Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When booting via the boot manager use log function for user messages
instead of printf() and debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug() to
EFI_PRINT() in efi_image_loader.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug() to
EFI_PRINT in efi_variable.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Just for style consistency, replace all the uses of debug to
EFI_PRINT in efi_signature.c
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The simplest solution to revert the commit b32ac16f9a ("test/py: fix
test_efi_secboot/conftest.py") is to move efi_console_register()
forward before efi_disk_register().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Copy these from Linux v5.7-rc5 tag.
This brings in some handy new attributes and is otherwise important to
keep in sync.
We drop the reference to smp_read_barrier_depends() as it is not
relevant on the architectures we support at this time, based on where
it's implemented in Linux today. We drop the call to kasan_check_read()
as that is not relevant to U-Boot as well.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
This could give a confusing error message if it failed and didn't set
errno.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
- Makefile: add rule to build an endian-swapped U-Boot image
used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiQkHUH+J02LLC9InKPlOlyTyXBgFAl76U4wACgkQKPlOlyTy
XBhKeg/6Au6lPC5QLnjEO5gpuhI/eF555jRoABXUNoM8FUjkcqA207Sgd3iTH9lS
imOGHkzwipYno5pY1UoiXr7RKJgAkJfKYWRrZ46qgITrEkgQ8Xyp46xIqhoHvpuH
Qs1YeDllHeRViBt2ZP6UJsYfUIA9xnU/o9tLh4lx2SiCPWbNDns7cB0Ajazh47Cx
8UT2ZwbATaaFfN9m4Lg65O6Fe1G/cHAw5H/xsDajpVOpskHk0RZxRxzob6XLQete
sVkZdjYmH7zG+7THLkPriu2y/qlc5t2re3OeAr/5YwYJODnj3aN7iI20Sl9xMwDP
eDcSt19HMs+Ng60+yqwHxoU+AQ2BjswYHssb2vdY8OQhlRpoFke6nT+oQtCQCYhZ
At/b2O8kh9IM9alsc8xltMABLgrOhREfxC6VQg7bsCH01+qcojGX8dhVQrYsWkKQ
GrCs6SAl8zR78j8s3OGSsvTczMkTrBTglYWIYrlvA5fFhVg5Yz38S+ioTqPc4QDc
ZJ9bDDO00CY4hJC8sx4TQcsn0OmSJeN394dy6CUoxL6fEXBdRmNRLBUnmuTmPmYT
suLB9qaG+Q6cEttXjfNN1VotSG+61COUZ0uoed47cGUo8AxLMTEe62twUc0aDPNS
NMUoMwHqVbivaGUBfG16mu8bnVfaCqFyR/LLGa6J3yQSQ8qeu30=
=dnTK
-----END PGP SIGNATURE-----
Merge tag 'mips-pull-2020-06-29' of https://gitlab.denx.de/u-boot/custodians/u-boot-mips into next
- net: pcnet: cleanup and add DM support
- Makefile: add rule to build an endian-swapped U-Boot image
used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
efi_get_variable_common() does not use EFI_ENTRY(). So we should not use
EFI_EXIT() either.
Fixes: 767f6eeb01 ("efi_loader: variable: support variable authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as
UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2.
Use variable name secure_boot instead of sec_boot for the value of the
UEFI variable SecureBoot.
Avoid abbreviations in function descriptions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode.
So it should not be defined as int but as enum efi_secure_mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7ny9YACgkQxIHbvCwF
GsRTAg//bG9ixJ/ryzkPNhgedyHnJnZ1fBOVQphaJAnQDjLKhxTMsebIaBDpxkGg
yCa0RAo7Y91PeYz/2WavH1BKX4SjSXEDIyIw8cvhCwQ5hmlBEQHiw6WIUCGW2p33
iQO9XdTR8U1IqRENJk6ZtGP6hKH9V8LNY9taBt1lkk45aS8tDVPVivVn+1Z+JFbg
sY0VTaWmCFWOH+aeJprWYR7tjO6TI5KG82SNe3tu3vmfRzFN5X/2E4IOmcHL00Yy
oVGALNBEQ22TZgz7/uQTn4xH3X3a+HDW7RyHnOQUkmqxCUqfTvp54tLLVhNTTsIj
ccvS2TGaI9bKQVIzBQbOWaJRgYrlzDvlCvUwxgqg3iAWx0bzXeB0Nz8cNWTj0HOP
gNpCJeODp3XlGD4PKx6GKg9R6JMmtzcJYudPLhoy1jjwZxLALGv+Y2DRP7fzeLpA
wW6Slg8t3HEMF8JYbqYVa/V0CqB9MNX7nfHBdBu/SoMoOqzMA8TQk3Aen4jTWU1x
wYSxh7sh1KT21/cpoVRTyD+5Ao8Ti6zeDbdCcbAQTr9w210ts/wRyCWXjPbe/WCM
MWiEzuL2o6NfQdzUs1TyNs+8GohNI8X/PzFPok9+5gsbrKqKAbmWB2CQ74ufjt6k
Qg3wHBVOvYFqIvoEFoyWus6Ni4LEycrQ0kuYsHQhnNoZlUXj6wE=
=yON/
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc5' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc5
Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
This reverts commit 0486497e2b.
The strtoul has well-defined semantics. It is defined by the C standard and
POSIX. To quote the relevant section of the man pages,
> If base is zero or 16, the string may then include a "0x" prefix, and the
> number will be read in base 16; otherwise, a zero base is taken as 10
> (decimal) unless the next character is '0', in which case it is taken as
> 8 (octal).
Keeping these semantics is important for several reasons. First, it is very
surprising for standard library functions to behave differently than usual.
Every other implementation of strtoul has different semantics than the
implementation in U-Boot at the moment. Second, it can result in very
surprising results from small changes. For example, changing the string
"1f" to "20" causes the parsed value to *decrease*. Forcing use of the "0x"
prefix to specify hexidecimal numbers is a feature, not a bug. Lastly, this
is slightly less performant, since the entire number is parsed twice.
This fixes the str_simple_strtoul test failing with
test/str_ut.c:29, run_strtoul(): expect_val == val: Expected 0x44b (1099), got 0x1099ab (1087915)
test/str_ut.c:46, str_simple_strtoul(): 0 == run_strtoul(uts, str2, 0, 1099, 4): Expected 0x0 (0), got 0x1 (1)
Signed-off-by: Sean Anderson <seanga2@gmail.com>
CC: Michal Simek <michal.simek@xilinx.com>
CC: Shiril Tichkule <shirilt@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix the loop that parses FDT for a reserved memory node named "optee".
Before this change, if at least one subnode was found in the
reserved-memory node, the function endlessly looped since instruction
continue returned back in the loop without updating variable subnode.
This change fixes the issue by using a for loop.
Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
For size_t we have to use %zu for printing not %lu.
Fixes: 4540dabdca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
change to how sequence numbers are assigned to devices
minor fixes and improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl7kQ4kRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZrvAgAqc/TEj7QHPyW9rQSl8h65MXK93qRsnZo
4segKEtK0Rmv0S2VfmPCwujsDFl5gZUNt+rXD/l7F0a4Wzx4eYgYrEXOYsXs/ZHP
jjGrcbvO4Qkx3QzjMqqoUiQqeCgNQ9XIre8F+1NmZeQ2bFtPKbJXtXKYTcMI1wSW
PhRGbbsTnKNKC0dL0nLFG6+NC/sk6xRqMx28Ip38FTrQL+Uh67LZFpLkY3yuHo/1
CVhCw+7Aov0I6tDrdKrngjFqXRSoTsuOhavSFoW9U6llqDL7FIC6aoRo7x24lSJN
VFTRpXPmNHeslE6NHEOQs9elFpbxXR34te3k4p74rFuX/J/490UaYA==
=172C
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-12jun20' of git://git.denx.de/u-boot-dm into next
patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
minor fixes and improvements
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
At present fdtdec_add_reserved_memory() calls fdtdec_get_addr_size()
to get address and size for the subnodes of /reserved-memory node.
We should honor #address-cells and #size-cells properties in the
parent node.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fdtdec_get_addr_size() expects size is of type 'fdt_size_t', and
return value is of type 'fdt_addr_t'. Adjust their types accordingly.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This displays incorrect data at present due to a missing header file
in display_options. Fix it.
Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
smbios_add_string() cannot deal with empty strings. This leads to incorrect
property values and invalid tables. E.g. for the pine64-lts_defconfig
CONFIG_SMBIOS_MANUFACTURER="". Linux command dmidecode shows:
Table 1:
Manufacturer: sunxi
Product Name: sunxi
Table 3:
Invalid entry length (2). DMI table is broken! Stop.
Replace empty strings by "Unknown".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When build U-Boot SPL, meet an issue of undefined reference to
'crc7' for drivers/mmc/mmc_spi.c, so let's compile crc7.c when
CONFIG_MMC_SPI selected.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
This patch series addresses the following issues:
* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager
In a preparatory patch a structure definition is moved.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7X4dIACgkQxIHbvCwF
GsTMfxAAjYeEoHNhdxr6ZAytC653O0iIb6BQQmrkSakcAtU82PgkiUCJ+oSF09th
nBpSHZ8QW92avfnmrY3FjXj8fPU01LV4gytZwnEtgi6OaWtenOc/t3pElVVk7adW
17VbRTHY3Urb4+oM9hGI5KEmDOgRCe2LUOlOKA6b6tGiG+1mchE4gIgNGh3LDbbM
bAojulCliDoKyIUHMSwrpqX7U5OQF89qhd4AhkmlnYe0OqZueEMS3pDwsHICuP2i
j5SPqHF5r8Nm8Mf+bDLcRDK7xKQAkqGzqP8KwqVN1o7++4MbnlI/zL94vBrbbye9
av7OucMyKL44+BnOpB1dm/Zp8rJpJhOdbr0MHzZCk9foPQrWoLXRGx0dJLWNJvGd
Sb67YXBl8DP//uZCq4zdj/j9wuWE31ZbSRA7SM4ioODQYpRu3RdrQJltQcwIbcwK
M0L0JDXDNdnNPBA3Fwe3QxpskKOaXm1C8yTgDxEnjd9qoZCbohTl/nRjntXQUZWN
Xq3rmgxilYXSyYZ+hqtp6zT0KEZAMSHi/OibYSRQRva491hZS9qhcI3nPPpR30/s
xBd1ee6WW2sZVHVrEfqkWb4w7379I9Cp08lfmk6Mk+pne4Cbn8qc/lH+fxAaKkO5
eUTxWcWWuXJmgPtdZQux7bqDWr9WC6gUQ8W2PLLv4t8l7gqk1lE=
=rbBa
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc4' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc4
This patch series addresses the following issues:
* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager
In a preparatory patch a structure definition is moved.
The global variable, efi_guid_cert_type_pkcs7, will also be used in
efi_image_loader.c in a succeeding patch so as to correctly handle
a signature type of authenticode in signed image.
Meanwhile, it is currently defined in efi_variable.c. Once some secure
storage solution for UEFI variables is introduced, efi_variable.c may
not always be compiled in.
So move the definition to efi_signature.c as a common place.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We want to follow the Linux kernel style for function descriptions.
Add missing parentheses after function names.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
In the UEFI sub-system we need to save gd when leaving to UEFI binaries and
have to restore gd when reentering U-Boot.
Define a new function set_gd() for setting gd and use it in the UEFI
sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>
For passing the optional data of the load option to the loaded imaged
protocol we need its size.
efi_deserialize_load_option() is changed to return the size of the optional
data.
As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.
Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.
Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the CONFIG_GZIP_COMPRESSED from a config.h macro to a Kconfig menu
item. It is not selectable by a user because there is no reason to do
so. Instead it will be automatically selected by the stuff which uses
gzip(), like the zip command.
Remove it from the config_whitelist.txt. Also remove
CONFIG_GZIP_COMPRESS_DEF_SZ as this was never used on any board. The
default seems to be sane, otherwise it should be added as a Kconfig
option.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
Problems fixed with these patches are:
* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7Hb8sACgkQxIHbvCwF
GsR3tA/+NknuzED4AkdVL0uRWw4kZNcSqxY+lpFUC73iWN0gLTWKFO6IXDRF4Jox
3/xWSkMuPkeAp6sjl+Gv8DD2DCkNJedXeMdeAGZzPDLfXn16wmzhjvIe5xz8cr/2
0shL5PtTWK8BR/ClSxTANoYrASGUISIpyq3Tu/dKY9PCGesfvzObmv+n06HizR+b
E2ceSqVfEBZNLkp38o/PAOdrayjJCz7oSGxBhFQx1x3LYV/G6iHWdg9Kw+KsVdmR
GBh1frun8MbC9NOqWjdnMmKi1CeHeCvvBu38lXzpVlfB0VcC2UFeuGaRh1aDKdnq
CAiV20v9JygEwcxLGIEU4r+RwoqSxkbMbB2nlLnDuFmoJCC8gEK0ctUaFFrOV9i3
xB/ynnw4zlht039fv8Qaq6OPiHbzA5qGmE93DY4p6a+iV0Mplfy6qLXw+UWpFEGG
lGBZ2NPu04qjbZdzKCDag6Uw3oEypYMe3CO8Hg7EAQBB49v10LdhtgPm2BgZaaJn
ZmYqzF0+FB1znPGmu6hrxT6IPHy+fP0cxxEma5kxXTp6CapXLHl84v4JGqNPpqmN
jPV4MtmZaBXgasL1TDUCgpuNTEVcBcl49VastpPNMNjPPE/UD+oUXHbW+Lp1u1BH
Jn5rCODNi5gah1X/vQ+yFC7Pk95RE0vqYDbdSUR2Wn1WurfbMzQ=
=o+Cy
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc3 (2)
Problems fixed with these patches are:
* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
Prior to corrective patches for virtio and SATA devices the same device
path was installed on two different handles. This is not allowable.
With this patch we will throw an error if this condition occurs for
block devices.
Update a comment for the installation of the simple file system
protocol.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide device path nodes for SATA devices.
This avoids creation of two handles with the same device path indicating
our root node.
This is what the device paths for a SATA drive with four partitions could
like:
/VenHw(..)/Sata(0x0,0xffff,0x0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(1,MBR,0x81ea591f,0x800,0x63ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(2,MBR,0x81ea591f,0x6400800,0x9ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(3,MBR,0x81ea591f,0x6e00800,0x16ef2ab0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(4,MBR,0x81ea591f,0x1dcf3800,0x1dcedab0)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.
This avoids creation of two handles with the same device path indicating
our root node.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With commit 16ad946f41 ("efi_loader: change setup sequence") the
detection of block device was moved to the start of the initialization
sequence. In the case of virtio devices two handles with the same device
path being created.
The root node handle should be created before anything else.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Fixes: 16ad946f41 ("efi_loader: change setup sequence")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Remove unnecessary debug() from efi_set_variable_common().
native_name is NULL, so there is no meaning to print it.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add weak function which is called right after fdtdec_setup() configured
the U-Boot DT. This permits board-specific adjustments to the U-Boot DT
before U-Boot starts parsing the DT. This could be used e.g. to patch in
various custom nodes or merge in DT fragments from prior-stage firmware.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.
So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.
There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.
Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
stdlib.h is the header for malloc since at least c89/c90.
There is no system malloc.h on OpenBSD and trying to use malloc.h here
falls back to the U-Boot malloc.h breaking the build of qemu_arm64.
Fixes: 336d4615f8 ("dm: core: Create a new header file for 'compat' features")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
At present the MD5 option cannot be enabled by board configs since it has
no Kconfig name. It is generally enabled, so long as FIT support is
present. But not all boards use FIT, particularly in SPL
Fix this and add an option for SPL as well. This allows board code to call
md5() even if FIT support is not enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current code uses 'u16_strlen(x) + 1) * sizeof(u16)' in various
places to calculate the number of bytes occupied by a u16 string.
Let's introduce a wrapper around this. This wrapper is used on following
patches
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The only error case is that a given UUID is in wrong format.
So just return EFI_INVALID_PARAMETER here.
Reported-by: Coverity (CID 300333)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Coverity detected:
Using "&opt->CheckSum" as an array. This might corrupt or misinterpret
adjacent memory locations.
The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.
Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL. We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_variable_parse_signature() returns NULL on error, so IS_ERR()
is an incorrect check. The goto err leads to pkcs7_free_message(),
which works fine on a NULL ptr.
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is no need to call efi_get_variable() instead of
efi_get_variable_common(). So let's use the internal function.
Move forward declarations to the top of the file.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a couple of missing targets so that helloworld and other efi targets
are not needlessly rebuilt.
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
did a cast to uint64_t of the key_prop->public_exponent field.
But that alignment is not guaranteed in all cases.
This came to light when in my spl-fit-signature the key-name exceeded
a certain length and with it the verification then started failing.
(naming it "integrity" worked fine, "integrity-uboot" failed)
key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
also just returns such a void-pointer and inside the devicetree the 64bit
exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
can lead to false reads.
So just use the already existing rsa_convert_big_endian() to do the actual
conversion from the dt's big-endian to the needed uint64 value.
Fixes: fc2f4246b4 ("rsa: Split the rsa-verify to separate the modular exponentiation")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If we want to restore variables from disk, we need to initialize block
devices before variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_set_volatile_variable() and
efi_set_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Eliminate superfluous functions efi_get_volatile_variable() and
efi_get_nonvolatile_variable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
"if (left < esl->signature_size)" is not reachable in a while loop.
But it is still valuable in case that a given signature database is
somehow corrupted. So fix the while loop condition.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The most basic printf("%i", value) formating string was missing,
add it for the sake of convenience.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6qkUQACgkQxIHbvCwF
GsRGkQ//R1VltRXNk4RrYiKbsU33biNAIWQB4IhQpm6w1SgsrPAb7yWJEg1xhJ3P
qhujDlVlW2s2Cz+sMkQOTd5/ln55IegJZ4LFlQuOhJCO22TzEenP8bkziMU7UBu8
YtbhtV5cru2DBMg8uBQCazw9Lue5WUktzHgWhiNy+yBY5g6j+vkQHjy/+BjpC6RD
7KT4qfyh+hyhss+O2lLjQYwobVwVxnCfQikWSdfMRqptC8N/lYMGNjiNk42HJssX
cWy44TNUePgCE5pES1krXmR3q7fT/ocuWW2g8QynEJIqjZSWVTmZqLgdba3pd5Di
kfleoByXLS0/HS6AgjdJNv+vwRuOot1RBXfbVYnDwb7flFThvu3xBzy55IMHa6uH
eHDt3v1W3ZSwGnxiTzdbHISH5JidBUJAq+h+S3Zy52plbkgMWplPgFptSscM6+yo
YrCTlzuj019X/Lm1JfO2X7NqhGPX9/MiMDwfvE+BGnWRhwOHNSu/S6+Iu1XUBrXN
Q/tnHJxK1FGcoq73a/5VgiSkfnEl1+YdjdAUM8+nJdUPCL5xCWX1jXNxE0vq0l4U
Y3zsjCj5lM4TnDUJvbOacMM4ltjxSMpBwmkGdleYOcKJxU8WD0YNuhUL2nnUFuDx
7MYHonEPz5s3T+IiMoNAtYr3BHKcxedHNkmpoJsaPS69zMGq7dM=
=38oT
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc2
This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.
Patches are supplied to identify EFI system partitions.
It is useful to dump ACPI tables in U-Boot to see what has been generated.
Add a command to handle this.
To allow the command to find the tables, add a position into the global
data.
Support subcommands to list and dump the tables.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Put this in the context along with the other important pointers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
We always write three basic tables to ACPI at the start. Move this into
its own function, along with acpi_fill_header(), so we can write a test
for this code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this code to a generic location so that we can test it with sandbox.
This requires adding a few new fields to acpi_ctx, so drop the local
variables used in the original code.
Also use mapmem to avoid pointer-to-address casts which don't work on
sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The current code uses an address but a pointer would result in fewer
casts. Also it repeats the alignment code in a lot of places so this would
be better done in a helper function.
Update write_acpi_tables() to make use of the new acpi_ctx structure,
adding a few helpers to clean things up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
A device may want to write out ACPI tables to describe itself to Linux.
Add a method to permit this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
=H2KE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm
Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch enables LZMA decompression support for SPL build
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c
Migrate to a simple wrapper like the other files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Add a helper function for this operation. Update the strtoul() tests to
check upper case as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SPL should not be enlarged by building with CONFIG_HEXDUMP=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The OID registry is only used by crypto functions that are not built in
SPL. So we should not build it in SPL.
Fixes: a9b45e6e83 ("lib: add oid registry utility")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The tool need to use fdtdec_get_child_count(), make it available for
HOST_CC.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
The callback member of struct env_entry is always NULL for an SPL
build. Removing it thus saves a bit of run-time memory in the
SPL (when CONFIG_SPL_ENV_SUPPORT=y) since struct env_entry is embedded
in struct env_entry_node - i.e. about 2KB for the normal case of
512+change hash table entries.
Two small fixups are needed for this, all other references to the
callback member are already under !CONFIG_SPL_BUILD: Don't initialize
.callback in set_flags() - hsearch_r doesn't use that value
anyway. And make env_callback_init() initialize ->callback to NULL for
a new entry instead of relying on an unused or deleted entry having
NULL in ->callback.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In SPL, environment callbacks are not supported, so e->callback is
always NULL. Removing this makes the SPL a little smaller (about 400
bytes in my ppc build) with no functional change.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is preparation for compiling out the "call the callback" code and
associated error handling for SPL, where ->callback is always NULL.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
In U-Boot, the reserved memory end address is considered as a inclusive
address. This notion is followed while adding a reserved memory node to
the DT.
For example:
end_address = start_address + size - 1
Follow the same notion and fix the end address computation while checking
for existing nodes.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
There is no way to select BZIP2 compression method.
Add it under library/compression config where all other
compression related configs are present.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
=+ZDZ
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6YdaMRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYLRwf8C+vKmERVLLcrMZMMiLctbY2kVflJV8zG
RjFwBcazZDPYjtHqClFZtJyIDYzgkVQRo+QPcdLxjcA+gjSXdteeRa0XTsBTXOZQ
kbs7yBkL+rCIO2WyXtuyajsmDMQtqM5vYgeBdTeYnJu7NVxwRMYrUqqAKLolNpIN
SKNYz+a8OEOG2EetbTdwwrmSpNy/cZ3wDGYK25DFTte8/vCZMRBTPiiNSrLp/RsM
xIojRcLqzARwpvPfFZ8psASKei9+5oIICUrNvwwQGtjepvZwdFQEl90SKaHw8kMf
sP9rxuqlEN5ec6xnMTUgwfnyBZgNIMSeb4KVPP1rxN2eAa5+bK1OlQ==
=gyyY
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-10apr20-take2' of git://git.denx.de/u-boot-dm
Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The DMA Remapping Reporting (DMAR) table contains information about DMA
remapping.
Add a version simple version of this table with only the minimum fields
filled out. i.e. no entries.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Each ACPI table has its own version number. Add the version numbers in a
single function so we can keep them consistent and easily see what
versions are supported.
Start a new acpi_table file in a generic directory to house this function.
We can move things over to this file from x86 as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This file is potentially useful to other architectures saddled with ACPI
so move most of its contents to a common location.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
supported by the platform firmware
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
Currently we support
* authentication based on db and dbx,
so dbx-validated image will always be rejected.
* following signature types:
EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.
Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.
It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.
Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().
Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Base autodetection is failing for this case:
if test 257 -gt 3ae; then echo first; else echo second; fi
It is because base for 3ae is recognized by _parse_integer_fixup_radix() as
10. The code detects the first char which is not between 'a'/'A' or 'f'/'F'
to change base from dec to hex.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Shiril Tichkule <shirilt@xlinx.com>
These are used in multiple places so update them to use a shared #define.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
'vendor' is both an input and an output parameter. So it cannot be
constant.
Fixes: 0bda81bfdc ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For EFI binaries we have to provide an implementation of memmove() in
efi_freestanding.c.
Before this patch the memmove() function was copying in the wrong
direction.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GetNextVariableName should report the length of the variable including the
final 0x0000 in bytes.
Check this in the unit test.
Increase the buffer size for variable names. 40 bytes is too short.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.
Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:
EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36
U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18
Provide correct length in GetNextVariable().
Fixes: d99a87f84b ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
K3 J721E:
* OSPI boot support
* Support for loading remote cores in R5 SPL
* PMIC ESM Support
* Minor fixes for R5F and C7x remoteproc drivers
K3 AM654:
* Update AVS class 0 voltages.
* Add I2C nodes
DRA7xx/AM57xx:
* Fixed Android boot on AM57xx
AM33/AM43/Davinci:
* switch to driver model for the net and mdio driver for baltos
* Add DM/DTS support for omap video driver
* Enable fastboot on am335x-evm
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function, and hence rsa_verify(), will perform RSA verification
with two essential parameters for a RSA public key in contract of
rsa_verify_with_keynode(), which requires additional three parameters
stored in FIT image.
It will be used in implementing UEFI secure boot, i.e. image authentication
and variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL
for the calculation.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>