Commit graph

67844 commits

Author SHA1 Message Date
Tom Rini
c0192950df Merge branch '2020-08-14-assorted-updates'
- Xen guest and some paravirt driver support.
- Aspeed SoC updates
- Broadcom IPROC PCIe RC driver
2020-08-14 15:48:56 -04:00
Michal Simek
698383fe8e cmd: demo: Remove duplicated help message for list subcommand
There is no need to show demo list description twice when help demo is
performed. The patch removes duplicated entry.

Current state:
=> help demo
demo - Driver model (dm) demo operations

Usage:
demo list                     List available demo devices
demo hello <num> [<char>]     Say hello
demo light [<num>]            Set or get the lights
demo status <num>             Get demo device status
demo list                     List available demo devices

Fixes: a02af4aeec ("dm: demo: Add a simple GPIO demonstration")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
8071348de4 doc: xen: Add Xen guest ARM64 board documentation
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
d17f6698b8 board: xen: De-initialize before jumping to Linux
Free resources used by Xen board before jumping to Linux kernel.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
53d725c74e xen: pvblock: Print found devices indices
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
3a739cc6c9 xen: pvblock: Implement front-back protocol and do IO
Implement Xen para-virtual frontend to backend communication
and actually read/write disk data.

This is based on mini-os implementation of the para-virtual block
frontend driver.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
17c96f8851 xen: pvblock: Read XenStore configuration and initialize
Read essential virtual block device configuration data from XenStore,
initialize front ring and event channel.
Update block device description with actual block size.

Use code for XenStore from mini-os.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
a99931319e xen: pvblock: Enumerate virtual block devices
Enumerate Xen virtual block devices found in XenStore and
instantiate pvblock devices.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 15:18:30 -04:00
Anastasiia Lukianenko
722bc5b5d9 xen: pvblock: Add initial support for para-virtualized block driver
Add initial infrastructure for Xen para-virtualized block device.
This includes compile-time configuration and the skeleton for
the future driver implementation.
Add new class UCLASS_PVBLOCK which is going to be a parent for
virtual block devices.
Add new interface type IF_TYPE_PVBLOCK.

Implement basic driver setup by reading XenStore configuration.

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
c850674ff7 xen: Port Xen grant table driver from mini-os
Make required updates to run on u-boot.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
60e49ff1f8 xen: Port Xen bus driver from mini-os
Make required updates to run on u-boot and strip test code.

Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14 15:18:30 -04:00
Andrii Anisov
e87dfb0526 lib: sscanf: add sscanf implementation
Port sscanf implementation from mini-os and introduce new
Kconfig option to enable it: CONFIG_SSCANF. Disable by default.

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
242587dca4 linux/compat.h: Add wait_event_timeout macro
Add  wait_event_timeout - sleep until a condition gets true or a
timeout elapses.

This is a stripped version of the same from Linux kernel with the
following u-boot specific modifications:
- no wait queues supported
- use u-boot timer to detect timeouts
- check for Ctrl-C pressed during wait

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
[trini: Drop atomic_read from gadget/ether.c as this has existed for a
        while and now causes problems]
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-08-14 15:18:30 -04:00
Peng Fan
384d5cfe5d serial: serial_xen: Add Xen PV serial driver
Add support for Xen para-virtualized serial driver. This
driver fully supports serial console for the virtual machine.

Please note that as the driver is initialized late, so no banner
nor memory size is visible.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
673fd82c50 xen: Port Xen event channel driver from mini-os
Make required updates to run on u-boot. Strip functionality
not needed by U-boot.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:30 -04:00
Oleksandr Andrushchenko
486544161f xen: Port Xen hypervisor related code from mini-os
Port hypervisor related code from Mini-OS. This is referencing the code
of Mini-OS from [1] by Huang Shijie and Volodymyr Babchuk which is for
ARM64.
Update essential arch code to support required bit operations, memory
barriers etc.

Copyright for the bits ported belong to at least the following authors,
please see related files for details:

Copyright (c) 2002-2003, K A Fraser
Copyright (c) 2005, Grzegorz Milos, gm281@cam.ac.uk,Intel Research Cambridge
Copyright (c) 2014, Karim Allah Ahmed <karim.allah.ahmed@gmail.com>

[1] - https://github.com/zyzii/mini-os.git

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
[trini: Drop wmb() from musb-net/linux-compat.h now]
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-08-14 15:18:30 -04:00
Andrii Anisov
770a8eef3e board: Introduce xenguest_arm64 board
Introduce a minimal Xen guest board running as a virtual
machine under Xen Project's hypervisor [1], [2].

Part of the code is ported from Xen mini-os and also uses
work initially done by different authors from NXP: please see
relevant files for their copyrights.

[1] https://xenbits.xen.org
[2] https://wiki.xenproject.org/

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 15:18:27 -04:00
Heinrich Schuchardt
a4bda5ebab riscv: load addresses for Sipeed MAIX
Define default load addresses and the device tree name for the Sipeed MAIX.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 17:22:50 +02:00
Oleksandr Andrushchenko
365d88ac7e xen: Add essential and required interface headers
Add essential and required Xen interface headers only taken from
the stable Linux kernel stable/linux-5.7.y at commit
66dfe4522160 Linux 5.7.5.

These are better suited for U-boot than the original headers
from Xen as they are the stripped versions of the same.

At the same time use public protocols from Xen RELEASE-4.13.1, at
commit 6278553325a9 update Xen version to 4.13.1
as those have more comments in them.

Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
2020-08-14 09:46:40 -04:00
Peng Fan
751897301d Kconfig: Introduce CONFIG_XEN
Introduce CONFIG_XEN to make U-Boot could be used as bootloader
for a virtual machine.

Without bootloader, we could successfully boot up android on XEN, but
we need need bootloader to support A/B, dm verify and etc.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 09:46:40 -04:00
Anastasiia Lukianenko
824ed85b77 Add MIT License
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
2c00c2e024 configs: evb-ast2500: Convert to OF_SEPARATE
Switch DTB provider form OF_EMBED to OF_SEPARATE
to avoid the compile warning message:

  ==================== WARNING ======================
  CONFIG_OF_EMBED is enabled. This option should only
  be used for debugging purposes. Please use
  CONFIG_OF_SEPARATE for boards in mainline.
  See doc/README.fdt-control for more info.
  ====================================================

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
353eedb8a0 configs: evb-ast2500: Move BOOTCOMMAND from header to defconfig
Move the BOOTCOMMAND definition from the board inclusion
header to the default configuration file.

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
98ef128b56 include/configs: aspeed: Remove hardcoded variables
The hardcoded platform variables such as DRAM base address are not
common to Aspeed SoCs AST24xx/AST25xx/AST26xx. This patch replaces
those hardcoded with macros defined in a newly added header, where
the basic SoC HW information are assigned accordingly.

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
c16f518a79 cosmetic: aspeed: ast2500: Rename board file
Rename the ast2500-board.c to board_common.c and
place the renamed file under the ast2500 folder.

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
611fe09577 aspeed: ast2500: Add lowlevel_init assembly
The original lowlevel_init function of AST2500 is written
in C. However, the C runtime environment is not ready until
_main execution.

This patch adds the assembly version of the lowlevel_init
function. Additional initialization to DRAM configuration
and LPC reset source are also added.

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Chia-Wei, Wang
aff987c457 MAINTAINERS: Add maintainers for Aspeed SoCs
Update maintainers for Aspeed SoC platforms.

Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
2020-08-14 09:46:40 -04:00
Srinath Mannam
4848704aef drivers: pcie: add Broadcom IPROC PCIe RC driver
Add support for IPROC PAXC PCIe RC driver.

Signed-off-by: Srinath Mannam <srinath.mannam@broadcom.com>
Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-14 09:43:21 -04:00
Rayagonda Kokatanur
143eb5b1ca drivers: pci: add api to get dma regions
Add api to get dma regions.

Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
2020-08-14 09:43:21 -04:00
Tom Rini
fe5c777df2 Merge https://gitlab.denx.de/u-boot/custodians/u-boot-riscv
- Fix HiFive Unleashed the broken problem by call fix_fdt() before
  reserve_fdt().  Please refer to
  https://www.mail-archive.com/u-boot@lists.denx.de/msg379444.html for
  master u-boot broken for HiFive Unleashed.
- Add unaligned exception cmd.
- Refine sifive/fu540 spl flow.
- Add  additional crash information for efi.
- Update sipeed/maix doc.
- Two minor refine.
2020-08-14 08:38:01 -04:00
AKASHI Takahiro
0274e50e05 test/py: efi_secboot: modify 'multiple signatures' test case
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-14 12:34:33 +02:00
AKASHI Takahiro
52956e535e efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 12:28:25 +02:00
Pragnesh Patel
313981c2d9 common/board_f: make sure to call fix_fdt() before reserve_fdt()
There may be a chance that board specific fix_fdt() will change the
size of FDT blob so it's safe to call reserve_fdt() after fix_fdt()
otherwise global data (gd) will overwrite with FDT blob values.

Fixes: a8492e25ac ("riscv: Expand the DT size before copy reserved memory node")

Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
2020-08-14 14:39:47 +08:00
Heinrich Schuchardt
7c6ca03eae riscv: additional crash information
If an exception occurs, the relocated program counter and return address
are required for an analysis.

With this patch you get:

    => exception undefined

    Unhandled exception: Illegal instruction
    EPC: 0000000080595908 RA: 000000008059c0c6 TVAL: 000000008030c01e
    EPC: 0000000080007908 RA: 000000008000e0c6 reloc adjusted

We can use the relocated addresses to find the involved functions in
u.boot.map:

    .text.do_undefined
                0x0000000080007908        0x8 cmd/built-in.o
    .text.cmd_process
                0x000000008000dfcc      0x11a common/built-in.o
                0x000000008000dfcc                cmd_process

If an exception occurs in an UEFI binary additionally the load addresses of
the UEFI binaries are needed. With this patch:

    => setenv efi_selftest exception
    => bootefi selftest

    Unhandled exception: Illegal instruction
    EPC: 000000008042e18a RA: 000000008042e18a TVAL: 000000008030c01e
    EPC: 000000007fea018a RA: 000000007fea018a reloc adjusted

    UEFI image [0x0000000000000000:0xffffffffffffffff] '/\selftest'
    UEFI image [0x000000008042e000:0x000000008042e43f] pc=0x18a '/bug.efi'

The value pc=0x18a matches the position of the illegal instruction in
efi_selftest_miniapp_exception.efi (loaded as /bug.efi);

    asm volatile (".word 0xffffffff\n");

    00000180   93 85 C5 11  1C 64 22 85  82 97 FF FF  FF FF 1C 64

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2020-08-14 14:39:41 +08:00
Heinrich Schuchardt
db3585d181 cmd: exception: unaligned data access on RISC-V
The command 'exception' can be used to test the handling of exceptions.

Currently the exception command only allows to create an illegal
instruction exception on RISC-V.

Provide a sub-command 'exception unaligned' to cause a misaligned load
address exception.

Adjust the online help for 'exception undefined'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Rick Chen <rick@andestech.com>
2020-08-14 14:39:34 +08:00
Heinrich Schuchardt
3a85e03f83 doc: riscv: debug UART for MAIX
Provide the required settings for the debug UART.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
2020-08-14 14:39:28 +08:00
Heinrich Schuchardt
137dc153fd doc: riscv: Update documentation for Sipeed MAIX boards
The MAIXDUINO runs fine with the sipeed_maix_bitm_defconfig but a different
board id parameter should be passed to kflash.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
2020-08-14 14:39:20 +08:00
Heinrich Schuchardt
6a43e3a167 riscv: sifive: fu540: redundant initialization
We should not initialize a variable if the value is overwritten before
being read.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2020-08-14 14:39:14 +08:00
Heinrich Schuchardt
023dba1366 riscv: remove redundant logical constraint.
After

    if (ret) return ret;

we know that ret is zero. Don't check it again.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2020-08-14 14:39:09 +08:00
Bin Meng
3581811dc2 riscv: sifive/fu540: Move SPL related functions to spl.c
It's better to keep all SPL related functions in the same spl.c.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Leo Liang <ycliang@andestech.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
Bin Meng
50856c3f0f riscv: sifive/fu540: Drop NET_RANDOM_ETHADDR
This option was enabled during the earlier U-Boot porting time. Now
we already have the OTP driver in place and the unique MAC address
is read from the OTP, there is no need to turn on this option.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Leo Liang <ycliang@andestech.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
Bin Meng
ff8e88a6d7 riscv: sifive/fu540: kconfig: Move FU540 driver related options to the SoC level
All FU540 driver related options should be in the SoC level Kconfig.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
Bin Meng
d6a01704b0 riscv: sifive/fu540: spl: Rename soc_spl_init()
spl_soc_init() seems to be a better name, as all SPL functions
names start from the spl_ prefix.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
Bin Meng
c4295ec849 riscv: sifive/fu540: spl: Drop our own version of board_init_f()
Use the generic board_init_f() provided by the RISC-V library codes.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
Bin Meng
71672b784c riscv: Call spl_board_init_f() in the generic SPL board_init_f()
The generic SPL version of board_init_f() should give a call to
board specific codes to initialize board in the SPL phase.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
2020-08-14 14:38:53 +08:00
AKASHI Takahiro
f68a6d5835 efi_loader: variable: fix secure state initialization
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.

This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.

This patch fixes the order of variable initialization and secure state
initialization.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 5f7dcf079d ("efi_loader: UEFI variable persistence")
2020-08-13 22:37:42 +02:00
AKASHI Takahiro
e1174c566a test/py: efi_secboot: add test for intermediate certificates
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
AKASHI Takahiro
57be8cdce3 test/py: efi_secboot: small rework for adding a new test
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME
under the current code base. So just remove them.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
AKASHI Takahiro
0658bb29b0 efi_loader: variable: keep temporary buffer during the authentication
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.

A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().

So the buffer should be kept valid until the authentication process
is finished.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13 22:37:36 +02:00