MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].
The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.
The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.
From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.
With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.
Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.
Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
CONFIG_MMC_SPI_CRC_ON needs the crc16 functions, but it was not included
in an SPL build. For non-SPL builds, crc16.o is already added
unconditionally. This also removes CONFIG_SPL_YMODEM_SUPPORT from the
sifive board configs, which is only relevant for some ARM boards and was
only set for its side effect of adding crc16.o.
With glibc 2.33 (Ubuntu package glibc6 2.33-0ubuntu9) building
sifive_unmatched_defconfig results in:
In file included from /usr/include/stdio.h:866,
from ././include/compiler.h:26,
from <command-line>:
In function ‘snprintf’,
inlined from ‘rsa_engine_get_priv_key’ at ./tools/../^:273:4:
/usr/include/riscv64-linux-gnu/bits/stdio2.h:71:10: warning:
‘%s’ directive argument is null [-Wformat-truncation=]
71 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72 | __glibc_objsize (__s), __fmt,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73 | __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~
Avoid passing a NULL string.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Older OpenSSL and libressl versions have a slightly different API.
This require #ifdefs to support. However, we still can't support it
because the ECDSA path does not compile with these older versions.
These #ifdefs are truly a vestigial appendage.
Alternatively, the ECDSA path could be updated for older libraries,
but this requires significant extra code, and #ifdefs. Those libraries
are over three years old, and there concerns whether it makes sense to
build modern software for real world use against such old libraries.
Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <trini@konsulko.com>
Documentation:
* Rename Freescale to NXP
* Document structures used for the UEFI TCG2 protocol
UEFI:
* Device paths must use EfiBootServicesData
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmEf+AgACgkQhO4vgnE3
U0skxhAAjjv6yMYLYlj2YNTtYDS2zVsnsY8i/vmWNmGYvwfrlcUC/e3J00ftBIjI
DEwImrzefvQwr4NOZgIlyxR81NwboWULxvHSF5avwctxQVoTElkSfE2Ji+nFYa23
P/L7E/Zf+NwTHBlE1wfkNJPZ/zya73DTOe+MGWvLnvOX56JZqEJOgmTtcQntRUll
9zkB76j6sCk8B3ydFZmzGqhB4aslJBypG+bQB72XXGVBZoHb9pEPv90hBl616AN/
5H8WewxTE2s6z3IfexxPAc7ssMQuW3RWw0WsJvBVviw8tSPj4SZjg5HNHAM3mz/i
EXHUqAEySP1oT6P4hVef7Xc9gC67N+dVZGAA1QcZBkAnH+BQQ2GmIWX5+3mZJflq
3eHWhMUHWc4q76MbN9QqReAo3wJ3GsBqdA1oORR5FgIPwEVl0jwQMYv6frC/vB6/
6VX8WcbAWsixjf8QeQlibfMqBO9xZI1Iue5rN6DcwMey6dZrDnXGMdk7Woj6F4ga
tERYBt+UBawTf2ww24wMXc7Hw2dZ6kj44ls2doRFKqHOpaY9Mk2QPTaVPrFkj33J
3xlH2BYdB3ALriS1jN6Qcq6xEwyaMdkj5MzVyitunaCLiAKKORwGf0chkqiRiA+k
zEET0uDBtO7beraiUJU9jeMPcVj3mYpiFR/CZBD/HWOVB/KwhGU=
=gMKg
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-10-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-10-rc3
Documentation:
* Rename Freescale to NXP
* Document structures used for the UEFI TCG2 protocol
UEFI:
* Device paths must use EfiBootServicesData
tiny-printf variant doesn't know how to handle %llu format string, but both
tiny-printf and print_size can meet in SPL when TFTP is used to obtain main
u-boot image. This is known to lead to critical boot issue at AM335x platform
when printf is catched in infinite loop.
To avoid such issues and make print_size function tiny-printf friendly, use %u
instead of %luu. Note, that the size value is guaranteed to be less than 1024
in this conditional branch, so the cast to unsigned int is safe.
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
%pM format string is used to print MAC-address and this is required while SPL
network boot.
This patch fixes the SPL boot issues like the following:
Trying to boot from USB eth
## Error: flags type check failure for "ethaddr" <= "40309614M" (type: m)
## Error inserting "ethaddr" variable, errno=1
eth0: eth_cpsw## Error: flags type check failure for "eth1addr" <=
"81f01114M" (type: m)
## Error inserting "eth1addr" variable, errno=1
, eth1: usb_ether
eth_cpsw Waiting for PHY auto negotiation to complete......... TIMEOUT !
Problem booting with BOOTP
SPL: failed to boot from all boot devices
### ERROR ### Please RESET the board ###
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Memory allocated in the implementation of the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL must be of type EfiBootServicesData.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
dp_alloc() was using a constant from the wrong enum resulting in creating
device paths in EfiReservedMemory.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Use enum efi_memory_type and enum_allocate_type in the definitions of the
efi_allocate_pages(), efi_allocate_pool().
In the external UEFI API leave the type as int as the UEFI specification
explicitely requires that enums use a 32bit type.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.
TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".
Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
U-Boot mostly uses hex for value input, largely because addresses are much
easier to understand in hex.
But in some cases a decimal value is requested, such as where the value is
small or hex does not make sense in the context. In these cases it is
sometimes useful to be able to provide a hex value in any case, if only to
resolve any ambiguity.
Add this functionality, for increased flexibility.
Signed-off-by: Simon Glass <sjg@chromium.org>
The code to convert a character into a digit is repeated twice in this
file. Factor it out into a separate function. This also makes the code a
little easier to read.
Signed-off-by: Simon Glass <sjg@chromium.org>
If we see 0x then we can assume this is the start of a hex value. It
does not seem necessary to check for a hex digit after that since it will
happen when parsing the value anyway.
Drop this check to simplify the code and reduce size. Add a few more test
cases for when a 0x prefix is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
CONFIG_HEXDUMP is needed to display UEFI variables using 'printenv -e'.
Enabling CONFIG_SPL_HEXDUMP only makes sense for debugging purposes.
Hence CONFIG_SPL_HEXDUMP should not be enabled by default.
The following boards currently have CONFIG_SPL_HEXDUMP=y. This includes
boards that don't use SPL at all.
axm_defconfig
imx8mm-cl-iot-gate_defconfig
imx8mm_venice_defconfig
imxrt1020-evk_defconfig
imxrt1050-evk_defconfig
kontron_sl28_defconfig
kp_imx53_defconfig
lx2160ardb_tfa_stmm_defconfig
mt7622_rfb_defconfig
octeon_ebb7304_defconfig
octeon_nic23_defconfig
qemu_arm64_defconfig
qemu_arm_defconfig
qemu-riscv32_defconfig
qemu-riscv32_smode_defconfig
qemu-riscv64_defconfig
qemu-riscv64_smode_defconfig
qemu-x86_64_defconfig
qemu-x86_defconfig
sandbox64_defconfig
sandbox_defconfig
stm32mp15_basic_defconfig
stm32mp15_trusted_defconfig
synquacer_developerbox_defconfig
taurus_defconfig
xilinx_versal_virt_defconfig
The patch only keeps it enabled on
sandbox_spl_defconfig
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This patch adds the possibility to pass the PIN the OpenSSL Engine
used during signing via the environment variable MKIMAGE_SIGN_PIN.
This follows the approach used during kernel module
signing ("KBUILD_SIGN_PIN") or UBIFS image
signing ("MKIMAGE_SIGN_PIN").
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
*sig_size isn't set until later so use the correct variables.
Signed-off-by: Donald Chan <hoiho@lab126.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rather than looking at two KConfig options in the Makefile, create a new
Kconfig option for compiling lib/charset.c
Enable it for UFS also, which needs this support.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add simple_strtoll function for converting a string containing digits
into a long long int value.
Signed-off-by: Roland Gaudig <roland.gaudig@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a bus driver for this and use it to configure the bus parameters for
the Ethernet interface. Drop the old pre-driver-model code.
Switch over to use driver model for Ethernet.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
In the commit c982874e93 ("efi_loader: refactor
efi_setup_loaded_image()"), setjmp-related definitions were moved to
efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer
refererenced in efi_api.h.
This also fixes some error when efi_api.h will be included in
mkeficapsule.c.
Fixes: c982874e93 ("efi_loader: refactor efi_setup_loaded_image()")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If capsule authentication is disabled and yet a capsule file is signed,
its signature must be removed from image data to flush.
Otherwise, the firmware will be corrupted after update.
Fixes: 04be98bd6b ("efi: capsule: Add support for uefi capsule
authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_guid_capsule_root_cert_guid is never used.
Just remove it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SMBIOS tables only support 32bit addresses. If we don't have memory here
handle the error gracefully:
* on x86_64 fail to start U-Boot
* during UEFI booting ignore the missing table
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
BIOS Release Date must be in format mm/dd/yyyy and must be release date.
U-Boot currently sets BIOS Release Date from U_BOOT_DMI_DATE macro which is
generated from current build timestamp.
Fix this issue by setting U_BOOT_DMI_DATE macro to U-Boot version which is
better approximation of U-Boot release date than current build timestamp.
Current U-Boot versioning is in format yyyy.mm so as a day choose 01.
Some operating systems are using BIOS Release Date for detecting when was
SMBIOS table filled or if it could support some feature (e.g. BIOS from
1990 cannot support features invented in 2000). So this change also ensures
that recompiling U-Boot from same sources but in different year does not
change behavior of some operating systems.
Macro U_BOOT_DMI_DATE is not used in other file than lib/smbios.c
so remove it from global autogenerated files and also from Makefile.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In order to prevent using the global errno, replace it with a static
version and create a wrapper function which returns the error value.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Add the basic functionality required to support the standard crypt
format.
The files crypt-sha256.c and crypt-sha512.c originate from libxcrypt and
their formatting is therefor retained.
The integration is done via a crypt_compare() function in crypt.c.
```
libxcrypt $ git describe --long --always --all
tags/v4.4.17-0-g6b110bc
```
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
The capsule signature is now part of our DTB. This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata. This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
TCG PC Client PFP spec says "The Log Area Minimum Length
for the TCG event log MUST be at least 64KB." in ACPI chapter.
This commit increase the buffer size to 64KB.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use %pD to log device-path instead of using efi_dp_str() and
efi_free_pool() locally in find_boot_device().
This is a cleanup patch, no feature update nor fix.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Previously, the GPT device GUID was being used instead of the partition,
which was incorrect.
Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>
Let EFI_LOADER select CONFIG_PARTITION_UUIDS.
Use log_warning() instead of printf() for warning.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.
Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
There's currently no user of %p[iI]6, so including ip6_addr_string()
in the image is a waste of bytes. It's easy enough to have the
compiler elide it without removing the code completely.
The closest I can find to anybody "handling" ipv6 in U-Boot currently
is in efi_net.c which does
if (ipv6) {
ret = EFI_UNSUPPORTED;
As indicated in the comment, it can easily be put back, but preferably
under a config knob.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
U-Boot doesn't support %pS/%pF or any other kind of kallsyms-like
lookups. Remove the comment.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
This saves some code, both in terms of #LOC and .text size, and it is
also the normal convention that foo(...) is implemented in terms of
vfoo().
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
In tpm_sendrecv_command() the command buffer is passed in. If a mistake is
somehow made in setting this up, the size could be out of range. Add a
sanity check for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331152)
Function rtc_to_tm() is needed for FAT file system support even if we don't
have a real time clock. So move it from drivers/ to lib/.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Fix find_boot_device() to set bootdev_root if it finds the
bootdev from BootNext. Currently it sets the bootdev_root only
when it finds bootdev from BootOrder.
Fixes: c74cd8bd08 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Accked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If multiple capsules are applied, the FMP drivers for the individual
capsules can expect the value of CapsuleLast to be accurate. Hence
CapsuleLast must be updated after each capsule.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* Use log category LOGC_EFI. This allows to remove 'EFI:' prefixes in
messages.
* Rephrase some of the messages.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When reading a directory using EFI_FILE_PROTOCOL.Read() provide file
attributes and timestamps.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Although U-Boot supports capsule update on-disk, it's lack of support for
SetVariable at runtime prevents applications like fwupd from using it.
In order to perform the capsule update on-disk the spec says that the OS
must copy the capsule to the \EFI\UpdateCapsule directory and set a bit in
the OsIndications variable. The firmware then checks for the
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED bit in OsIndications
variable, which is set by the submitter to trigger processing of the
capsule on the next reboot.
Let's add a config option which ignores the bit and just relies on the
capsule being present. Since U-Boot deletes the capsule while processing
it, we won't end up applying it multiple times.
Note that this is allowed for all capsules. In the future, once
authenticated capsules are fully supported, we can limit the functionality
to those only.
Signed-off-by: apalos <ilias.apalodimas@linaro.org>
Reword Kconfig description.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
After each reboot we must clear flag
EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED in variable
OsIndications.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Improve efi_query_variable_info() to check the parameter settings and
return correct error code according to the UEFI Specification 2.9,
and the Self Certification Test (SCT) II Case Specification, June
2017, chapter 4.1.4 QueryVariableInfo().
Reported-by: Kazuhiko Sakamoto <sakamoto.kazuhiko@socionext.com>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
After if we should use parentheses to keep the code readable.
Fixes: a95f4c8859 ("efi_loader: NULL dereference in EFI console")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We only install FMPs if a CapsuleUpdate is requested. Since we now have an
ESRT table which relies on FMPs to build the required information, it
makes more sense to unconditionally install them. This will allow userspace
applications (e.g fwupd) to make use of the ERST and provide us with files
we can use to run CapsuleUpdate on-disk
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Chapter 23 of the EFI spec (rev 2.9) says:
"A specific updatable hardware firmware store must be represented by
exactly one FMP instance".
This is not the case for us, since both of our FMP protocols can be
installed at the same time because they are controlled by a single
'dfu_alt_info' env variable.
So make the config options depend on each other and allow the user to
install one of them at any given time. If we fix the meta-data provided
by the 'dfu_alt_info' in the future, to hint about the capsule type
(fit or raw) we can revise this and enable both FMPs to be installed, as
long as they target different firmware hardware stores
Note that we are not using a Kconfig 'choice' on purpose, since we
want to allow both of those to be installed and tested in sandbox
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When running the efidebug capsule disk-update command, the efi_fmp_raw
protocol installation fails with 2 (EFI_INVALID_PARAMETER) as below.
This is because the code passes efi_root instead of the handle local var.
=> efidebug capsule disk-update
EFI: Call: efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbaf5988)
EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
EFI: Entry efi_install_protocol_interface(00000000fbaf5988, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6ee8)
EFI: new handle 00000000fbb37520
EFI: Exit: efi_install_protocol_interface: 0
EFI: 0 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
EFI: Exit: efi_install_multiple_protocol_interfaces: 0
EFI: 0 returned by efi_install_multiple_protocol_interfaces( &handle, &efi_guid_firmware_management_protocol, &efi_fmp_fit, NULL)
EFI: Call: efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
EFI: Entry efi_install_multiple_protocol_interfaces(00000000fbfec648)
EFI: Call: efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
EFI: Entry efi_install_protocol_interface(00000000fbfec648, 86c77a67-0b97-4633-a187-49104d0685c7, 0, 00000000fbfa6f18)
EFI: handle 00000000fbaf8520
EFI: Exit: efi_install_protocol_interface: 2
EFI: 2 returned by efi_install_protocol_interface( handle, protocol, EFI_NATIVE_INTERFACE, protocol_interface)
EFI: Exit: efi_install_multiple_protocol_interfaces: 2
EFI: 2 returned by efi_install_multiple_protocol_interfaces( &efi_root, &efi_guid_firmware_management_protocol, &efi_fmp_raw, NULL)
Command failed, result=1
To fix this issue, pass the handle local var which is set NULL right
before installing efi_fmp_raw as same as the installing efi_fmp_fit.
(In both cases, the local reference to the handle will be just discarded)
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Documentation:
* man-page for askenv
bug fixes
* correct display of BootOrder in efidebug command
* do not allow TPL_HIGH_LEVEL for CreateEvent(Ex)
* correct handling of unknown properties in SMBIOS tables
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmDaDcEACgkQxIHbvCwF
GsTjZQ//elKP0sKZYEMePzOZKZfzD0MnjnzTwsWALqA9h8kv1sAvQLtf5ZDXWIci
bo4PNhgRD+FHQuprdoLUrQ2+fSNKTUZugmz8lW1Yudiyh+W4oyjYfINRx+gLTH8L
h5W8w5QkV0R+3Ti8U42YYj+SqsUs0htGW5b2k55kZhH0uUFB63GG2ic0KkHr9cHl
QQ3Y3tnW+PMxNaer5Q6q3DQjnPTnTO6vfwD9VAoesTd4aunlaPEvK7xAObJzxjpQ
ySrj0+Yw4S+y0+02eZRnHXgAIZgI73aN2LiiSuT+FrgGN6JPmVlT6ey3LqLCxPDP
VcEF8S25ULoIu7G7ZgIzzVgbvDjWU9WZNduPU3onVfqT2RaSsRPZoVdyGty+EKRi
At40vUsAjC3TkttuhDZhfOOoM3ot9vEeeTIQ5Po7bnwwJyMT+PfUTi7PJT/vkfqy
iN3KHCi0vuzxS/TbpV9ivrFnMdBP6g6v602VgeMeUTEvHFO9xAA3rHYqFQT7qNxH
4IrRAma6t0R//oeQ5DKD3iqFdkoireHkobEJh0o3hRK7nDAenZiRmvec+o/iogKV
YO+lZMboz5igAITBlJI5QoifGDs9B1DwoKxUe9dW61jA1CE7qqGg9Qvo251DZ8Ce
6f8RLkglAkJUbgotyq/YGRRfad28KISEMewj8ATxbQWRCK2vSNQ=
=ZMB2
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-07-rc5-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-07-rc5-2
Documentation:
* man-page for askenv
bug fixes
* correct display of BootOrder in efidebug command
* do not allow TPL_HIGH_LEVEL for CreateEvent(Ex)
* correct handling of unknown properties in SMBIOS tables
If both POSITION_INDEPENDENT and SYS_RELOC_GD_ENV_ADDR are enabled,
wherever original env is placed anywhere, it should be relocated to
the right address.
Relocation offset gd->reloc_off is calculated with SYS_TEXT_BASE in
setup_reloc() and env address gd->env_addr is relocated by the offset in
initr_reloc_global_data().
gd->env_addr
= (orig env) + gd->reloc_off
= (orig env) + (gd->relocaddr - SYS_TEXT_BASE)
However, SYS_TEXT_BASE isn't always runtime base address when
POSITION_INDEPENDENT is enabled. So the relocated env_addr might point to
wrong address. For example, if SYS_TEXT_BASE is zero, gd->env_addr is
out of memory location and memory exception will occur.
There is a difference between linked address such as SYS_TEXT_BASE and
runtime base address. In _main, the difference is calculated as
"run-vs-link" offset. The env_addr should also be added to the offset
to fix the address.
gd->env_addr
= (orig env) + ("run-vs-link" offset) + gd->reloc_off
= (orig env) + (SYS_TEXT_BASE - _start) + (gd->relocaddr - SYS_TEXT_BASE)
= (orig env) + (gd->relocaddr - _start)
Cc: Marek Vasut <marex@denx.de>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Marek Vasut <marex@denx.de>
Tested-by: Marek Vasut <marex@denx.de>
Commit e4f8e543f1a9("smbios: Drop the unused Kconfig options")
break SMBIOS tables. The reason is that the patch drops the Kconfig
options *after* removing the code using them, but that changes the semantics
of the code completely. Prior to the change a non NULL value was used in
the 'product' and 'manufacturer ' fields.
Chapter 6.2 of the DMTF spec requires Manufacturer and Product Name to be
non-null on some of the tables. So let's add sane defaults for Type1/2/3.
* Before the patchset:
<snip>
Handle 0x0002, DMI type 2, 14 bytes
Base Board Information
Manufacturer: Not Specified
Product Name: Not Specified
Version: Not Specified
Serial Number: Not Specified
Asset Tag: Not Specified
Features:
Board is a hosting board
Location In Chassis: Not Specified
Chassis Handle: 0x0000
Type: Motherboard
Invalid entry length (0). DMI table is broken! Stop.
* After the patchset:
<snip>
Handle 0x0005, DMI type 32, 11 bytes
System Boot Information
Status: No errors detected
Handle 0x0006, DMI type 127, 4 bytes
End Of Table
Fixes: e4f8e543f1 ("smbios: Drop the unused Kconfig options")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We currently define the EFI support of an SMBIOS table as the third bit of
"BIOS Characteristics Extension Byte 1". The latest DMTF spec defines it
on "BIOS Characteristics Extension Byte 2".
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Remove superfluous assignment.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to chapter 7.1 "Event, Timer, and Task Priority Services"
TPL_HIGH_LEVEL should not be exposed to applications and drivers.
According to the discussion with EDK II contributors this implies that
CreateEvent() shall not allow to create events with TPL_HIGH_LEVEL.
Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Copy the best rational approximation calculation routines from Linux.
Typical usecase for these routines is to calculate the M/N divider
values for PLLs to reach a specific clock rate.
This is based on linux kernel commit:
"lib/math/rational.c: fix possible incorrect result from rational
fractions helper"
(sha1: 323dd2c3ed0641f49e89b4e420f9eef5d3d5a881)
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
Brackets '[' need to be escaped to avoid a build warning
lib/efi_loader/efi_image_loader.c:223:
WARNING: Inline strong start-string without end-string.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
If we want to address partition 15 of virtio block device 11, we have to
write:
virtio b:f
When calling sprintf() we must use %x for the device and partition numbers.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
At present print_buffer() outputs a hex dump but it is not possible to
place this dump in a string. Refactor it into a top-level function which
does the printing and a utility function that dumps a line into a string.
This makes the code more generally useful.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present print_hex_dump() only supports either 16- or 32-byte lines.
With U-Boot we want to support any line length up to a maximum of 64.
Update the function to support this, with 0 defaulting to 16, as with
print_buffer().
Signed-off-by: Simon Glass <sjg@chromium.org>
The current implementation outputs an address as a pointer. Update the
code to use an address instead, respecting the 32/64 nature of the CPU.
Add some initial tests copied from print_test_display_buffer(), just the
ones that can pass with the current implementation.
Note that for this case print_hex_dump() and print_bufffer() produce the
same result. For now the tests are duplicated sine we have separate
functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move the comments to the header file so people can find the function info
without digging in the implementation. Fix up the code style and add an
enum for the first arg.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present with print_buffer() U-Boot shows four spaces between the hex
and ASCII data. Two seems enough and matches print_hex_dump(). Change it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new function lmb_is_reserved_flags to check if
an address is reserved with a specific flags.
This function can be used to check if an address was
reserved with no-map flags with:
lmb_is_reserved_flags(lmb, addr, LMB_NOMAP);
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add "flags" in lmb_property to save the "no-map" property of
reserved region and a new function lmb_reserve_flags() to check
this flag.
The default allocation use flags = LMB_NONE.
The adjacent reserved memory region are merged only when they have
the same flags value.
This patch is partially based on flags support done in Linux kernel
mm/memblock .c (previously lmb.c); it is why LMB_NOMAP = 0x4, it is
aligned with MEMBLOCK_NOMAP value.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If a chunk was larger than 4GiB, then chunk_data_sz would overflow and
blkcnt would not be calculated correctly. Upgrade it to a u64 and cast
its multiplicands as well. Also fix bytes_written while we're at it.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The hash_calculate() symbol is provided by hash-checksum.c. It depends
on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y.
The issue is that hash_calculate() is used by the efi_loader,
irregardless of CONFIG_FIT_SIGNATURE. As pointed out in
commit 87316da05f ("lib: introduce HASH_CALCULATE option"),
enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect.
To resolve this, use CONFIG_HASH as the compile switch for
hash-checksum.c. This ensures that all dependencies are compiled, and
is the most natural Kconfig to use.
There is the issue of having to 'select HASH' in a couple of places
that already 'select SHA256'. This is a deeper problem with how hashes
are organized, and fixing it is beyonf the scope of this change.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.
The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:
It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.
It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.
This reverts commit 87316da05f.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Coverity reported 3 warnings on the current code.
CID 331856, 331855, 331854 on the latest scan.
Fix the rest of the warnings by initializing the variables before
passing them to tpm2_get_pcr_info().
In order to avoid future warnings and errors initialize them to 0 within
the function as well, since the values are always OR'ed after querying the
hardware.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>