clocks for.  The most direct way to handle this particular
problem is to make EFI behave like the do_bootm_states() process and
ensure we call bootm_disable_interrupts() prior to ending up in
usb_stop().

Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-26 21:30:59 +01:00
Ilias Apalodimas
d6b55a420c efi_loader: startup the tpm device when installing the protocol
Due to U-Boot's lazy binding mentality the TPM is probed but not properly
initialized.  The user can startup the device from the command line
e.g 'tpm2 startup TPM2_SU_CLEAR'.  However we can initialize the TPM during
the TCG protocol installation,  which is easier to use overall.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-20 10:53:01 +01:00
Ilias Apalodimas
5ba0397049 efi_loader: fix FinalEvents table if an EFI app invoked GetEventLog
As described in the TCG spec [1] in sections 7.1.1 and 7.1.2 the FinalEvent
table should include events after GetEventLog has been called.  This
currently works for us as long as the kernel is the only EFI application
calling that.  Specifically we only implement what's described in 7.1.1.

So refactor the code a bit and support EFI application(s) calling
GetEventLog.  Events will now be logged in both the EventLog and FinalEvent
table as long as ExitBootServices haven't been invoked.

[1] https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20 10:53:00 +01:00
Heinrich Schuchardt
43eaf5b13f efi_loader: EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES
Implement the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group
handling.

Add the definition of EFI_EVENT_GROUP_AFTER_READY_TO_BOOT.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-20 10:53:00 +01:00
Masami Hiramatsu
5d49b32f0a efi_loader: capsule: Record capsule result only if capsule is read
Record capsule update result only if the capsule file is
successfully read, because the capsule GUID is not sure when
the file can not be read or the file is not a capsule.
Without this fix, if user puts a dummy (non-capsule) file
under (ESP)EFI/UpdateCapsule, U-Boot causes a synchronous
abort.

This also fixes use-after-free bug of the 'capsule' variable.

Fixes: c74cd8bd08 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-20 10:53:00 +01:00
Masahisa Kojima
3961bd9b55 efi_loader: Reduce efi_tcg2 logging statement
log_info() is used for the debug level logging statement
which should use log_debug() instead. Convert it to reduce the
log output.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-20 10:53:00 +01:00
Masahisa Kojima
c9c1cdbda3 efi_loader: fix BootOrder variable measurement handling
UEFI specification does not require that BootOrder is defined.
In current implementation, boot variable measurement fails and
returns EFI_NOT_FOUND if BootOrder is not defined.

This commit correcly handles this case, skip the boot variable
measurement if BootOrder is not defined.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-10 20:57:54 +01:00
Simon Glass
e16c47fa3d efi: Create a 64-bit app
Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app
that runs under that. Add a (non-functional) build for this.

Note that --whole-archive causes the gcc 9.2 linker to crash, so disable
this for now. Once this is resolved, things should work.

For now, avoid mentioning the documentation for the 64-bit app, since it
does not work.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-11-07 18:36:55 +01:00
Masahisa Kojima
7fc93cae49 efi_loader: add EFI_TCG2_PROTOCOL.SubmitCommand
This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand
required in the TCG PC Client PFP spec.
SubmitCommand enables to send the raw command to the TPM device.

To implement this api, tpm2_submit_command() is added
into tpm-v2.c.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-11-07 18:36:55 +01:00
Masahisa Kojima
14cbb330fe efi_loader: use byteshift unaligned access helper
Calling unaligned/access-ok.h version of put_unaligned_le64()
causes data abort in arm 32-bit QEMU.

The similar issue also occurs in linux kernel,
unaligned/access-ok.h is no longer used in linux kernel[1].

This commit uses the unaligned/be_byteshift.h and
unaligned/le_byteshift.h helper instead of unaligned/access-ok.h.

[1]https://lore.kernel.org/all/20210507220813.365382-8-arnd@kernel.org/

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-11-07 18:36:55 +01:00
AKASHI Takahiro
50b05eb606 efi_loader: capsule: drop __weak from efi_get_public_key_data()
As we discussed in ML, currently a device tree is the only place
to store public keys for capsule authentication. So __weak is not
necessary for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-11-07 18:36:55 +01:00
Masahisa Kojima
65aa259aa7 efi_loader: add DeployedMode and AuditMode variable measurement
This commit adds the DeployedMode and AuditMode variable
measurement required in TCG PC Client Platform Firmware
Profile Specification.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:33:19 +02:00
Masahisa Kojima
96485d2f3f efi_loader: simplify tcg2_measure_secure_boot_variable()
This commit simplifies tcg2_measure_secure_boot_variable()
using secure_variables table.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:33:19 +02:00
Masahisa Kojima
ce3dbc5d08 efi_loader: add UEFI GPT measurement
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client Platform Firmware
Profile Specification

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 21:32:46 +02:00
Masahisa Kojima
3d49ee8510 efi_loader: add SMBIOS table measurement
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).

The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.

Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.

This commit also fixes the following compiler warning:

lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
  const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 17:58:14 +02:00
Heinrich Schuchardt
a45dac1785 efi_loader: simplify tcg2_measure_secure_boot_variable()
Don't duplicate GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
02fef8b101 efi_loader: simplify efi_sigstore_parse_sigdb()
Simplify efi_sigstore_parse_sigdb() by using existing functions.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
e618d1d285 efi_loader: function to get GUID for variable name
In multiple places we need the default GUID matching a variable name.
The patch provides a library function. For secure boot related variables
like 'PK', 'KEK', 'db' a lookup table is used. For all other variable
names EFI_GLOBAL_VARIABLE is returned.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
Heinrich Schuchardt
d47671c631 efi_loader: treat UEFI variable name as const
UEFI variable names are typically constants and hence should be defined as
const. Unfortunately some of our API functions do not define the parameters
for UEFI variable names as const. This requires unnecessary conversions.

Adjust parameters of several internal functions to tre UEFI variable names
as const.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
AKASHI Takahiro
7a6fb28c8e efi_loader: capsule: add back efi_get_public_key_data()
The commit 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
.rodata"") failed to revert the removal of efi_get_public_key_data().

Add back this function and move it under lib/efi_loader so that other
platforms can utilize it. It is now declared as a weak function so that
it can be replaced with a platform-specific implementation.

Fixes: 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
	.rodata"")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Masahisa Kojima
f86352eb82 efi_loader: add missing const qualifier
This commit fixes the following compilation warning
of boottime->install_configuration_table() function.

lib/efi_selftest/efi_selftest_tcg2.c:475:46:
warning: passing argument 1 of ‘boottime->install_configuration_table’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  ret = boottime->install_configuration_table(&smbios_guid, dmi);

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Heinrich Schuchardt
db61e70e0d efi_loader: efi_dp_from_lo() should skip VenMedia node
The 'efidebug boot dump' command should not display the VenMedia() device
path node preceding the device path of the initial ram disk.

By letting efi_dp_from_lo() skip the VenMedia() device path node we can
simplify the coding.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
9ad37fe405 efi_loader: avoid multiple local copies of lf2_initrd_guid
Create the GUID as a global variable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
05345425ca efi_loader: efi_dp_from_lo() unused parameter size
Parameter size is never used in function efi_dp_from_lo(). Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
0421735dd8 efi_loader: efi_dp_from_lo() don't copy GUID
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Ilias Apalodimas
ebdea88d57 efi_loader: Fix loaded image alignment
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).

So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.

[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
fa00b6fc3f efi_loader: don't load Shim's MOK database from file
When using a file to store UEFI variables we must make sure that secure
boot related variables are not loaded from this file. With commit
9ef82e2947 ("efi_loader: don't load signature database from file")
this has already been implemented for variables defined in the UEFI
specification. As most Linux distributions use Shim we should do the same
for Shim's MOK database.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-21 03:46:04 +02:00
Simon Glass
c779e0d923 efi_loader: Drop code that doesn't work with driver model
This code should never have been added as it builds a new feature on top
of legacy code. This has already been improved with the dependency on BLK.

Add a dependency on DM_ETH also, to avoid needing to deal with this old
code.

Boards which want EFI_LOADER should migrate to driver model first.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Mark Kettenis
79f9defeba efi_loader: GOP: Fix 30bpp block transfer support
Convert pixel values when necessary like we do for 16bpp
framebuffers.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-09 18:50:31 +02:00
Mark Kettenis
01fcf0eea6 efi_loader: GOP: Add 30bpp support
Provide correct framebuffer information for 30bpp modes.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
2021-10-09 18:46:13 +02:00
Simon Glass
1eccbb16a2 efi: Correct dependency on FIT_SIGNATURE
At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.

This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.

It might be better to avoid using 'select' in this situation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:27 -04:00
Tom Rini
e908d20fcb Prepare v2021.10-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFRyIMACgkQFHw5/5Y0
 tyz1jgv/aTtHWVcGiw+nvvnnlgdrY4h9yVP5AfBLhOR7ogYOw2B9xHmdh+9oCas9
 Rt45AC4nFvUszxCPJqg36kjljTKRVapemHqhCbgGGeb9GYMkNb1zjk79WnuqgeJy
 ydBUCh1NQI5pOvrpDv7kWRx1IyDi/gUgQO3RBdufbunNmn4Zj4jlw5RmMTgDACRC
 cvTr39gVQq1LOzL2W7+XkSfiEejtGERNs32Nt+jzyAm5a2PkngULUnPW6WsHu+qy
 5YJTR50TK55QgPIdoiqY14BUDpqEbHlNKsE7p6hHkDf6XSS7gLHYW2tVVt2Z8ocg
 9cW35Qotov7MeiSClc3SIEPiIefwh2oTVf0uYoP+uvlRAComvcIzphq68NIQe6Av
 es+ZJI1Qx5ERvDQMMW3xOHTlcBGgpqA0Y/QVr62rE8bEzK/1gvTiP+hVVqzUrnHJ
 f3ZAVt16clIfXKAxGsW4Am05iMmT+rtcS5IrUMuEzmkb0KK58YXsOVmsKHLX9aI1
 T74ewXfu
 =y67Q
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc5' into next

Prepare v2021.10-rc5
2021-09-27 09:45:36 -04:00
Ruchika Gupta
346cee3ac5 efi_loader: Fix spec ID event creation
TCG EFI Protocol Specification defines the number_of_algorithms
field in spec ID event to be equal to the number of active
algorithms supported by the TPM device. In current implementation,
this field is populated with the count of all algorithms supported
by the TPM which leads to incorrect spec ID event creation.

Similarly, the algorithm array in spec ID event should be a variable
length array with length being equal to the number_of_algorithms field.
In current implementation this is defined as a fixed length array
which has been fixed.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
CC: Masahisa Kojima <masahisa.kojima@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-25 12:31:08 +02:00
Simon Glass
47a25e81d3 Revert "efi_capsule: Move signature from DTB to .rodata"
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.

Revert it before too many other things are built on top of it.

This reverts commit ddf67daac3.
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-18 03:47:50 -06:00
Pali Rohár
bdfb6d70bb version: Move version_string[] from version.h to version_string.h
More C files do not use compile time timestamp macros and do not have to be
recompiled every time when SOURCE_DATE_EPOCH changes.

This patch moves version_string[] from version.h to version_string.h and
updates other C files which only needs version_string[] string to include
version_string.h instead of version.h. After applying this patch these
files are not recompiled every time when SOURCE_DATE_EPOCH changes.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Pali Rohár
fa9c5da702 efi_loader: Use directly version_string variable
Macro U_BOOT_VERSION_STRING is already stored in variable version_string.
So use directly this variable instead of storing U_BOOT_VERSION_STRING into
temporary variable.

Signed-off-by: Pali Rohár <pali@kernel.org>
[trini: This area was reworked since posted, what is here is now really
        inspired by the previous version, so drop Ilias' Acked-by]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Tom Rini
6674edaabf Prepare v2021.10-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFBKRgACgkQFHw5/5Y0
 tyw/PwwAtGB3rBeYW4rjWuMC5WP1UDTnvZIAok5ImWumWDahjDm8Yq2VCzAe9adw
 EYBjuNmaNl9aQvGVqlVJeIcLku5MLuLQu2za8vhc1R8X9VTPPY+LLTcdOokOmB8y
 8JiaE7fJsb1bZeV+diF9tss3B0IkUrwSJtW1d+qfdz/4UiRvwK5BhnZgzIobDldO
 g1Ldz/xiR2GOAXlUMwDrNAi6qNvmeAqRsQxySVrjltAV2ST7LJnOiHuWvJX6g6VS
 l796Hleh/kULfEW6n+1ZaTNqvVRcJ8xYSOG8w8y9u6HuPBA3JrYH1p1Eo5n7PPDv
 US71Iy/ncweTyfTMEBThWLqjHOQ05sVkWX/r4fj2iJRli+Og53lE1fVJ4ajIx7vz
 Tc76wI43i0I5lr2yTErjUG6EzDDoueqd+c8BwxihNLUK/+QG31xoCEMfC80C25ro
 QhYVFgiPWN0ySUD5M5tbGXODvfNNIDKXpY5oSOTVtemZtDEMpO2zBM1s/K3RV7Ud
 Je9Pj0Cu
 =Me42
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc4' into next

Prepare v2021.10-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>

# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	board/Arcturus/ucp1020/spl.c
#	cmd/mvebu/Kconfig
#	common/Kconfig.boot
#	common/image-fit.c
#	configs/UCP1020_defconfig
#	configs/sifive_unmatched_defconfig
#	drivers/pci/Kconfig
#	include/configs/UCP1020.h
#	include/configs/sifive-unmatched.h
#	lib/Makefile
#	scripts/config_whitelist.txt
2021-09-16 10:29:40 -04:00
Tom Rini
56a85b831f Pull request for efi-2021-10-rc4-2
Documentation:
 
 * improve documentation of U-Boot for /config DT node
 * integrate bloblist documentation
 
 UEFI:
 
 * correct usage of EFI_CALL()
 * code tidy up
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmE8coEACgkQxIHbvCwF
 GsSB4Q//VpVKE5/xKiDFkdFjrjgXLWv1ORuQ1glBf5Br/0SnYjTI570RKWtJRfn4
 ugW/ytZpfudi60EMOwmPEAx2nd6ERJeFewUkcsJjvRC/2gX1u49XkSHxoolqQlji
 1DaeWz3CH6LLq8d09ha1AsYWL2aFqZd8YrpICq47BmKJNitGd1puI+co2w0HpAFj
 mn2+J9ctbn3Evl0ipSzLB2MMR65Q79qyM3eJXUqli2t1BkWMsyqHtVDNVCTUKj4I
 TKOU7DNkwNcalKayzplSrMzzucQnkaQQbErhd78aYRsC2sIY2HTkhi2J7iFhN6/I
 tCZ45AD6+8UpCs1jy5xCJAJJ0nW44xmW7Q+UM61P75DJMccaUb2cKMvZKidiSu9m
 8ck5IBU8fVN9khhMxoVR54aKLK9tmJRjVX1ugrVCXoh32Dzu+Ikf9n91ACHaduU8
 s92DIrH3f9tyBQIHNLL0LGgDLB6YYTzLrmlcPC/t7n5iJUoznDdQddrhS4/9qx+l
 fpyyGLo8Vk/krvyNrYpiamRi2kGKV0CAWvig1YGjeDT6baC4NsEYjgL6JKKN6QPi
 xeENZ+yJJMvY5DXdaoERRMJutfuep64XkLx8mqYSNCIcLIjOpGrV7rk0O6qU5Ww+
 +9kLQq1ygWeDR0t6BWHlX5nEImvqc1+vDPb8IMt9r6aIZ/ED9/U=
 =hPaX
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc4-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc4-2

Documentation:

* improve documentation of U-Boot for /config DT node
* integrate bloblist documentation

UEFI:

* correct usage of EFI_CALL()
* code tidy up
2021-09-12 20:33:21 -04:00
Heinrich Schuchardt
aec7c0925c efi_loader: simplify efi_watchdog_timer_notify()
We can call do_reset() directly without invoking the UEFI API.
This decreases the code size.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Ilias Apalodimas
0bf538ce0c efi_loader: Remove incorrect calls of EFI_CALL in TCG2
There is two unneeded EFI_CALL references in tcg2_measure_pe_image().
The first one in efi_search_protocol() and the second on in the device path
calculation.  The second isn't even a function we should be calling, but a
pointer assignment, which happens to work with the existing macro.

While at it switch the malloc call to a calloc, remove the unnecessary cast
and get rid of an unneeded if statement before copying the device path

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Heinrich Schuchardt
6919619f9c efi_loader: require CONFIG_BLK
The move to driver model should by now be completed. To be able to remove
pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI
support.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Masahisa Kojima
bad49da2bc efi_loader: boot_service_capability_min should be capitalized
boot_service_capability_min is constant, it should be capitalized.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Tom Rini
465bff8b10 Kconfig: Drop duplicate 'select SHA512' instances
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting  both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice.  Kconfig doesn't complain, but this is still wrong
and should be corrected.

Fixes: e60e449931 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-09 11:11:33 -04:00
Alexandru Gagniuc
e60e449931 lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-08 16:11:46 -04:00
Masahisa Kojima
538c0f2d37 efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Masahisa Kojima
580d7242b1 efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
7219856dae efi_loader: correct determination of secure boot state
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.

* If a platform key PK is present and DeployedMode=1, we are in deployed
  mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
b191aa429e efi_loader: efi_auth_var_type for AuditMode, DeployedMode
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00