Commit graph

2506 commits

Author SHA1 Message Date
Ilias Apalodimas
529441ca89 efi_loader: Disable devices before handing over control
U-Boot Driver Model is supposed to remove devices with either
DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting.
Our bootm command does that by explicitly calling calling
"dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any
USB devices.

The EFI equivalent is doing none of those at the moment. As a result
probing an fTPM driver now renders it unusable in Linux. During our
(*probe) callback we open a session with OP-TEE, which is supposed to
close with our (*remove) callback. Since the (*remove) is never called,
once we boot into Linux and try to probe the device again we are getting
a busy error response. Moreover all uclass (*preremove) functions won't
run.

So let's fix this by mimicking what bootm does and disconnect devices
when efi_exit_boot_services() is called.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:16 +01:00
Ilias Apalodimas
19763ea0d2 efi_loader: Sort header file ordering
Order header files according to https://www.denx.de/wiki/U-Boot/CodingStyle

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:15 +01:00
Heinrich Schuchardt
d3d6afae3c trace: conserve gd register on RISC-V
An UEFI application may change the value of the register that gd lives in.
But some of our functions like get_ticks() access this register. So we
have to set the gd register to the U-Boot value when entering a trace
point and set it back to the application value when exiting the trace
point.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-27 21:13:15 +01:00
Michal Simek
c2a2c83278 xilinx: zynq: Change types from u32 to uint32_t
Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
                 from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                  ^~~
                  __u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
 int zynq_pow_mod(u32 *keyptr, u32 *inout);
                               ^~~
                               __u32

Fixes: 37e3a36a54 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2020-10-27 08:13:33 +01:00
Heinrich Schuchardt
dcf16721c1 lib: print_freq() should output kHz not KHz
In the International System of Units (SI) the prefix kilo is abbreviated as
'k' not 'K'. 'K' is the symbol for Kelvin.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-10-22 09:54:54 -04:00
Heinrich Schuchardt
c670aeee3d common: rename getc() to getchar()
The sandbox is built with the SDL2 library with invokes the X11 library
which in turn calls getc(). But getc() in glibc is defined as

    int getc(FILE *)

This does not match our definition.

    int getc(void)

The sandbox crashes when called with parameter -l.

Rename our library symbol getc() to getchar().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-22 09:54:53 -04:00
Patrick Wildt
42f804fbba efi_loader: fix use after free in receive path
With DM enabled the ethernet code will receive a packet, call
the push method that's set by the EFI network implementation
and then free the packet.  Unfortunately the push methods only
sets a flag that the packet needs to be handled, but the code
that provides the packet to an EFI application runs after the
packet has already been freed.

To rectify this issue, adjust the push method to accept the packet
and store it in a temporary buffer.  The EFI application then gets
the data copied from that buffer.  This way the packet is cached
until is is needed.

The DM Ethernet stack tries to receive 32 packets at once, thus
we better allocate as many buffers as the stack.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-19 22:59:53 +02:00
Sean Anderson
4b2be78ab6 time: Fix get_ticks being non-monotonic
get_ticks does not always succeed. Sometimes it can be called before the
timer has been initialized. If it does, it returns a negative errno.
This causes the timer to appear non-monotonic, because the value will
become much smaller after the timer is initialized.

No users of get_ticks which I checked handle errors of this kind. Further,
functions like tick_to_time mangle the result of get_ticks, making it very
unlikely that one could check for an error without suggesting a patch such
as this one.

This patch panics if we ever get an error. There are two cases in which
this can occur. The first is if we couldn't find/probe the timer for some
reason. One reason for this is if the timer is not available so early. This
likely indicates misconfiguration. Another reason is that the timer has an
invalid/missing device tree binding. In this case, panicing is also
correct. The second case covers errors calling get_count. This can only
occur if the timer is missing a get_count function (or on RISC-V, but that
should be fixed soon).

Fixes: c8a7ba9e6a
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-14 11:16:34 -04:00
Heinrich Schuchardt
ec71cc34c1 lib: rsa: superfluous initialization in rsa_verify()
Remove initialization of ret with unused value.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:38 -04:00
Rasmus Villemoes
3f8808ebaa rsa: fix retrieving public exponent on big-endian systems
Commit fdf0819afb (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.

However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.

To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].

Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:38 -04:00
Matthieu CASTET
167fb1f8dc lib: rsa: check algo match in rsa_verify_with_keynode
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.

If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
2020-10-12 21:30:38 -04:00
Philippe Reynes
a6982a6f76 fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-10-12 21:30:37 -04:00
Heinrich Schuchardt
34ca77c1e1 lib/hashtable: remove superfluous check
We assign first_deleted = 0. There is no need to check its value without
any further assignment in between.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-12 21:30:37 -04:00
Simon Glass
26637e2e4c lib: Allow hexdump to be used in SPL
It is sometimes useful to output hex dumps in SPL. Add a config option to
allow this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-10-10 16:49:58 -04:00
Tom Rini
42378e3cd2 bloblist enhancement for alignment
Update ofnode/dev_read phandle function
 sandbox keyboard enhancements and fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQHFBAABCAAvFiEE1//at7WoVCu4umzW8Cm2NFgI+6QFAl98qrQRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQ8Cm2NFgI+6Tm5QwAnofBrQ5Y2lwJCUnaratH/J0p5aDXMu37
 SMshRdY4cQPNT1nBFf0fA8UYwTScUla48tPfMO/IxnoMwizxNRZQOH56vcm6w6ie
 73uWlOAl7paw0UGpLYnkuwGC3CoCT7wynTMy0Ap4994alq2pcTK75ra9ODLPn/Sh
 Qg4R4I1VoWbTJT4ZFYcjdMg1+B2hDPd+gVLjjGmOwazncG7aMmpYKJOcscZCuqv8
 Utg30XUxWMxclVPuzXAfREjx+Hhy0AG44ZYv3T44JaOtIAHU4Va/rzqrJRe+pR9V
 YwgjCQhAOuGRswqNJDeg5K8o64jW3vAVULG1HrOZ3gu19ZCmseAH4bNHgiy2SBMz
 CtVtapU+uXjktME2G0vX86Ip8kpxi07p1WeP83TmDFqiGnfEZxn5WH7bYc4l7KSf
 mfWhmrrY5K2ogN5iN8ahc7fGBdHziD+h/Blwn03LgTFHF8f6jxVNJlvjYiya97HN
 1LPk4NNYgPQI3mObL5szQ8FKJ69zSCFk
 =ZqpG
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-6oct20' of git://git.denx.de/u-boot-dm

bloblist enhancement for alignment
Update ofnode/dev_read phandle function
sandbox keyboard enhancements and fixes
2020-10-06 13:59:01 -04:00
Patrick Delaunay
cba487c7fc fdtdec: correct test on return of fdt_node_offset_by_phandle
The result of fdt_node_offset_by_phandle is negative for error,
so this patch corrects the check of this result in
fdtdec_parse_phandle_with_args.

This patch allows to have the same behavior with or without OF_LIVE
for the function dev_read_phandle_with_args with cell_name = NULL and
with invalid phandle.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-06 09:07:54 -06:00
Heinrich Schuchardt
4b71f6dc4e efi_loader: QEMU CONFIG_EFI_GRUB_ARM32_WORKAROUND=n
CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.

Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Sean Anderson
493a37fe86 efi: Fix typo in documentation
There is an extra space.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
eb0d1d8399 efi_selftest: avoid unnecessary reset
When we do not execute a test requiring ExitBootServices do not reset the
system after testing.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
dc374ab08f efi_selftest: print CRC32 of initrd as hexadecimal
Print the CRC32 loaded via the EFI_LOAD_FILE2_PROTOCOL as a hexadecimal
number.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
9487683821 efi_selftest: enable printing hexadecimal numbers
Add code to use %x in efi_st_print().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
e2aff337ed efi_loader: illegal free in EFI_LOAD_FILE2_PROTOCOL
strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Heinrich Schuchardt
5cd28e1760 efi_loader: description EFI_LOAD_FILE2_PROTOCOL
U-Boot offers a EFI_LOAD_FILE2_PROTOCOL which the Linux EFI stub can use to
load an initial RAM disk. Update the function comments of the
implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-10-06 07:43:56 +02:00
Tom Rini
b7e7831e5d Merge branch 'next'
Bring in the assorted changes that have been staged in the 'next' branch
prior to release.

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-10-05 14:10:59 -04:00
Heinrich Schuchardt
b59c13d42f efi_loader: installation of EFI_RNG_PROTOCOL
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.

Only install the EFI_RNG_PROTOCOL if we have a RNG device.

Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-27 16:10:45 +02:00
Simon Glass
9c6aaf1347 acpi: Use I2cSerialBusV2() instead of I2cSerialBus()
Use the correct name of the ACPI structure being created.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:26 +08:00
Simon Glass
350c7f52b9 acpi: Add more support for generating processor tables
This adds tables relating to P-States and C-States.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:18 +08:00
Simon Glass
15403289e5 acpi: Add support for generating processor tables
ACPI has a number of CPU-related tables. Add utility functions to write
out the basic packages.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:17 +08:00
Simon Glass
f37979e7b7 x86: acpi: Support generation of the DBG2 table
Add an implementation of the DBG2 (Debug Port Table 2) ACPI table.
Adjust one of the header includes to be in the correct order, before
adding more.

Note that the DBG2 table is generic but the PCI UART is x86-specific at
present since it assumes an ns16550 UART. It can be generalised later
if necessary.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:17 +08:00
Simon Glass
23dd0ea4c7 dm: acpi: Use correct GPIO polarity type in acpi_dp_add_gpio()
This function currently accepts the IRQ-polarity type. Fix it to use the
GPIO type instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:14 +08:00
Simon Glass
88490e1979 acpi: Support generating a multi-function _DSM for devices
Add a function to generate ACPI code for a _DSM method for a device.
This includes functions for starting and ending each part of the _DSM.

Signed-off-by: Simon Glass <sjg@chromium.org>
[bmeng: fix the "new blank line at EOF" git warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-09-25 11:27:14 +08:00
Simon Glass
da7cff338f acpi: Add support for conditions and return values
Add functions to support generating ACPI code for condition checks and
return values.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:14 +08:00
Simon Glass
e0a896b88f acpi: Add support for writing a _PRW
A 'Power Resource for Wake' list the resources a device depends on for
wake. Add a function to generate this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-09-25 11:27:13 +08:00
Etienne Carriere
3e15c315f9 optee: add property no-map to secure reserved memory
OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
2020-09-22 12:54:13 -06:00
Etienne Carriere
ccaa5747bd fdtdec: optionally add property no-map to created reserved memory node
Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.

Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.

No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-09-22 12:54:13 -06:00
Tom Rini
751b18b8a1 Merge branch 'master' into next
Merge in v2020.10-rc5
2020-09-21 14:25:37 -04:00
Heinrich Schuchardt
52a8481827 efi_selftest: check for RISC-V boot-hartid in FDT
On RISC-V check that the /chosen node has a boot-hartid property.

To run the test configure with CONFIG_CMD_BOOTEFI_SELFTEST=y and issue

    setenv efi_selftest device tree
    setenv serial# myserial
    bootefi selftest

If the test succeeds, it reports the boot-hartid, e.g.

    boot-hartid: 1

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Heinrich Schuchardt
18161a8a4e efi_selftest: rework device tree test
Allow specifying the node on which a property is searched.
Test the device tree consistency more rigorously.
Some efi_st_printf() calls have been converted to efi_st_error().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Maxim Uvarov
ffbeafe7e2 efi_memory: refine overlap_only_ram description
Refine text for overlap_only_ram description to
match to what exactly flag does and aling description
with other functions.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-18 22:23:58 +02:00
Marek Vasut
81d0cef3b2 lib: fdt: Fix fdtdec_setup_mem..() conversion to livetree API
Repair incorrectly negated condition in the original patch which broke
DT memory node parsing on everything which has more than one DT memory
node, e.g. R-Car3.

In case multiple valid memory nodes are present in the DT, the original
patch would complete parsing cycle for the first memory node, then move
on to the next one, identify it as a valid, and end the parsing. The fix
is to invert the condition, to make the code behave as it did before the
livetree conversion, so it would continue parsing the subsequent memory
nodes as well.

Fixes: c2f0950c33 ("lib: fdt: Convert fdtdes_setup_mem..() to livetree API")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Tested-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
2020-09-16 16:54:00 -04:00
Heinrich Schuchardt
5bf12a7859 efi_selftest: restore gd before do_reset()
Before calling do_reset() in the EFI selftest we must restore the global
data pointer.

Fixes: fa63753f86 ("efi_selftest: substitute ResetSystem() by do_reset()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Heinrich Schuchardt
d68d7f47a9 efi_loader: save global data pointer on RISC-V
On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Heinrich Schuchardt
e5a31376ac efi_loader: efi_var_mem_notify_exit_boot_services
efi_var_mem_notify_exit_boot_services() is invoked when ExitBootServices()
is called by the UEFI payload.

efi_var_mem_notify_exit_boot_services() should not be defined as
__efi_runtime as it is invoking EFI_ENTRY() and EFI_EXIT() which themselves
are not __efi_runtime.

Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Fixes: e01aed47d6 ("efi_loader: Enable run-time variable support for tee based variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-09-14 23:28:52 +02:00
Robert Reither
8479333ce7 rsa: crash in br_i32_decode() called from rsa_gen_key_prop()
Fixes problem for unaligned 32bit big-endian access in
lib/rsa/rsa-keyprop.c.

Exchanges br_i32_decode() with get_unaligned_be32().

This will keep the unaligned access for architectures capable and will do
some byte-shift magic for the not so capable ones.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-by: Robert Reither <robert.reither@external.thalesgroup.com>
Remove unused include.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-14 23:28:52 +02:00
Tom Rini
314b9b4a38 Merge branch 'remove-config-nr-dram-banks-v9-2020-08-26' of https://gitlab.denx.de/u-boot/custodians/u-boot-marvell into next 2020-09-07 14:31:00 -04:00
Heinrich Schuchardt
d2a885720b efi_selftest: simplify Makefile
CONFIG_EFI_LOADER cannot be selected for ARMv7-M CPUs. So don't check it in
the Makefile.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
578d7cc8fa efi_loader: remove duplicate image size check
The image size is checked in efi_load_pe(). Avoid checking it twice.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
0f7878b853 efi_loader: error message if image not authenticated
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.

Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
24586059d3 efi_loader: log function in image loader
Use log_err() for error messages.
Replace debug() by EFI_PRINT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-06 21:21:41 +02:00
Heinrich Schuchardt
de95930946 lib/rsa: correct check after allocation in fdt_add_bignum()
After allocating to pointer ctx we should check that pointer and not
another pointer already checked above.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-27 11:26:58 -04:00
Stefan Roese
dfaf6a5797 CONFIG_NR_DRAM_BANKS: Remove unreferenced code as its always defined
Since commit 86cf1c8285 ("configs: Migrate CONFIG_NR_DRAM_BANKS") &
commit 999a772d9f ("Kconfig: Migrate CONFIG_NR_DRAM_BANKS"),
CONFIG_NR_DRAM_BANKS is always defined with a value (4 is default).
It makes no sense to still carry code that is guarded with
"#ifndef CONFIG_NR_DRAM_BANKS" (and similar). This patch removes
all these unreferenced code paths.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-08-26 09:19:16 +02:00
Tom Rini
9f9ecd3e4d Merge https://gitlab.denx.de/u-boot/custodians/u-boot-marvell
- Add basic Marvell/Cavium OcteonTX/TX2 support (Suneel)
- Infrastructure changes to PCI uclass to support these SoC's (Suneel)
- Add PCI, MMC & watchdog driver drivers for OcteonTX/TX2 (Suneel)
- Increase CONFIG_SYS_MALLOC_F_LEN for qemu-x86 (Stefan)
2020-08-25 13:38:29 -04:00
Tom Rini
8ee3a24fdc Merge branch '2020-08-24-misc-improvements'
- Squashfs compression support
- Coverity fixes
- XEN guest updates
- Finish previous MediaTek updates
- Arm Total Compute platform support
2020-08-25 08:12:05 -04:00
Suneel Garapati
1db7ee464f fdtdec: Add API to read pci bus-range property
Add fdtdec_get_pci_bus_range to read bus-range property
values.

Signed-off-by: Suneel Garapati <sgarapati@marvell.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-25 05:41:09 +02:00
Anastasiia Lukianenko
3337b29144 xen: Code style conformity
Cleaning up the following:

ERROR: do not use assignment in if condition
#281: FILE: drivers/xen/pvblock.c:260:
+       if ((err = xenbus_switch_state(XBT_NIL, nodename,
CHECK:COMPARISON_TO_NULL: Comparison to NULL could be written "err"
#52: FILE: drivers/xen/pvblock.c:298:
+       if (err != NULL) {
ERROR: do not use assignment in if condition
#176: FILE: drivers/xen/gnttab.c:103:
+               if ((flags = nflags) & (GTF_reading | GTF_writing)) {
WARNING: Missing or malformed SPDX-License-Identifier tag in line 1
#329: FILE: include/xen/gnttab.h:1:
+/*
WARNING: Misplaced SPDX-License-Identifier tag - use line 1 instead
#330: FILE: include/xen/gnttab.h:2:
+ * SPDX-License-Identifier: GPL-2.0
ERROR: do not use assignment in if condition
#630: FILE: lib/sscanf.c:558:
+                               if ((n = inr) < width) {

Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-24 14:11:31 -04:00
Heinrich Schuchardt
15d8f008dc efi_loader: validate device path length in boot manager
Bootxxxx variables are provided by the user and therefore cannot be
trusted. We have to validate them before usage.

A device path provided by a Bootxxxx variable must have an end node within
the indicated device path length.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
5cad4a3093 efi_loader: efi_dp_check_length()
We need to check that device paths provided via UEFI variables are not
malformed.

Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
fa63753f86 efi_selftest: substitute ResetSystem() by do_reset()
If ResetSystem() is not implemented at runtime, call do_reset() after
test completion.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
c06867d7f8 efi_selftest: add a test for ResetSystem()
The unit test will reset the system by calling the ResetSystem() runtime
service before or after ExitBootServices() according to the users choice
by setting environment variable efi_selftest to:

* 'reset system' or
* 'reset system runtime'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Heinrich Schuchardt
f03a879d67 efi_loader: ResetSystem() should not hang
If ResetSystem() is not implemented at runtime, it should return instead
of hanging in an endless loop. This allows the operating system to reset
the system by other means as Linux does. It also matches what EDK II
suggests in comments for functions ResetShutdown() and ResetWarm() in
OvmfPkg/Library/ResetSystemLib/ResetSystemLib.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24 16:37:53 +02:00
Michal Simek
c2f0950c33 lib: fdt: Convert fdtdes_setup_mem..() to livetree API
Convert fdtdec_setup_mem_size_base(), get_next_memory_node(),
fdtdec_setup_memory_banksize() and fdtdec_setup_mem_size_base_lowest() to
livetree API.

Tested on ZynqMP zcu104 board.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-20 09:49:20 +02:00
Michal Simek
7fce739665 lib: fdt: Introduce fdtdec_setup_mem_size_base_lowest()
New function should be called from board dram_init() because it initialized
gd->ram_base/ram_size. It finds the lowest available memory.

On systems with multiple memory nodes finding out the first memory node by
fdtdec_setup_mem_size_base() is not enough because this memory can be above
actual U-Boot VA mapping. Currently only mapping till 39bit is supported
(Full 44bit mapping was removed by commit 7985cdf74b ("arm64: Remove
non-full-va map code")).
If DT starts with the first memory node above 39bit address then system can
be unpredictable.

The function is available only when multiple memory bank support is
enabled.

Calling fdtdec_setup_memory_banksize() from dram_init() is not possible
because fdtdec_setup_memory_banksize() is saving dram information to bd
structure which is placed on stack but not initialized at this time. Also
stack is placed at location setup in dram_init().

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-20 09:49:20 +02:00
Tom Rini
789bfb5266 Pull request for UEFI sub-system for efi-2020-10-rc3 (2)
This series includes bug fixes for:
 
 * UEFI secure boot - images with multiple signatures
 * UEFI secure boot - support for intermediate certificates
 * corrections for UEFI unit tests
 * missing loadaddr on MAIX board
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl82zyEACgkQxIHbvCwF
 GsR8GQ/9FzCCfmhu2VhVI1cUKIT2B/FhAXbADAAhmBFk1SezhnKrsWUFFUbHeD+v
 c0+QKBldIARxpD40M68FNP7QVA35iaU2+Z5jBQ7r5ZUuTuZkxeFavtHRXlSCL02R
 rmdsKTtwPTRgve3IxEFJcxc4jpvAhNH+QLveK+PA+gUGjd2UoYWoGknJ4n8oe2rG
 uDX4em8Sy1LXrkJLCf5Ae8+M3FBOtsBAFif1tX5cWnH5kP3DbL9A5A5JHxlVJEQi
 SBC8NuJW+At89VlckEGpREt8itFMicdbLT/dSKDU3kh+l/h6zTbd9fGmoKLKXDdw
 O/qwC2kwsKg/jrfZwYOTzUIpRt3jhe+CwrEajVJY12jIQzAW4kvj2mo9AeBEydHO
 umFfbExGH8zwZgynrhhbjHdNxcGBahUGLoKLCkJI51I7EwCMCrN5rtUpUzxVybTE
 VJKyTqlyUSIZGU4AsQT3KflLGRGU/HNS2ariQWjEbKWcCC03Q7dXH1RQMUxTlqL3
 Owhqv/NI07WIvQZD3oWPkn3Z8tiQMzF370qO2gb/AwM7U0P3ggkcUxAs7mCIj5x6
 81PP65di4+zRzCyU1IHCILem7LHxGR6drGatbHspGBYAJrPduyM2cYAa0eXUOCvX
 Hz1GURhlVGwBdBAwaZ+g13/NtisrkRBQQYZO8jiEBqhnWoc3514=
 =0ZD1
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-10-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-10-rc3 (2)

This series includes bug fixes for:

* UEFI secure boot - images with multiple signatures
* UEFI secure boot - support for intermediate certificates
* corrections for UEFI unit tests
* missing loadaddr on MAIX board
2020-08-15 09:01:01 -04:00
Andrii Anisov
e87dfb0526 lib: sscanf: add sscanf implementation
Port sscanf implementation from mini-os and introduce new
Kconfig option to enable it: CONFIG_SSCANF. Disable by default.

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14 15:18:30 -04:00
AKASHI Takahiro
52956e535e efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-14 12:28:25 +02:00
AKASHI Takahiro
f68a6d5835 efi_loader: variable: fix secure state initialization
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.

This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.

This patch fixes the order of variable initialization and secure state
initialization.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 5f7dcf079d ("efi_loader: UEFI variable persistence")
2020-08-13 22:37:42 +02:00
AKASHI Takahiro
1115edd846 efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13 22:37:36 +02:00
AKASHI Takahiro
0658bb29b0 efi_loader: variable: keep temporary buffer during the authentication
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.

A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().

So the buffer should be kept valid until the authentication process
is finished.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13 22:37:36 +02:00
Heinrich Schuchardt
0ad64007fe efi_loader: set load options in boot manager
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
1064d04920 efi_loader: factor out efi_set_load_options()
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).

Factor out a common function efi_set_load_options().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
AKASHI Takahiro
dd92aad81c efi_loader: add copyright notice
Some amount of code was moved/derived from efi_variable.c regarding
UEFI secure boot, in particluar in the commit 012c56ac76 ("efi_loader:
restructure code for TEE variables").
So add the orignal author's copyright notice.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:24 +02:00
Heinrich Schuchardt
9bdbc8ef98 lib/crypto: simplify public_key_verify_signature
The variable region is filled but never used. Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08 19:03:12 +02:00
Joao Marcos Costa
81014f73f0 include/u-boot, lib/zlib: add sources for zlib decompression
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.

Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-07 22:31:32 -04:00
Tero Kristo
9996cea75f lmb/bdinfo: dump lmb info via bdinfo
Dump lmb status from the bdinfo command. This is useful for seeing the
reserved memory regions from the u-boot cmdline.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
2020-08-04 23:30:02 -04:00
Simon Glass
e1e10f29f9 efi: Tidy up header includes
Two files relies on efi_driver.h to include common.h and dm.h which is
incorrect. The former should always be included in a non-host C file and
the latter should be included if driver model is used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-08-03 22:19:54 -04:00
Heinrich Schuchardt
5c2227e495 efi_selftest: block device test requires CONFIG_DOS_PARTITION
Do not execute the block device test if CONFIG_DOS_PARTITION=n.

Imply CONFIG_DOS_PARTITION in Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:39 +02:00
Heinrich Schuchardt
a1077bf582 efi_selftest: SNP test depends on network
If CONFIG_NET=n, testing the simple network protocol makes no sense.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:39 +02:00
Heinrich Schuchardt
74b869bae7 efi_loader: use CONFIG_STACK_SIZE in the UEFI sub-system
The Kconfig symbol CONFIG_STACK_SIZE is used both by ARM and Microblaze
with the same meaning. Move it to menu 'General setup' so that we can use
it for all architectures.

Use the value of CONFIG_STACK_SIZE instead of a hard coded 16 MiB value for
reserving memory in the UEFI sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:58:23 +02:00
Ilias Apalodimas
e01aed47d6 efi_loader: Enable run-time variable support for tee based variables
We recently added functions for storing/restoring variables
from a file to a memory backed buffer marked as __efi_runtime_data
commit f1f990a8c9 ("efi_loader: memory buffer for variables")
commit 5f7dcf079d ("efi_loader: UEFI variable persistence")

Using the same idea we now can support GetVariable() and GetNextVariable()
on the OP-TEE based variables as well.

So let's re-arrange the code a bit and move the commmon code for
accessing variables out of efi_variable.c. Create common functions for
reading variables from memory that both implementations can use on
run-time. Then just use those functions in the run-time variants of the
OP-TEE based EFI variable implementation and initialize the memory
buffer on ExitBootServices()

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:57:41 +02:00
Ilias Apalodimas
db94dfbd52 efi_loader: Trim output buffer size correctly for tee variables
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Remove superfluous conversion to (u8 *) for memcpy argument.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01 11:57:41 +02:00
Marek Vasut
d045cbacf2 env: Add support for explicit write access list
This option marks any U-Boot variable which does not have explicit 'w'
writeable flag set as read-only. This way the environment can be locked
down and only variables explicitly configured to be writeable can ever
be changed by either 'env import', 'env set' or loading user environment
from environment storage.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-31 10:13:00 -04:00
Marek Vasut
47f3b1f243 env: Add option to only ever append environment
Add configuration option which prevents the environment hash table to be
ever cleared and reloaded with different content. This is useful in case
the first environment loaded into the hash table contains e.g. sensitive
content which must not be dropped or reloaded.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-31 10:13:00 -04:00
Michal Simek
50c7b723bd Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"
This reverts commit 3ebe09d09a.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-25 14:46:57 -06:00
Michal Simek
62897c4344 Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"
This reverts commit 118f4d4559.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-25 14:46:57 -06:00
Tom Rini
7208396bbf Revert "Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm"
This reverts commit 5d3a21df66, reversing
changes made to 56d37f1c56.

Unfortunately this is causing CI failures:
https://travis-ci.org/github/trini/u-boot/jobs/711313649

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-24 08:42:06 -04:00
Tom Rini
5d3a21df66 binman support for FIT
new UCLASS_SOC
 patman switch 'test' command
 minor fdt fixes
 patman usability improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl8V+WQRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIrebNgAgAmgHHPakg1fkJT8xZkbPD53r21t5fkF7h
 JTLVU93BKfC+Zz2bbizCEkCl9L9bdHSaSzJY5rb07E24yV/zwDcIkRApCmkDjVHN
 EHOb0P36Ht9acowSd5kN66wd2z0Q/V+7lfEdB6Adtprh0vVaWIKYtLPxogpRv6k9
 l/CaGsBCwvupmPeHZcE3pVQlflbKyYzp62VObEBI4RIJLisvDXaPRUcBa4vz904P
 yu0baIYW8hWBcZhb0Lkex/9x7ys2T1bnnw8G7WL05GtHSZfVvT46Y70o+3i5ycBh
 GAI93Lx4r1gCjol9LVE4i1bewbPiMqyNXOtKGPRt/IIvYI4HZ67lFA==
 =YIpM
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm

binman support for FIT
new UCLASS_SOC
patman switch 'test' command
minor fdt fixes
patman usability improvements
2020-07-23 15:56:06 -04:00
AKASHI Takahiro
5ee81c6e3f lib: crypto: export and enhance pkcs7_verify_one()
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:37:17 +02:00
AKASHI Takahiro
05329fa4c0 lib: crypto: add pkcs7_digest()
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:36:29 +02:00
AKASHI Takahiro
063499e38e lib: crypto: import pkcs7_verify.c from linux
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.

In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:45 +02:00
AKASHI Takahiro
6244b3c7d9 lib: crypto: enable x509_check_for_self_signed()
When the file, x509_public_key.c, was imported from linux code in
    commit b4adf627d5 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.

Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:04 +02:00
AKASHI Takahiro
b2a1049b5c lib: crypto: add public_key_verify_signature()
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:33:55 +02:00
Heinrich Schuchardt
af457cfca9 efi_loader: use logging for block device messages
Use logging instead of printf() for messages occurring when scanning block
devices during the initialization of the UEFI sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
e7d64065cb efi_loader: document efi_save_gd(), efi_restore_gd()
Provide function descriptions for efi_save_gd() and efi_restore_gd().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Stefan Sørensen
1ef1cf1f93 efi_loader: loosen buffer parameter check in efi_file_read
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed
size before doing the actual read.

So move the buffer!=NULL check to after the buffer size has been checked.

This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now
boots out of the box.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
9b87d4429c efi_loader: Check for the native OP-TEE result on mm_communicate calls
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
5d1f79ba43 efi_loader: Rename and correct values for ARM_SMC_MM_*
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion

Fixes 23a397d2e2: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
ebbad02c1b efi_loader: don't use memmove() in efi_var_mem_del()
efi_var_mem_del() is in __efi_runtime because it would be needed for a
runtime implementation of SetVariable(). memmove() is not in __efi_runtime.
So we should not use it in efi_var_mem_del().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
01fa922bbb efi_loader: efi_current_var after SetVirtualAddressMap
Variable efi_current_var is a pointer to a physical memory address that
becomes invalid after SetVirtualAddressMap(). Instead of converting it via
ConvertPointer() simply set it to NULL.

Fixes: b02a707152 ("efi_loader: enable UEFI variables at runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Michal Simek
b589b80971 Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"
This reverts commit 3ebe09d09a.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Michal Simek
d4cc6f638c Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"
This reverts commit 118f4d4559.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
b75d8dc564 treewide: convert bd_t to struct bd_info by coccinelle
The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:

  It's a **mistake** to use typedef for structures and pointers.

Besides, using typedef for structures is annoying when you try to make
headers self-contained.

Let's say you have the following function declaration in a header:

  void foo(bd_t *bd);

This is not self-contained since bd_t is not defined.

To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>

  #include <asm/u-boot.h>
  void foo(bd_t *bd);

Then, the include direcective pulls in more bloat needlessly.

If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:

  struct bd_info;
  void foo(struct bd_info *bd);

Right, typedef'ing bd_t is a mistake.

I used coccinelle to generate this commit.

The semantic patch that makes this change is as follows:

  <smpl>
  @@
  typedef bd_t;
  @@
  -bd_t
  +struct bd_info
  </smpl>

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-07-17 09:30:13 -04:00
Chin Liang See
499b7493e7 lib: zlib: Remove offset pointer optimization in inftrees.c
This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: 6a043145ca

Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
2020-07-17 08:51:29 -04:00
Rasmus Villemoes
e7885a48bb lz4: fix decompressor on big-endian powerpc
Booting an lz4-compressed kernel image fails on our powerpc board with
-EPROTONOSUPPORT. Adding a bit of debug prints, we get

  magic: 0x184d2204
  flags: 0x64
  reserved0: 1
  has_content_checksum: 1
  has_content_size: 0
  has_block_checksum: 0
  independent_blocks: 1
  version: 0
  block_descriptor: 70
  reserved1: 7
  max_block_size: 0
  reserved2: 0

So the magic is ok, but the version check fails, also some reserved
bits are apparently set. But that's because the code interprets the
"flags" and "block_descriptor" bytes wrongly:

Using bit-fields to access individual bits of an "on the wire" format
is not portable, not even when restricted to the C flavour implemented
by gcc. Quoting the gcc manual:

   * 'The order of allocation of bit-fields within a unit (C90 6.5.2.1,
     C99 and C11 6.7.2.1).'

     Determined by ABI.

and indeed, the PPC Processor ABI supplement says

   * Bit-fields are allocated from right to left (least to most
     significant) on Little-Endian implementations and from left to
     right (most to least significant) on Big-Endian implementations.

The upstream code (github.com/lz4/lz4) uses explicit shifts and masks
for encoding/decoding:

    /* FLG Byte */
    *dstPtr++ = (BYTE)(((1 & _2BITS) << 6)    /* Version('01') */
        + ((cctxPtr->prefs.frameInfo.blockMode & _1BIT ) << 5)
        + ((cctxPtr->prefs.frameInfo.blockChecksumFlag & _1BIT ) << 4)
        + ((unsigned)(cctxPtr->prefs.frameInfo.contentSize > 0) << 3)
        + ((cctxPtr->prefs.frameInfo.contentChecksumFlag & _1BIT ) << 2)
        +  (cctxPtr->prefs.frameInfo.dictID > 0) );

    /* Flags */
    {   U32 const FLG = srcPtr[4];
        U32 const version = (FLG>>6) & _2BITS;
        blockChecksumFlag = (FLG>>4) & _1BIT;
        blockMode = (FLG>>5) & _1BIT;
        contentSizeFlag = (FLG>>3) & _1BIT;
        contentChecksumFlag = (FLG>>2) & _1BIT;
        dictIDFlag = FLG & _1BIT;
        /* validate */
        if (((FLG>>1)&_1BIT) != 0) return err0r(LZ4F_ERROR_reservedFlag_set); /* Reserved bit */
        if (version != 1) return err0r(LZ4F_ERROR_headerVersion_wrong);        /* Version Number, only supported value */
    }

Do the same here, and while at it, be more careful to use unaligned
accessors to what is most likely unaligned. Also update the comment to
make it clear that it only refers to the lz4.c file, not the following
code of lz4_wrapper.c.

This has been tested partly, of course, by seeing that my
lz4-compressed kernel now boots, partly by running the (de)compression
test-suite in the (x86_64) sandbox - i.e., it should still work just
fine on little-endian hosts.

Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2020-07-17 08:45:29 -04:00
Simon Glass
bb6772c3ff acpi: Support writing named values
Allow writing named integers and strings to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix the "new blank line at EOF" warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
91c2f9c32e acpi: Support generation of a device
Allow writing an ACPI device to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
d7d631df2d acpi: Support generation of a generic register
Allow writing out a generic register.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
82659cc910 acpi: Support generation of a scope
Add a function to write a scope to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: Fix build failures on Sandbox]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
8f9877df95 binman: Add way to locate an entry in memory
Add support for accessing an entry's contents in memory-mapped SPI flash.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
956a9082d3 binman: Refactor binman_entry_find() to allow other nodes
At present we can only read from a top-level binman node entry. Refactor
this function to produce a second local function which supports reading
from any node.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
db6fb7d152 binman: Allow setting the ROM offset
On x86 the SPI ROM can be memory-mapped, at least most of it. Add a way
to tell binman the offset from a ROM address to a RAM address.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
fefac0b064 dm: acpi: Enhance acpi_get_name()
For many device types it is possible to figure out the name just by
looking at its uclass or parent. Add a function to handle this, since it
allows us to cover the vast majority of cases automatically.

However it is sometimes impossible to figure out an ACPI name for a device
just by looking at its uclass. For example a touch device may have a
vendor-specific name. Add a new "acpi,name" property to allow a custom
name to be created.

With this new feature we can drop the get_name() methods in the sandbox
I2C and SPI drivers. They were only added for testing purposes. Update the
tests to use the new values.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
740630ba73 acpi: Add support for a generic power sequence
Add a way for devices to enable and disable themselves using ACPI code
that updates GPIOs. This takes several timing parameters and supports
enable, reset and stop.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
f8054dd8ba acpi: Add support for writing a GPIO power sequence
Power to some devices is controlled by GPIOs. Add a way to generate ACPI
code to enable and disable a GPIO so that this can be handled within an
ACPI method.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
f9189d5ada acpi: Add support for writing a Power Resource
These are used in ACPI to disable power to various pats of the system when
in sleep. Add a way to create a power resource, with the caller finishing
off the details.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
9c70e7e556 acpi: Add support for various misc ACPI opcodes
Add more functions to handle some miscellaneous ACPI opcodes.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
0667900049 acpi: Support copying properties from device tree to ACPI
Some drivers in Linux support both device tree and ACPI. U-Boot itself
uses Linux device-tree bindings for its own configuration but does not use
ACPI.

It is convenient to copy these values over to the ACPI DP table for
passing to linux. Add some convenience functions to help with this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
2357234666 acpi: Support writing a GPIO
Allowing writing out a reference to a GPIO within the ACPI output. This
can be used by ACPI code to access a GPIO at runtime.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
0e5a0a00d6 acpi: Support writing Device Properties objects via _DSD
More complex device properties can be provided to drivers via a
device-specific data (_DSD) object.

To create this we need to build it up in a separate data structure and
then generate the ACPI code, due to its recursive nature.

Add an implementation of this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
29df845204 acpi: Support writing a UUID
ACPI supports writing a UUID in a special format. Add a function to handle
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7aed90d44c acpi: Support writing a name
ACPI supports storing names which are made up of multiple path components.
Several special cases are supported. Add a function to emit a name.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
3df33bda5c acpi: Support writing a string
ACPI supports storing a simple null-terminated string. Add support for
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
83b2bd5a74 acpi: Support writing an integer
ACPI supports storing integers in various ways. Add a function to handle
this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
03967ce2e5 acpigen: Support writing a package
A package collects together several elements. Add an easy way of writing
a package header and updating its length later.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7e148f2ed3 acpigen: Support writing a length
It is convenient to write a length value for preceding a block of data.
Of course the length is not known or is hard to calculate a priori. So add
a way to mark the start on a stack, so the length can be updated when
known.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
70e5e67a4d acpi: Support generation of SPI descriptor
Add a function to write a SPI descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
31e1787ec1 acpi: Support generation of I2C descriptor
Add a function to write a GPIO descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
4ebc940b39 acpi: Support generation of a GPIO/irq for a device
Some devices use interrupts but some use GPIOs. Since these are fully
specified in the device tree we can automatically produce the correct ACPI
descriptor for a device.

Add a function to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
a9e0a077df acpi: Support generation of GPIO descriptor
Add a function to write a GPIO descriptor to the generated ACPI code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[bmeng: Drop comment about the type always being ACPI_GPIO_TYPE_IO]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
7fb8da4ce1 acpi: Support string output
Add support for output of strings and streams of bytes.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
ff715c6f4f acpi: Support generation of interrupt descriptor
Add a function to write an interrupt descriptor to the generated ACPI
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
61cc93396a acpi: Support generation of ACPI code
Add a new file to handle generating ACPI code programatically. This is
used when information must be dynamically added to the tables, e.g. the
SSDT.

Initial support is just for writing simple values. Also add a 'base' value
so that the table can be freed. This likely doesn't happen in normal code,
but is nice to do in tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
2715b3623c acpi: Add a way to check device status
At present U-Boot does not support the different ACPI status values, but
it is best to put this logic in a central place. Add a function to get the
device status.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
1361a53c1a acpi: Add a function to get a device path and scope
Add a function to build up the ACPI path for a device and another for its
scope.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Simon Glass
e1ddf67cb3 timer: Allow delays with a 32-bit microsecond timer
The current get_timer_us() uses 64-bit arithmetic on 32-bit machines.
When implementing microsecond-level timeouts, 32-bits is plenty. Add a
new function that uses an unsigned long. On 64-bit machines this is
still 64-bit, but this doesn't introduce a penalty. On 32-bit machines
it is more efficient.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-17 14:32:24 +08:00
Heinrich Schuchardt
7dda16343d efi_loader: pre-seed UEFI variables
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
99bfab8b58 efi_loader: identify PK, KEK, db, dbx correctly
To determine if a varible is on the of the authentication variables
PK, KEK, db, dbx we have to check both the name and the GUID.

Provide a function converting the variable-name/guid pair to an enum and
use it consistently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
be66b89da3 efi_loader: configuration of variables store
The file based and the OP-TEE based UEFI variable store are mutually
exclusive. Define them as choice options in Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
1a7b0f6e4e efi_loader: update secure state
Update the UEFI secure state when variable 'PK' is updated in the TEE
variables implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
012c56ac76 efi_loader: restructure code for TEE variables
When using secure boot functions needed both for file and TEE based UEFI
variables have to be moved to the common code module efi_var_common.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Ilias Apalodimas
f96744b250 efi_loader: display RO attribute with TEE-backed variables
A previous commit adds support for displaying variables RO flag.
Let's add it on the TEE backed variable storage as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-16 12:37:02 +02:00
Heinrich Schuchardt
4a3155de3d efi_selftest: adjust runtime test for variables
As variable services are available at runtime we have to expect EFI_SUCCESS
when calling the services.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
b02a707152 efi_loader: enable UEFI variables at runtime
Enable UEFI variables at runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
ab7296c99c efi_loader: use memory based variable storage
Saving UEFI variable as encoded U-Boot environment variables does not allow
implement run-time support.

Use a memory buffer for storing UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
f1f990a8c9 efi_loader: memory buffer for variables
Saving UEFI variable as encoded U-Boot environment variables does not allow
support at runtime.

Provide functions to manage a memory buffer with UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
b0dd8cb407 efi_loader: new function efi_memcpy_runtime()
Provide a memcpy() function that we can use at UEFI runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
724d28171e efi_loader: optional pointer for ConvertPointer
If the EFI_OPTIONAL_PTR is set in DebugDisposition, a NULL pointer does not
constitute an invalid parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
a44d2a2399 efi_loader: export efi_convert_pointer()
We need ConvertPointer() to adjust pointers when implementing  runtime
services within U-Boot.

After ExitBootServices() gd is not available anymore. So we should not use
EFI_ENTRY() and EFI_EXIT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
5f7dcf079d efi_loader: UEFI variable persistence
Persist non-volatile UEFI variables in a file on the EFI system partition.

The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.

The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
198bf6418e efi_loader: secure boot flag
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.

The efi_secure_boot flag should match the UEFIvariable SecureBoot.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
55a830560e efi_loader: read-only AuditMode and DeployedMode
Set the read only property of the UEFI variables AuditMode and DeployedMode
conforming to the UEFI specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
fd7b6730ab efi_loader: value of VendorKeys
According to the UEFI specification the variable VendorKeys is 1 if the
"system is configured to use only vendor-provided keys".

As we do not supply any vendor keys yet the variable VendorKeys must be
zero.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
37fa7cb045 efi_loader: keep attributes in efi_set_variable_int
Do not change the value of parameter attributes in function
efi_set_variable_int(). This allows to use it later.

Do not use variable attr for different purposes but declare separate
variables (attr and old_attr).

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
dda8c7163a efi_loader: simplify boot manager
Simplify the implementation of the UEFI boot manager:

* avoid EFI_CALL for SetVariable() and GetVariable()
* remove unnecessary type conversions

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:17 +02:00
Heinrich Schuchardt
dc90e5c491 efi_loader: OsIndicationsSupported, PlatformLangCodes
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read
only.

Avoid EFI_CALL() for SetVariable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
01df8cf336 efi_loader: separate UEFI variable API from implemementation
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
f2d2b3a11c efi_loader: prepare for read only OP-TEE variables
We currently have two implementations of UEFI variables:

* variables provided via an OP-TEE module
* variables stored in the U-Boot environment

Read only variables are up to now only implemented in the U-Boot
environment implementation.

Provide a common interface for both implementations that allows handling
read-only variables.

As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
a27c78fddb efi_loader: NULL dereference in efi_convert_pointer
Avoid a possible NULL pointer dereference in efi_convert_pointer().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
1047c6e23c efi_loader: fix efi_get_child_controllers()
Don't call calloc(0, ..).
Consider return value of efi_get_child_controllers().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Heinrich Schuchardt
39a75f5af1 efi_loader: wrong printf format in efi_image_parse
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:

lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]

Use %zu for printing size_t.

Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
Ilias Apalodimas
ecb833a0c6 efi_loader: cleanup for tee backed variables
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
AKASHI Takahiro
491bfe8606 lib: rsa: export rsa_verify_with_pkey()
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-11 23:14:16 +02:00
AKASHI Takahiro
7926dfb579 efi_loader: image_loader: add digest-based verification for signed image
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.

With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
11bafb2596 efi_loader: image_loader: verification for all signatures should pass
A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1e64d0b5a4 efi_loader: signature: make efi_hash_regions more generic
There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
36b2f9da5c efi_loader: signature: fix a size check against revocation list
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
eb537fd7eb efi_loader: image_loader: retrieve authenticode only if it exists
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
AKASHI Takahiro
1a44b7059c efi_loader: image_loader: add a check against certificate type of authenticode
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
  WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
  WIN_CERT_TYPE_PKCS_SIGNED_DATA
  WIN_CERT_TYPE_EFI_PKCS1_15

As EDK2 does, we will support the first two that are pkcs7 SignedData.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-11 23:14:15 +02:00
Marek Szyprowski
69be8fd164 powerpc: move ADDR_MAP to Kconfig
Move ADDR_MAP related config options from include/configs/*.h to the
proper place in lib/Kconfig. This has been done using
./tools/moveconfig.py and manual inspection of the generated changes.
This is a preparation to use ADDR_MAP helper on ARM 32bit Raspberry Pi4
board for mapping the PCIe XHCI MMIO, which is above the 4GiB identity
mapping limit.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-10 14:10:43 -04:00
Heiko Stuebner
c89b41b4db lib: rsa: function to verify a signature against a hash
rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.

So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
2020-07-08 17:21:46 -04:00
Simon Glass
677dbf5dae display_options: Drop #ifdef for MEM_SUPPORT_64BIT_DATA
This is defined only when __lp64__ is defined. That means that ulong is
64 bits long. Therefore we don't need to use a separate u64 type on those
architectures.

Fix up the code to take advantage of that, removing the preprocessor
conditions.

Also include the missing header file that defines MEM_SUPPORT_64BIT_DATA

Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Simon Glass
3428faf23a Update MEM_SUPPORT_64BIT_DATA to be always defined
Define this macro always so we don't need the preprocessor to check it.
Convert the users to #if instead of #ifdef.

Note that '#if MEM_SUPPORT_64BIT_DATA' does not give an error if the
macro is not define. It just assumes zero.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
1a62c23ecf lib: rsa: add documentation to padding_pss_verify to document limitations
padding_pss_verify only works with the default pss salt setting of -2
(length to be automatically determined based on the PSS block structure)
not -1 (salt length set to the maximum permissible value), which makes
verifications of signatures with that saltlen fail.

Until this gets implemented at least document this behaviour.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
eda753be8a lib: rsa: free local arrays after use in rsa_gen_key_prop()
n, rr and rrtmp are used for internal calculations, but in the end
the results are copied into separately allocated elements of the
actual key_prop, so the n, rr and rrtmp elements are not used anymore
when returning from the function and should of course be freed.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
49d0ea3746 lib: rsa: fix allocated size for rr and rrtmp in rsa_gen_key_prop()
When calculating rrtmp/rr rsa_gen_key_prop() tries to make
(((rlen + 31) >> 5) + 1) steps in the rr uint32_t array and
(((rlen + 7) >> 3) + 1) / 4 steps in uint32_t rrtmp[]
with rlen being num_bits * 2

On a 4096bit key this comes down to to 257 uint32_t elements
in rr and 256 elements in rrtmp but with the current allocation
rr and rrtmp only have 129 uint32_t elements.

On 2048bit keys this works by chance as the defined max_rsa_size=4096
allocates a suitable number of elements, but with an actual 4096bit key
this results in other memory parts getting overwritten.

So as suggested by Heinrich Schuchardt just use the actual bit-size
of the key as base for the size calculation, in turn making the code
compatible to any future keysizes.

Suggested-by: Heinrich Schuchardt <xypron.debian@gmx.de>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

rrtmp needs 2 + (((*prop)->num_bits * 2) >> 5) array elements.

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
8434b43730 lib: rsa: bring exp_len in line when generating a key_prop
The exponent field of struct key_prop gets allocated an uint64_t,
and the contents are positioned from the back, so an exponent of
"0x01 0x00 0x01" becomes 0x0 0x0 0x0 0x0 0x0 0x1 0x0 0x1"

Right now rsa_gen_key_prop() allocates a uint64_t but sets exp_len
to the size returned from the parser, while on the other hand the
when getting the key from the devicetree exp_len always gets set to
sizeof(uint64_t).

So bring that in line with the established code.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
447b1d7580 lib: rsa: take spl/non-spl into account when building rsa_verify_with_pkey()
Right now in multiple places there are only checks for the full
CONFIG_RSA_VERIFY_WITH_PKEY option, not split into main,spl,tpl variants.

This breaks when the rsa functions get enabled for SPL, for example to
verify u-boot proper from spl.

So fix this by using the existing helpers to distinguis between
build-steps.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Heiko Stuebner
3075eb70c9 lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFY
While the SPL may want to do signature checking this won't be
the case for TPL in all cases, as TPL is mostly used when the
amount of initial memory is not enough for a full SPL.

So on a system where SPL uses DM but TPL does not we currently
end up with a TPL compile error of:

    lib/rsa/rsa-verify.c:48:25: error: dereferencing pointer to incomplete type ‘struct checksum_algo’

To prevent that change the $(SPL_) to $(SPL_TPL_) to distinguish
between both. If someone really needs FIT signature checking in
TPL as well, a new TPL_RSA_VERIFY config symbol needs to be added.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 17:21:46 -04:00
Dhananjay Phadke
06bea49809 tpm: add TPM2_GetRandom command support
Add support for TPM2 GetRandom command

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08 15:38:32 -04:00
Heinrich Schuchardt
7f642cb287 trace: clang compatible handling of gd register
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.

Use function set_gd() for setting the register on ARM.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-07 18:23:48 -04:00
Tom Rini
621e09cb3b Pull request for UEFI sub-system for efi-2020-10-rc1
This series comprises error corrections for the UEFI subsystem:
 
 * correct consideration of timestamps for variable authentication
 * correct collection of data regions for code authentication
 * correct unit tests to test loading dbx
 * enable FAT_WRITE as required by the UEFI spec
 
 The boot manager uses log functions instead of printf() and debug().
 
 The UEFI intialization state is exported.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl8AQD4ACgkQxIHbvCwF
 GsQqpxAAlt+EmomF8I5oUFZ7RwX3XTBXOU2oWlYt2DbkemZvroiGnWu6MC52K/RD
 sDdJwvIo+5NuzDbGlPqKB/NjhJ4eF2W+vOIKSey8+iCXhTovmCiqc7DzxUm0Ansi
 J0A/fwr3jdqUC1dl4C+ytwxPHQC01kK++8Ln5OptqbM1/DskpF0bspdr2fZG02Gc
 ndOPw0WEJYEdNH18rQaW+7fOADXgJzK1VIwMIhqQszGrOO/M7mbyXZDpHG787iOH
 smz41YL/2n4ExGsU4hdIQNWDmSJuEIWgB0PEeSiLE29O2m5G8eNfsAmHjRrV9U9p
 QEbaREQDxXB1BmlYNr/A2497p5pPfjJGhiPVjuN9vRXCMhbGyh937iOkT0c1TAuu
 aJyD5pqPxuGMUjNzO5foINMT97DuqewHoEf/DTmp4AtVzBZC+NzTiO79J94PQc6+
 xIDomTIM1WWtPlcMyvZfwUrlX33Gh3yOGBTwnXqS/YSzIQ1mqxoE6rFOZihUYRfz
 Rh6vUP8csOEhfm0XXDhwAVTudA53cQbBUOgPLPbS6zxhnvJNWN04zHXatg9unBnw
 mH8E30dBote0Make8Kzv53j/ytFL06AA/jgnvDbEOmE4SP7aYGL+oYxryjIPudz8
 mngRE2x2zlppXknTrYdnOAjlULxxOA88u0XiNi3uIuVJGtEbrfA=
 =wwI2
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-10-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next

Pull request for UEFI sub-system for efi-2020-10-rc1

This series comprises error corrections for the UEFI subsystem:

* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec

The boot manager uses log functions instead of printf() and debug().

The UEFI intialization state is exported.
2020-07-05 18:13:12 -04:00
Tom Rini
df3d0a3f95 Merge branch '2020-07-01-kconfig-etc-updates' into next
- Resync Kconfiglib with the v14.1.0 release.
- Re-sync our <linux/compiler*h> files with v5.7-rc5 from upstream.
- Fully resync checkpatch.pl with v5.7 release.

To safely to all of the above, we have a few bugfixes about functions
that need a 'static inline' but weren't.  We also stop setting
CROSS_COMPILE in arch/*/config.mk.  Finally, with the above changes
boards can now opt-in to optimizing inlining and we do this for the
socfpga stratix10 platform for space savings.
2020-07-05 18:03:32 -04:00
Heinrich Schuchardt
93f6201af7 efi_loader: imply FAT, FAT_WRITE
The UEFI spec requires support for the FAT file system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:56 +02:00
Heinrich Schuchardt
15b1bf10d1 efi_loader: export initialization state
Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:56 +02:00
Heinrich Schuchardt
3a92f85f21 efi_loader: rtc_mktime() called twice
Don't call rtc_mktime() twice with the same argument in
efi_variable_authenticate().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:47 +02:00
Heinrich Schuchardt
7a373e5435 efi_loader: use log function in boot manager
When booting via the boot manager use log function for user messages
instead of printf() and debug().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:47 +02:00
Heinrich Schuchardt
cb7116030a efi_loader: time based authentication
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:41 +02:00
Heinrich Schuchardt
33f183f68b efi_loader: add missing validation of timestamp
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:41 +02:00
Heinrich Schuchardt
28164c925e efi_loader: fix efi_image_region_add()
Use start and end address consistently as half-open interval.
Simplify the code.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:03:24 +02:00
AKASHI Takahiro
1b6c08548c efi_loader: image_loader: replace debug to EFI_PRINT
Just for style consistency, replace all the uses of debug() to
EFI_PRINT() in efi_image_loader.c.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:00:27 +02:00
AKASHI Takahiro
ce3c3865b0 efi_loader: variable: replace debug to EFI_PRINT
Just for style consistency, replace all the uses of debug() to
EFI_PRINT in efi_variable.c.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:00:27 +02:00
AKASHI Takahiro
3e9019d481 efi_loader: signature: replace debug to EFI_PRINT
Just for style consistency, replace all the uses of debug to
EFI_PRINT in efi_signature.c

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:00:27 +02:00
AKASHI Takahiro
f7a963c6af efi_loader: change efi objects initialization order
The simplest solution to revert the commit b32ac16f9a ("test/py: fix
test_efi_secboot/conftest.py") is to move efi_console_register()
forward before efi_disk_register().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03 18:00:27 +02:00
Tom Rini
67f51b40ca compiler*.h: sync include/linux/compiler*.h with Linux 5.7-rc5
Copy these from Linux v5.7-rc5 tag.

This brings in some handy new attributes and is otherwise important to
keep in sync.

We drop the reference to smp_read_barrier_depends() as it is not
relevant on the architectures we support at this time, based on where
it's implemented in Linux today.  We drop the call to kasan_check_read()
as that is not relevant to U-Boot as well.

Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-01 11:48:05 -04:00
Sean Anderson
60ffcf218f lib: Always set errno in hcreate_r
This could give a confusing error message if it failed and didn't set
errno.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-01 15:01:21 +08:00
Tom Rini
5fdb3c0e7e - net: pcnet: cleanup and add DM support
- Makefile: add rule to build an endian-swapped U-Boot image
   used by MIPS Malta EL variants
 - CI: add Qemu tests for MIPS Malta
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiQkHUH+J02LLC9InKPlOlyTyXBgFAl76U4wACgkQKPlOlyTy
 XBhKeg/6Au6lPC5QLnjEO5gpuhI/eF555jRoABXUNoM8FUjkcqA207Sgd3iTH9lS
 imOGHkzwipYno5pY1UoiXr7RKJgAkJfKYWRrZ46qgITrEkgQ8Xyp46xIqhoHvpuH
 Qs1YeDllHeRViBt2ZP6UJsYfUIA9xnU/o9tLh4lx2SiCPWbNDns7cB0Ajazh47Cx
 8UT2ZwbATaaFfN9m4Lg65O6Fe1G/cHAw5H/xsDajpVOpskHk0RZxRxzob6XLQete
 sVkZdjYmH7zG+7THLkPriu2y/qlc5t2re3OeAr/5YwYJODnj3aN7iI20Sl9xMwDP
 eDcSt19HMs+Ng60+yqwHxoU+AQ2BjswYHssb2vdY8OQhlRpoFke6nT+oQtCQCYhZ
 At/b2O8kh9IM9alsc8xltMABLgrOhREfxC6VQg7bsCH01+qcojGX8dhVQrYsWkKQ
 GrCs6SAl8zR78j8s3OGSsvTczMkTrBTglYWIYrlvA5fFhVg5Yz38S+ioTqPc4QDc
 ZJ9bDDO00CY4hJC8sx4TQcsn0OmSJeN394dy6CUoxL6fEXBdRmNRLBUnmuTmPmYT
 suLB9qaG+Q6cEttXjfNN1VotSG+61COUZ0uoed47cGUo8AxLMTEe62twUc0aDPNS
 NMUoMwHqVbivaGUBfG16mu8bnVfaCqFyR/LLGa6J3yQSQ8qeu30=
 =dnTK
 -----END PGP SIGNATURE-----

Merge tag 'mips-pull-2020-06-29' of https://gitlab.denx.de/u-boot/custodians/u-boot-mips into next

- net: pcnet: cleanup and add DM support
- Makefile: add rule to build an endian-swapped U-Boot image
  used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
2020-06-30 11:43:18 -04:00
Heinrich Schuchardt
e4c1c48eeb efi_loader: fix incorrect use of EFI_EXIT()
efi_get_variable_common() does not use EFI_ENTRY(). So we should not use
EFI_EXIT() either.

Fixes: 767f6eeb01 ("efi_loader: variable: support variable authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-29 11:56:10 +02:00
Heinrich Schuchardt
d80dd9e785 efi_loader: size of secure boot variables
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as
UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2.

Use variable name secure_boot instead of sec_boot for the value of the
UEFI variable SecureBoot.

Avoid abbreviations in function descriptions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-24 16:50:15 +02:00
Heinrich Schuchardt
915f15ac57 efi_loader: type of efi_secure_mode
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode.
So it should not be defined as int but as enum efi_secure_mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-24 16:50:15 +02:00
Tom Rini
5575f79bda Merge https://gitlab.denx.de/u-boot/custodians/u-boot-spi into next
- Convert fsl_espi to driver model (Chuanhua)
- Enable am335x baltos to DM_SPI (Jagan)
- Drop few powerpc board which doesn't have DM enabled (Jagan)
2020-06-19 16:25:50 -04:00
Tom Rini
c622afb087 Pull request for UEFI sub-system for efi-2020-07-rc5
Use correct printf code in efi_image_parse().
 Add random number generation to HTML documentation.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7ny9YACgkQxIHbvCwF
 GsRTAg//bG9ixJ/ryzkPNhgedyHnJnZ1fBOVQphaJAnQDjLKhxTMsebIaBDpxkGg
 yCa0RAo7Y91PeYz/2WavH1BKX4SjSXEDIyIw8cvhCwQ5hmlBEQHiw6WIUCGW2p33
 iQO9XdTR8U1IqRENJk6ZtGP6hKH9V8LNY9taBt1lkk45aS8tDVPVivVn+1Z+JFbg
 sY0VTaWmCFWOH+aeJprWYR7tjO6TI5KG82SNe3tu3vmfRzFN5X/2E4IOmcHL00Yy
 oVGALNBEQ22TZgz7/uQTn4xH3X3a+HDW7RyHnOQUkmqxCUqfTvp54tLLVhNTTsIj
 ccvS2TGaI9bKQVIzBQbOWaJRgYrlzDvlCvUwxgqg3iAWx0bzXeB0Nz8cNWTj0HOP
 gNpCJeODp3XlGD4PKx6GKg9R6JMmtzcJYudPLhoy1jjwZxLALGv+Y2DRP7fzeLpA
 wW6Slg8t3HEMF8JYbqYVa/V0CqB9MNX7nfHBdBu/SoMoOqzMA8TQk3Aen4jTWU1x
 wYSxh7sh1KT21/cpoVRTyD+5Ao8Ti6zeDbdCcbAQTr9w210ts/wRyCWXjPbe/WCM
 MWiEzuL2o6NfQdzUs1TyNs+8GohNI8X/PzFPok9+5gsbrKqKAbmWB2CQ74ufjt6k
 Qg3wHBVOvYFqIvoEFoyWus6Ni4LEycrQ0kuYsHQhnNoZlUXj6wE=
 =yON/
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc5' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc5

Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
2020-06-15 16:44:58 -04:00
Sean Anderson
1fae74125b Revert "lib: Improve _parse_integer_fixup_radix base 16 detection"
This reverts commit 0486497e2b.

The strtoul has well-defined semantics. It is defined by the C standard and
POSIX. To quote the relevant section of the man pages,

> If base is zero or 16, the string may then include a "0x" prefix, and the
> number will be read in base 16; otherwise, a zero base is taken as 10
> (decimal) unless the next character is '0', in which case it is taken as
> 8 (octal).

Keeping these semantics is important for several reasons. First, it is very
surprising for standard library functions to behave differently than usual.
Every other implementation of strtoul has different semantics than the
implementation in U-Boot at the moment. Second, it can result in very
surprising results from small changes. For example, changing the string
"1f" to "20" causes the parsed value to *decrease*. Forcing use of the "0x"
prefix to specify hexidecimal numbers is a feature, not a bug. Lastly, this
is slightly less performant, since the entire number is parsed twice.

This fixes the str_simple_strtoul test failing with

test/str_ut.c:29, run_strtoul(): expect_val == val: Expected 0x44b (1099), got 0x1099ab (1087915)
test/str_ut.c:46, str_simple_strtoul(): 0 == run_strtoul(uts, str2, 0, 1099, 4): Expected 0x0 (0), got 0x1 (1)

Signed-off-by: Sean Anderson <seanga2@gmail.com>
CC: Michal Simek <michal.simek@xilinx.com>
CC: Shiril Tichkule <shirilt@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-15 11:23:41 -04:00
Etienne Carriere
05f0c74606 optee: fix copy of optee reserved-memory node
Fix the loop that parses FDT for a reserved memory node named "optee".

Before this change, if at least one subnode was found in the
reserved-memory node, the function endlessly looped since instruction
continue returned back in the loop without updating variable subnode.
This change fixes the issue by using a for loop.

Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2020-06-15 11:23:40 -04:00
Heinrich Schuchardt
4bb4249b39 efi_loader: printf code in efi_image_parse()
For size_t we have to use %zu for printing not %lu.

Fixes: 4540dabdca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-14 21:07:20 +02:00
Tom Rini
f9e3d2e147 patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
 minor fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl7kQ4kRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreZrvAgAqc/TEj7QHPyW9rQSl8h65MXK93qRsnZo
 4segKEtK0Rmv0S2VfmPCwujsDFl5gZUNt+rXD/l7F0a4Wzx4eYgYrEXOYsXs/ZHP
 jjGrcbvO4Qkx3QzjMqqoUiQqeCgNQ9XIre8F+1NmZeQ2bFtPKbJXtXKYTcMI1wSW
 PhRGbbsTnKNKC0dL0nLFG6+NC/sk6xRqMx28Ip38FTrQL+Uh67LZFpLkY3yuHo/1
 CVhCw+7Aov0I6tDrdKrngjFqXRSoTsuOhavSFoW9U6llqDL7FIC6aoRo7x24lSJN
 VFTRpXPmNHeslE6NHEOQs9elFpbxXR34te3k4p74rFuX/J/490UaYA==
 =172C
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-12jun20' of git://git.denx.de/u-boot-dm into next

patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
minor fixes and improvements
2020-06-13 09:01:01 -04:00
Reuben Dowle
d16b38f427 Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-06-12 13:14:07 -04:00
Bin Meng
f6704c7994 fdtdec: Honor #address-cells and #size-cells in fdtdec_add_reserved_memory()
At present fdtdec_add_reserved_memory() calls fdtdec_get_addr_size()
to get address and size for the subnodes of /reserved-memory node.

We should honor #address-cells and #size-cells properties in the
parent node.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-11 20:52:11 -06:00
Bin Meng
a9ad113df0 fdtdec: Fix the types of addr and size in fdtdec_add_reserved_memory()
fdtdec_get_addr_size() expects size is of type 'fdt_size_t', and
return value is of type 'fdt_addr_t'. Adjust their types accordingly.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-11 20:52:11 -06:00
Simon Glass
90606da02d cmd: Correct the 'md.q' command
This displays incorrect data at present due to a missing header file
in display_options. Fix it.

Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-06-08 20:29:30 -04:00
Heinrich Schuchardt
325567d3c5 efi_loader: comments EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL
Provide missing comments for the functions implementing the
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-05 04:04:41 +02:00
Heinrich Schuchardt
00a871d34e smbios: empty strings in smbios_add_string()
smbios_add_string() cannot deal with empty strings. This leads to incorrect
property values and invalid tables. E.g. for the pine64-lts_defconfig
CONFIG_SMBIOS_MANUFACTURER="". Linux command dmidecode shows:

Table 1:
    Manufacturer: sunxi
    Product Name: sunxi

Table 3:
    Invalid entry length (2). DMI table is broken! Stop.

Replace empty strings by "Unknown".

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-05 04:04:41 +02:00
Tom Rini
07d90d8bd4 Merge https://gitlab.denx.de/u-boot/custodians/u-boot-riscv
- Fixes 7e249bc13a: ("riscv: Move all SMP related SBI calls to
  SBI_v01") Move sbi_probe_extension() out of CONFIG_SBI_V01.
- SiFive FU540 support SPL.
2020-06-04 13:50:39 -04:00
Pragnesh Patel
108604706d lib: Makefile: build crc7.c when CONFIG_MMC_SPI
When build U-Boot SPL, meet an issue of undefined reference to
'crc7' for drivers/mmc/mmc_spi.c, so let's compile crc7.c when
CONFIG_MMC_SPI selected.

Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
2020-06-04 09:44:08 +08:00
Tom Rini
1b6ae82a5a Pull request for UEFI sub-system for efi-2020-07-rc4
This patch series addresses the following issues:
 
 * allow compiling with clang
 * add missing function descriptions to the HTML documentation
 * simplify the validation of UEFI images
 * validate load options in the UEFI boot manager
 
 In a preparatory patch a structure definition is moved.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7X4dIACgkQxIHbvCwF
 GsTMfxAAjYeEoHNhdxr6ZAytC653O0iIb6BQQmrkSakcAtU82PgkiUCJ+oSF09th
 nBpSHZ8QW92avfnmrY3FjXj8fPU01LV4gytZwnEtgi6OaWtenOc/t3pElVVk7adW
 17VbRTHY3Urb4+oM9hGI5KEmDOgRCe2LUOlOKA6b6tGiG+1mchE4gIgNGh3LDbbM
 bAojulCliDoKyIUHMSwrpqX7U5OQF89qhd4AhkmlnYe0OqZueEMS3pDwsHICuP2i
 j5SPqHF5r8Nm8Mf+bDLcRDK7xKQAkqGzqP8KwqVN1o7++4MbnlI/zL94vBrbbye9
 av7OucMyKL44+BnOpB1dm/Zp8rJpJhOdbr0MHzZCk9foPQrWoLXRGx0dJLWNJvGd
 Sb67YXBl8DP//uZCq4zdj/j9wuWE31ZbSRA7SM4ioODQYpRu3RdrQJltQcwIbcwK
 M0L0JDXDNdnNPBA3Fwe3QxpskKOaXm1C8yTgDxEnjd9qoZCbohTl/nRjntXQUZWN
 Xq3rmgxilYXSyYZ+hqtp6zT0KEZAMSHi/OibYSRQRva491hZS9qhcI3nPPpR30/s
 xBd1ee6WW2sZVHVrEfqkWb4w7379I9Cp08lfmk6Mk+pne4Cbn8qc/lH+fxAaKkO5
 eUTxWcWWuXJmgPtdZQux7bqDWr9WC6gUQ8W2PLLv4t8l7gqk1lE=
 =rbBa
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc4' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc4

This patch series addresses the following issues:

* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager

In a preparatory patch a structure definition is moved.
2020-06-03 14:10:03 -04:00
AKASHI Takahiro
a4292eccfd efi_loader: signature: move efi_guid_cert_type_pkcs7 to efi_signature.c
The global variable, efi_guid_cert_type_pkcs7, will also be used in
efi_image_loader.c in a succeeding patch so as to correctly handle
a signature type of authenticode in signed image.

Meanwhile, it is currently defined in efi_variable.c. Once some secure
storage solution for UEFI variables is introduced, efi_variable.c may
not always be compiled in.

So move the definition to efi_signature.c as a common place.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:19 +02:00
Heinrich Schuchardt
55af40a578 efi_loader: simplify PE consistency check
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:18 +02:00
Heinrich Schuchardt
13f62d9f7e efi_loader: function description cmp_pe_section()
Rework the description of function cmp_pe_section().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
4afceb4d17 efi_loader: function descriptions efi_image_loader.c
We want to follow the Linux kernel style for function descriptions.

Add missing parentheses after function names.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
4f7dc5f608 efi_loader: allow compiling with clang
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.

In the UEFI sub-system we need to save gd when leaving to UEFI binaries and
have to restore gd when reentering U-Boot.

Define a new function set_gd() for setting gd and use it in the UEFI
sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>
2020-06-03 17:19:17 +02:00
Heinrich Schuchardt
0e69bcfb27 efi_loader: validate load option
For passing the optional data of the load option to the loaded imaged
protocol we need its size.

efi_deserialize_load_option() is changed to return the size of the optional
data.

As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.

Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.

Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03 17:19:17 +02:00
Marcin Juszkiewicz
43e442a59e kconfig: fix some typos
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
2020-06-02 17:27:04 -04:00
Michael Walle
eff5a54758 cmd: zip: automatically pull in gzip()
Move the CONFIG_GZIP_COMPRESSED from a config.h macro to a Kconfig menu
item. It is not selectable by a user because there is no reason to do
so. Instead it will be automatically selected by the stuff which uses
gzip(), like the zip command.

Remove it from the config_whitelist.txt. Also remove
CONFIG_GZIP_COMPRESS_DEF_SZ as this was never used on any board. The
default seems to be sane, otherwise it should be added as a Kconfig
option.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-05-25 11:54:53 -04:00
Tom Rini
2fdb5cd69c Pull request for UEFI sub-system for efi-2020-07-rc3 (2)
Problems fixed with these patches are:
 
 * UEFI sub-system not working with virtio block devices
 * Missing SATA support in UEFI sub-system
 * A superfluous debug statement
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl7Hb8sACgkQxIHbvCwF
 GsR3tA/+NknuzED4AkdVL0uRWw4kZNcSqxY+lpFUC73iWN0gLTWKFO6IXDRF4Jox
 3/xWSkMuPkeAp6sjl+Gv8DD2DCkNJedXeMdeAGZzPDLfXn16wmzhjvIe5xz8cr/2
 0shL5PtTWK8BR/ClSxTANoYrASGUISIpyq3Tu/dKY9PCGesfvzObmv+n06HizR+b
 E2ceSqVfEBZNLkp38o/PAOdrayjJCz7oSGxBhFQx1x3LYV/G6iHWdg9Kw+KsVdmR
 GBh1frun8MbC9NOqWjdnMmKi1CeHeCvvBu38lXzpVlfB0VcC2UFeuGaRh1aDKdnq
 CAiV20v9JygEwcxLGIEU4r+RwoqSxkbMbB2nlLnDuFmoJCC8gEK0ctUaFFrOV9i3
 xB/ynnw4zlht039fv8Qaq6OPiHbzA5qGmE93DY4p6a+iV0Mplfy6qLXw+UWpFEGG
 lGBZ2NPu04qjbZdzKCDag6Uw3oEypYMe3CO8Hg7EAQBB49v10LdhtgPm2BgZaaJn
 ZmYqzF0+FB1znPGmu6hrxT6IPHy+fP0cxxEma5kxXTp6CapXLHl84v4JGqNPpqmN
 jPV4MtmZaBXgasL1TDUCgpuNTEVcBcl49VastpPNMNjPPE/UD+oUXHbW+Lp1u1BH
 Jn5rCODNi5gah1X/vQ+yFC7Pk95RE0vqYDbdSUR2Wn1WurfbMzQ=
 =o+Cy
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc3 (2)

Problems fixed with these patches are:

* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
2020-05-22 10:27:24 -04:00
Heinrich Schuchardt
0a87e05dbd efi_loader: check device path is not installed twice
Prior to corrective patches for virtio and SATA devices the same device
path was installed on two different handles. This is not allowable.
With this patch we will throw an error if this condition occurs for
block devices.

Update a comment for the installation of the simple file system
protocol.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Heinrich Schuchardt
bf3bcef7fb efi_loader: device path for SATA devices
Provide device path nodes for SATA devices.

This avoids creation of two handles with the same device path indicating
our root node.

This is what the device paths for a SATA drive with four partitions could
like:

/VenHw(..)/Sata(0x0,0xffff,0x0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(1,MBR,0x81ea591f,0x800,0x63ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(2,MBR,0x81ea591f,0x6400800,0x9ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(3,MBR,0x81ea591f,0x6e00800,0x16ef2ab0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(4,MBR,0x81ea591f,0x1dcf3800,0x1dcedab0)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Heinrich Schuchardt
19ecced71c efi_loader: device path for virtio block devices
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.

This avoids creation of two handles with the same device path indicating
our root node.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Heinrich Schuchardt
c067cef695 efi_loader: initialize root node first
With commit 16ad946f41 ("efi_loader: change setup sequence") the
detection of block device was moved to the start of the initialization
sequence. In the case of virtio devices two handles with the same device
path being created.

The root node handle should be created before anything else.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Fixes: 16ad946f41 ("efi_loader: change setup sequence")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Pragnesh Patel
9de6ce807e efi_loader: Remove unnecessary debug
Remove unnecessary debug() from efi_set_variable_common().
native_name is NULL, so there is no meaning to print it.

Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-21 10:00:17 +02:00
Marek Vasut
0e2afc8368 fdtdec: Add weak function to patch U-Boot DT right after fdtdec_setup()
Add weak function which is called right after fdtdec_setup() configured
the U-Boot DT. This permits board-specific adjustments to the U-Boot DT
before U-Boot starts parsing the DT. This could be used e.g. to patch in
various custom nodes or merge in DT fragments from prior-stage firmware.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
2020-05-20 13:20:19 +02:00
Simon Glass
cd93d625fd common: Drop linux/bitops.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
c05ed00afb common: Drop linux/delay.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
07e1114671 Fix some checkpatch warnings in calls to udelay()
Fix up some incorrect code style in calls to functions in the linux/time.h
header, mostly udelay().

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
eb41d8a1be common: Drop linux/bug.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
8ad92118dc common: Drop asm_offsets.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Simon Glass
691d719db7 common: Drop init.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
52f2423804 common: Drop bootstage.h from common header
Move this fairly uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
e6f6f9e648 common: Drop part.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
0528979fa7 part: Drop disk_partition_t typedef
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
90526e9fba common: Drop net.h from common header
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:31 -04:00
Simon Glass
ba06b3c50b common: Drop uuid.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 14:53:28 -04:00
Ilias Apalodimas
f042e47e8f efi_loader: Implement EFI variable handling via OP-TEE
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.

So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-17 21:59:53 +02:00
Michael Walle
714497e327 efi_loader: round the memory area in efi_add_memory_map()
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-17 21:59:53 +02:00
Jan Luebbe
24bf6e84ce lib: rsa: avoid overriding the object name when already specified
If "object=" is specified in "keydir" when using the pkcs11 engine do
not append another "object=<key-name-hint>". This makes it possible to
use object names other than the key name hint. These two string
identifiers are not necessarily equal.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
2020-05-15 14:47:35 -04:00
Jan Kiszka
48069ff84f lib: rsa: Also check for presence of r-squared property
Better than crashing later if it is missing.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-15 14:47:35 -04:00
Jonathan Gray
0ff042d836 rsa: don't use malloc.h in rsa-sign.c
stdlib.h is the header for malloc since at least c89/c90.
There is no system malloc.h on OpenBSD and trying to use malloc.h here
falls back to the U-Boot malloc.h breaking the build of qemu_arm64.

Fixes: 336d4615f8 ("dm: core: Create a new header file for 'compat' features")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
2020-05-15 14:47:35 -04:00
Simon Glass
8239be61bd lib: Allow MD5 to be enabled in SPL
At present the MD5 option cannot be enabled by board configs since it has
no Kconfig name. It is generally enabled, so long as FIT support is
present. But not all boards use FIT, particularly in SPL

Fix this and add an option for SPL as well. This allows board code to call
md5() even if FIT support is not enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-15 14:47:35 -04:00
Sughosh Ganu
4835d35acf charset: Add support for calculating bytes occupied by a u16 string
The current code uses 'u16_strlen(x) + 1) * sizeof(u16)' in various
places to calculate the number of bytes occupied by a u16 string.
Let's introduce a wrapper around this. This wrapper is used on following
patches

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-09 09:30:28 +02:00
AKASHI Takahiro
b433acbb81 efi_loader: variable: check a return value of uuid__str_to_bin()
The only error case is that a given UUID is in wrong format.
So just return EFI_INVALID_PARAMETER here.

Reported-by: Coverity (CID 300333)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-09 09:30:27 +02:00
AKASHI Takahiro
52d7bfe787 efi_loader: image_loader: fix a Coverity check against array access
Coverity detected:
  Using "&opt->CheckSum" as an array.  This might corrupt or misinterpret
  adjacent memory locations.

The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.

Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-09 09:30:27 +02:00
Heinrich Schuchardt
d7ca3ce3d3 efi_loader: crypto/pkcs7_parser.h is not a local include
User <> and not "" for referencing a global include.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:18 +02:00
Patrick Wildt
6f146155f8 efi_loader: pkcs7_parse_message() returns error pointer
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL.  We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:17 +02:00
Patrick Wildt
9ad15227bb efi_loader: efi_variable_parse_signature() returns NULL on error
efi_variable_parse_signature() returns NULL on error, so IS_ERR()
is an incorrect check.  The goto err leads to pkcs7_free_message(),
which works fine on a NULL ptr.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-05-07 18:23:16 +02:00
Heinrich Schuchardt
42a426e027 efi_loader: put device tree into EfiACPIReclaimMemory
According to the UEFI spec ACPI tables should be placed in
EfiACPIReclaimMemory. Let's do the same with the device tree.

Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Grant Likely <grant.likely@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Heinrich Schuchardt
306bf6e7ff efi_loader: do not unnecessarily use EFI_CALL()
There is no need to call efi_get_variable() instead of
efi_get_variable_common(). So let's use the internal function.

Move forward declarations to the top of the file.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Heinrich Schuchardt
3fdff6be40 efi_loader: error handling in efi_set_variable_common().
Fix unreachable code. Free memory on error.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Heinrich Schuchardt
549b79e8e0 efi_loader: remove redundant assignment in dp_fill()
The value of dp is overwritten without being used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Jan Kiszka
b37a0b5c89 kbuild: efi: Avoid rebuilding efi targets
Add a couple of missing targets so that helloworld and other efi targets
are not needlessly rebuilt.

CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-07 18:23:16 +02:00
Heiko Stuebner
fdf0819afb rsa: fix alignment issue when getting public exponent
To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
did a cast to uint64_t of the key_prop->public_exponent field.
But that alignment is not guaranteed in all cases.

This came to light when in my spl-fit-signature the key-name exceeded
a certain length and with it the verification then started failing.
(naming it "integrity" worked fine, "integrity-uboot" failed)

key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
also just returns such a void-pointer and inside the devicetree the 64bit
exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
can lead to false reads.

So just use the already existing rsa_convert_big_endian() to do the actual
conversion from the dt's big-endian to the needed uint64 value.

Fixes: fc2f4246b4 ("rsa: Split the rsa-verify to separate the modular exponentiation")
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-05-07 09:01:42 -04:00
Heinrich Schuchardt
16ad946f41 efi_loader: change setup sequence
If we want to restore variables from disk, we need to initialize block
devices before variables.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:12 +02:00
Heinrich Schuchardt
30f92ce9d5 efi_loader: correct comments for efi_status_t
EFI_STATUS is unsigned (UINTN). Hence it cannot be negative.
Correct comments for 'Return:'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
Heinrich Schuchardt
bb0e585c71 efi_loader: eliminate efi_set_(non)volatile_variable
Eliminate superfluous functions efi_set_volatile_variable() and
efi_set_nonvolatile_variable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
Heinrich Schuchardt
c08cac0edc efi_loader: eliminate efi_get_(non)volatile_variable
Eliminate superfluous functions efi_get_volatile_variable() and
efi_get_nonvolatile_variable().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
41fd506842 efi_loader: disk: add efi_disk_is_system_part()
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
f0ff75f249 efi_loader: factor out the common code from efi_transfer_secure_state()
efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
964d5326c9 efi_loader: fix unreachable statement in efi_sigstore_parse_siglist
"if (left < esl->signature_size)" is not reachable in a while loop.
But it is still valuable in case that a given signature database is
somehow corrupted. So fix the while loop condition.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
e3f5c9cb0f lib/crypto, efi_loader: move some headers to include/crypto
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
7b8b63fb8e lib/crypto, efi_loader: avoid multiple inclusions of header files
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
Marek Vasut
e7882f65f0 tiny-printf: Support %i
The most basic printf("%i", value) formating string was missing,
add it for the sake of convenience.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
2020-05-01 11:03:24 -04:00
Tom Rini
78021b6337 Pull request for UEFI sub-system for efi-2020-07-rc2
This pull request contains bug fixes needed due to the merged changes for
 EFI secure boot.
 
 Patches are supplied to identify EFI system partitions.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6qkUQACgkQxIHbvCwF
 GsRGkQ//R1VltRXNk4RrYiKbsU33biNAIWQB4IhQpm6w1SgsrPAb7yWJEg1xhJ3P
 qhujDlVlW2s2Cz+sMkQOTd5/ln55IegJZ4LFlQuOhJCO22TzEenP8bkziMU7UBu8
 YtbhtV5cru2DBMg8uBQCazw9Lue5WUktzHgWhiNy+yBY5g6j+vkQHjy/+BjpC6RD
 7KT4qfyh+hyhss+O2lLjQYwobVwVxnCfQikWSdfMRqptC8N/lYMGNjiNk42HJssX
 cWy44TNUePgCE5pES1krXmR3q7fT/ocuWW2g8QynEJIqjZSWVTmZqLgdba3pd5Di
 kfleoByXLS0/HS6AgjdJNv+vwRuOot1RBXfbVYnDwb7flFThvu3xBzy55IMHa6uH
 eHDt3v1W3ZSwGnxiTzdbHISH5JidBUJAq+h+S3Zy52plbkgMWplPgFptSscM6+yo
 YrCTlzuj019X/Lm1JfO2X7NqhGPX9/MiMDwfvE+BGnWRhwOHNSu/S6+Iu1XUBrXN
 Q/tnHJxK1FGcoq73a/5VgiSkfnEl1+YdjdAUM8+nJdUPCL5xCWX1jXNxE0vq0l4U
 Y3zsjCj5lM4TnDUJvbOacMM4ltjxSMpBwmkGdleYOcKJxU8WD0YNuhUL2nnUFuDx
 7MYHonEPz5s3T+IiMoNAtYr3BHKcxedHNkmpoJsaPS69zMGq7dM=
 =38oT
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc2

This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.

Patches are supplied to identify EFI system partitions.
2020-04-30 15:11:06 -04:00
Simon Glass
0b885bcfd9 acpi: Add an acpi command
It is useful to dump ACPI tables in U-Boot to see what has been generated.
Add a command to handle this.

To allow the command to find the tables, add a position into the global
data.

Support subcommands to list and dump the tables.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
b38309b737 acpi: Move the xsdt pointer to acpi_ctx
Put this in the context along with the other important pointers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
7e586f6907 acpi: Put table-setup code in its own function
We always write three basic tables to ACPI at the start. Move this into
its own function, along with acpi_fill_header(), so we can write a test
for this code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-30 17:16:12 +08:00
Simon Glass
29b351122e acpi: Move acpi_add_table() to generic code
Move this code to a generic location so that we can test it with sandbox.
This requires adding a few new fields to acpi_ctx, so drop the local
variables used in the original code.

Also use mapmem to avoid pointer-to-address casts which don't work on
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
86e1778ded acpi: Convert part of acpi_table to use acpi_ctx
The current code uses an address but a pointer would result in fewer
casts. Also it repeats the alignment code in a lot of places so this would
be better done in a helper function.

Update write_acpi_tables() to make use of the new acpi_ctx structure,
adding a few helpers to clean things up.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
93f7f82782 acpi: Add a method to write tables for a device
A device may want to write out ACPI tables to describe itself to Linux.
Add a method to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Heinrich Schuchardt
11078bb262 efi_loader: identify EFI system partition
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Tom Rini
545c747447 Move Python tools to use absolute paths
Minor buildman fixes for new features
 Make libfdt code more similar to upsteam
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
 l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
 WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
 9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
 BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
 3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
 =H2KE
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm

Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
2020-04-28 09:52:01 -04:00
Tom Rini
08977f873f Merge branch '2020-04-27-master-imports'
- Assorted bugfixes.
- Documentation improvements including support for https://u-boot.readthedocs.io/
2020-04-27 17:50:43 -04:00
Heinrich Schuchardt
cc3860f66f lib: zlib: fix formatting, reference
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-27 14:55:29 -04:00
Weijie Gao
04cb39946c lib: enable lzma decompression support for SPL build
This patch enables LZMA decompression support for SPL build

Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
2020-04-27 20:29:33 +02:00
Masahiro Yamada
3e69db1223 fdt_region: move fdt_region.c to common/ from lib/libfdt/
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.

fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.

Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-04-26 14:23:55 -06:00
Masahiro Yamada
bcbdab70a2 libfdt: migrate fdt_ro.c to a wrapper of scripts/dtc/libfdt/fdt_ro.c
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c

Migrate to a simple wrapper like the other files.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-04-26 14:23:39 -06:00
Simon Glass
2c2ca207e4 uuid: Use const char * where possible
Update the arguments of these functions so they can be called from code
which uses constant strings.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-24 16:40:09 -04:00
Simon Glass
fdc79a6b12 lib: Add a function to convert a string to upper case
Add a helper function for this operation. Update the strtoul() tests to
check upper case as well.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-24 16:40:09 -04:00
Michal Simek
4b4858936f lib: strto: Stop detection when invalid char is used
This issue has been found when mtd partition are specified. Autodetection
code should stop when the first invalid char is found.

Here is the example of commands:
setenv mtdids nand0=memory-controller@e000e000
setenv mtdparts "mtdparts=nand0:4m(boot),4m(env),64m(kernel),96m(rootfs)"
mtd list

Before:
Zynq> mtd list
List of MTD devices:
* nand0
  - type: NAND flash
  - block size: 0x20000 bytes
  - min I/O: 0x800 bytes
  - OOB size: 64 bytes
  - OOB available: 16 bytes
  - ECC strength: 1 bits
  - ECC step size: 2048 bytes
  - bitflip threshold: 1 bits
  - 0x000000000000-0x000010000000 : "nand0"
	  - 0x000000000000-0x000000400000 : "boot"
	  - 0x000000400000-0x000000800000 : "env"
	  - 0x000000800000-0x000006c00000 : "kernel"
	  - 0x000006c00000-0x000010000000 : "rootfs"

Where it is visible that kernel partition has 100m instead of 64m

After:
Zynq> mtd list
* nand0
  - type: NAND flash
  - block size: 0x20000 bytes
  - min I/O: 0x800 bytes
  - OOB size: 64 bytes
  - OOB available: 16 bytes
  - ECC strength: 1 bits
  - ECC step size: 2048 bytes
  - bitflip threshold: 1 bits
  - 0x000000000000-0x000010000000 : "nand0"
	  - 0x000000000000-0x000000400000 : "boot"
	  - 0x000000400000-0x000000800000 : "env"
	  - 0x000000800000-0x000004800000 : "kernel"
	  - 0x000004800000-0x00000a800000 : "rootfs"

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Fixes: 0486497e2b ("lib: Improve _parse_integer_fixup_radix base 16 detection")
Tested-by: Heiko Schocher <hs@denx.de>
Tested-by: Pali Rohár <pali@kernel.org>
2020-04-24 16:40:09 -04:00
Heinrich Schuchardt
f6a24a177f lib: do not provide hexdump in SPL
SPL should not be enlarged by building with CONFIG_HEXDUMP=y.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-24 10:51:32 -04:00
Heinrich Schuchardt
4f4d526f59 lib: do not build OID registry in SPL
The OID registry is only used by crypto functions that are not built in
SPL. So we should not build it in SPL.

Fixes: a9b45e6e83 ("lib: add oid registry utility")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-24 10:51:32 -04:00
Kever Yang
10d887ddfa libfdt: Make fdtdec_get_child_count() available for HOST
The tool need to use fdtdec_get_child_count(), make it available for
HOST_CC.

Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:10:01 -04:00
Rasmus Villemoes
080019b86c make env_entry::callback conditional on !CONFIG_SPL_BUILD
The callback member of struct env_entry is always NULL for an SPL
build. Removing it thus saves a bit of run-time memory in the
SPL (when CONFIG_SPL_ENV_SUPPORT=y) since struct env_entry is embedded
in struct env_entry_node - i.e. about 2KB for the normal case of
512+change hash table entries.

Two small fixups are needed for this, all other references to the
callback member are already under !CONFIG_SPL_BUILD: Don't initialize
.callback in set_flags() - hsearch_r doesn't use that value
anyway. And make env_callback_init() initialize ->callback to NULL for
a new entry instead of relying on an unused or deleted entry having
NULL in ->callback.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Rasmus Villemoes
34284970a1 lib/hashtable.c: don't test ->callback in SPL
In SPL, environment callbacks are not supported, so e->callback is
always NULL. Removing this makes the SPL a little smaller (about 400
bytes in my ppc build) with no functional change.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Rasmus Villemoes
7f529f6585 lib/hashtable.c: create helper for calling env_entry::callback
This is preparation for compiling out the "call the callback" code and
associated error handling for SPL, where ->callback is always NULL.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Atish Patra
f614753c4b fdtdec: Fix boundary check
In U-Boot, the reserved memory end address is considered as a inclusive
address. This notion is followed while adding a reserved memory node to
the DT.

For example:
end_address = start_address + size - 1

Follow the same notion and fix the end address computation while checking
for existing nodes.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2020-04-23 10:14:16 +08:00
Atish Patra
2a2119e10c lib: kconfig: Add option to set BZIP2 compression method
There is no way to select BZIP2 compression method.
Add it under library/compression config where all other
compression related configs are present.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-17 12:32:36 -04:00
Tom Rini
cf87f7cd8c Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
 
 * provides an implementation of UEFI secure booting
 * fixes a problem with the rsa_mod_exp driver which stops some boards
   from booting when CONFIG_RSA is enabled which is needed for UEFI
   secure booting
 * enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
 * fixes some function comments
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
 GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
 bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
 t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
 to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
 gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
 pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
 iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
 rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
 QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
 4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
 pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
 =+ZDZ
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc1

This pull request

* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
  from booting when CONFIG_RSA is enabled which is needed for UEFI
  secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
2020-04-16 16:41:40 -04:00
Tom Rini
f51b4bcf61 Functions for reading indexed values from device tree
Enhancements to 'dm' command
 Log test enhancements and syslog driver
 DM change to read parent ofdata before children
 Minor fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6YdaMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYLRwf8C+vKmERVLLcrMZMMiLctbY2kVflJV8zG
 RjFwBcazZDPYjtHqClFZtJyIDYzgkVQRo+QPcdLxjcA+gjSXdteeRa0XTsBTXOZQ
 kbs7yBkL+rCIO2WyXtuyajsmDMQtqM5vYgeBdTeYnJu7NVxwRMYrUqqAKLolNpIN
 SKNYz+a8OEOG2EetbTdwwrmSpNy/cZ3wDGYK25DFTte8/vCZMRBTPiiNSrLp/RsM
 xIojRcLqzARwpvPfFZ8psASKei9+5oIICUrNvwwQGtjepvZwdFQEl90SKaHw8kMf
 sP9rxuqlEN5ec6xnMTUgwfnyBZgNIMSeb4KVPP1rxN2eAa5+bK1OlQ==
 =gyyY
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-10apr20-take2' of git://git.denx.de/u-boot-dm

Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
2020-04-16 13:45:03 -04:00
Laurentiu Tudor
b9200b191f fdtdec: support multiple phandles in memory carveout
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.

Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-16 08:07:58 -06:00
Simon Glass
bfeb5d460c acpi: Add support for DMAR
The DMA Remapping Reporting (DMAR) table contains information about DMA
remapping.

Add a version simple version of this table with only the minimum fields
filled out. i.e. no entries.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-16 14:36:28 +08:00
Simon Glass
91fe8b79f6 acpi: Add a central location for table version numbers
Each ACPI table has its own version number. Add the version numbers in a
single function so we can keep them consistent and easily see what
versions are supported.

Start a new acpi_table file in a generic directory to house this function.
We can move things over to this file from x86 as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-04-16 14:36:28 +08:00
Simon Glass
776cc20194 x86: Move acpi_table header to main include/ directory
This file is potentially useful to other architectures saddled with ACPI
so move most of its contents to a common location.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-16 14:36:28 +08:00
AKASHI Takahiro
d0f07949cc efi_loader: set up secure boot
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
                      supported by the platform firmware

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
4540dabdca efi_loader: image_loader: support image authentication
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
8353516f4a efi_loader: variable: add VendorKeys variable
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
	    keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
434ffb6422 efi_loader: variable: add secure boot state transition
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
767f6eeb01 efi_loader: variable: support variable authentication
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
be6296d05b efi_loader: add signature database parser
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
593e17d673 efi_loader: add signature verification functions
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
9bf09b5120 efi_loader: add CONFIG_EFI_SECURE_BOOT config option
Under this configuration, UEFI secure boot support will be added
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Heinrich Schuchardt
540faca8a1 efi_loader: function descriptions efi_watchdog.c
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:02 +02:00
Heinrich Schuchardt
55976b7fae efi_loader: add missing doc comments in efi_disk.c
Add missing descriptions for functions in efi_disk.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Heinrich Schuchardt
76956556fc efi_loader: function descriptions efi_unicode_collation.c
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Peter Robinson
bdf329e4a3 efi_loader: enable RNG if DM_RNG is enabled
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Tom Rini
1f47e2aca4 Xilinx changes for v2020.07
common:
 - Align ENV_FAT_INTERFACE
 - Fix MAC address source print log
 - Improve based autodetection code
 
 xilinx:
 - Enable netconsole
 
 Microblaze:
 - Setup default ENV_OFFSET/ENV_SECT_SIZE
 
 Zynq:
 - Multiple DT updates/fixes
 - Use DEVICE_TREE environment variable for DTB selection
 - Switch to single zynq configuration
 - Enable NOR flash via DM
 - Minor SPL print removal
 - Enable i2c mux driver
 
 ZynqMP:
 - Print multiboot register
 - Enable cache commands in mini mtest
 - Multiple DT updates/fixes
 - Fix firmware probing when driver is not enabled
 - Specify 3rd backup RAM boot mode in SPL
 - Add SPL support for zcu102 v1.1 and zcu111 revA
 - Redesign debug uart enabling and psu_init delay
 - Enable full u-boot run from EL3
 - Enable u-boot.itb generation without ATF with U-Boot in EL3
 
 Versal:
 - Enable distro default
 - Enable others SPI flashes
 - Enable systems without DDR
 
 Drivers:
 - Gem:
   - Flush memory after freeing
   - Handle mdio bus separately
 - Watchdog:
   - Get rid of unused global data pointer
   - Enable window watchdog timer
 - Serial:
   - Change reinitialization logic in zynq serial driver
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCXoxw9wAKCRDKSWXLKUoM
 IbQxAKCK23yTy4FoN8oTGTYsbmLOA9kVUQCbBx8lg4nBeA8ihSaAnY+HMDF37YI=
 =Lg54
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2020.07' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2020.07

common:
- Align ENV_FAT_INTERFACE
- Fix MAC address source print log
- Improve based autodetection code

xilinx:
- Enable netconsole

Microblaze:
- Setup default ENV_OFFSET/ENV_SECT_SIZE

Zynq:
- Multiple DT updates/fixes
- Use DEVICE_TREE environment variable for DTB selection
- Switch to single zynq configuration
- Enable NOR flash via DM
- Minor SPL print removal
- Enable i2c mux driver

ZynqMP:
- Print multiboot register
- Enable cache commands in mini mtest
- Multiple DT updates/fixes
- Fix firmware probing when driver is not enabled
- Specify 3rd backup RAM boot mode in SPL
- Add SPL support for zcu102 v1.1 and zcu111 revA
- Redesign debug uart enabling and psu_init delay
- Enable full u-boot run from EL3
- Enable u-boot.itb generation without ATF with U-Boot in EL3

Versal:
- Enable distro default
- Enable others SPI flashes
- Enable systems without DDR

Drivers:
- Gem:
  - Flush memory after freeing
  - Handle mdio bus separately
- Watchdog:
  - Get rid of unused global data pointer
  - Enable window watchdog timer
- Serial:
  - Change reinitialization logic in zynq serial driver

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-04-07 17:13:35 -04:00
Michal Simek
0486497e2b lib: Improve _parse_integer_fixup_radix base 16 detection
Base autodetection is failing for this case:
if test 257 -gt 3ae; then echo first; else echo second; fi

It is because base for 3ae is recognized by _parse_integer_fixup_radix() as
10. The code detects the first char which is not between 'a'/'A' or 'f'/'F'
to change base from dec to hex.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Shiril Tichkule <shirilt@xlinx.com>
2020-04-06 12:52:45 +02:00
Simon Glass
72188f5462 image: Use constants for 'required' and 'key-name-hint'
These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-04-01 07:45:09 -06:00
Tom Rini
2b18b89156 Merge branch 'next' of git://git.denx.de/u-boot-usb into next 2020-03-31 17:24:19 -04:00
Heinrich Schuchardt
7a4e717b9c efi_loader: definition of GetNextVariableName()
'vendor' is both an input and an output parameter. So it cannot be
constant.

Fixes: 0bda81bfdc ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 18:38:02 +01:00
Heinrich Schuchardt
cde162e766 efi_selftest: test CalculateCrc32, CopyMem, SetMem
Provide unit tests for CalculateCrc32(), CopyMem(), SetMem().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
72291a9d83 efi_loader: fix freestanding memmove()
For EFI binaries we have to provide an implementation of memmove() in
efi_freestanding.c.

Before this patch the memmove() function was copying in the wrong
direction.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
7aeceffb25 efi_loader: description efi_convert_pointer()
Correct the description of function efi_convert_pointer().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
9f888969fd efi_loader: simplify logical expression in efi_disk_add_dev()
To check if a variable is non-zero there is no need for '!= 0'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
e1089765b5 efi_selftest: check length reported by GetNextVariableName()
GetNextVariableName should report the length of the variable including the
final 0x0000 in bytes.

Check this in the unit test.

Increase the buffer size for variable names. 40 bytes is too short.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
4d7f5af841 efi_loader: correct reported length in GetNextVariable()
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.

Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:

EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36

U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18

Provide correct length in GetNextVariable().

Fixes: d99a87f84b ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
47a9596354 efi_loader: fix function descriptions in efi_disk.c
Use Sphinx style for function descriptions.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Heinrich Schuchardt
f0b0f7fe0e efi_loader: description of efi_variable.c
Correct the file description.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-22 11:06:23 +01:00
Tom Rini
2738f0edea Merge tag 'ti-v2020.07-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti into next
K3 J721E:
* OSPI boot support
* Support for loading remote cores in R5 SPL
* PMIC ESM Support
* Minor fixes for R5F and C7x remoteproc drivers

K3 AM654:
* Update AVS class 0 voltages.
* Add I2C nodes

DRA7xx/AM57xx:
* Fixed Android boot on AM57xx

AM33/AM43/Davinci:
* switch to driver model for the net and mdio driver for baltos
* Add DM/DTS support for omap video driver
* Enable fastboot on am335x-evm
2020-03-17 11:59:58 -04:00
AKASHI Takahiro
b51ec63978 efi_loader: export a couple of protocol related functions
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-03-17 08:29:52 +01:00
AKASHI Takahiro
0cc7a7535f lib: rsa: add rsa_verify_with_pkey()
This function, and hence rsa_verify(), will perform RSA verification
with two essential parameters for a RSA public key in contract of
rsa_verify_with_keynode(), which requires additional three parameters
stored in FIT image.

It will be used in implementing UEFI secure boot, i.e. image authentication
and variable authentication.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:39 -04:00
AKASHI Takahiro
e0d310b098 lib: rsa: generate additional parameters for public key
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.

In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.

Note: the current code uses some "big number" routines from BearSSL
for the calculation.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-03-12 08:20:39 -04:00
AKASHI Takahiro
dd89f5b0fd rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:39 -04:00
AKASHI Takahiro
b983cc2da0 lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:38 -04:00
Heinrich Schuchardt
2b8568f461 efi_loader: unnecessary assignment in efi_queue_event
The assigned value NULL is never used.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-11 08:23:05 +01:00
AKASHI Takahiro
b484296f6f efi_loader: get_memory_map: return parameters whenever possible
Currently, if GetMemoryMap API returns EFI_BUFFER_TOO_SMALL, it doesn't
set valid values to other parameters, descriptor_size and
descriptor_version, except memory_map_size.
Some efi applications, however, may use those value; in particular,
xen uses descriptor_size to calculate a size of buffer to be allocated.

While UEFI specification is ambiguous in this point, it would be better
to address this issue proactively to maximize the compatibility with
existing efi applications.

With this patch, for example, xen.efi (and hence linux kernel) can be
started via bootefi without modification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-03-11 08:23:05 +01:00
Keerthy
805b3cac1e lib: elf: Move the generic elf loading/validating functions to lib
Move the generic elf loading/validating functions to lib/
so that they can be re-used and accessed by code existing
outside cmd.

While at it remove the duplicate static version of load_elf_image_phdr
under arch/arm/mach-imx/imx_bootaux.c.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Suggested-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2020-03-03 13:08:14 +05:30
Ilias Apalodimas
479ab6c17e efi_selftest: add selftests for loadfile2 used to load initramfs
Provide a unit test loading an initial ramdisk using the
EFI_LOAD_FILE2_PROTOCOL. The test is only executed on request.

An example usage - given a file image with a file system in partition 1
holding file initrd - is:

* Configure the sandbox with

  CONFIG_EFI_SELFTEST=y
  CONFIG_EFI_LOAD_FILE2_INITRD=y
  CONFIG_EFI_INITRD_FILESPEC="host 0:1 initrd"

* Run ./u-boot and execute

    host bind 0 image
    setenv efi_selftest load initrd
    bootefi selftest

This would provide a test output like:

    Testing EFI API implementation

    Selected test: 'load initrd'

    Setting up 'load initrd'
    Setting up 'load initrd' succeeded

    Executing 'load initrd'
    Loaded 12378613 bytes
    CRC32 2997478465
    Executing 'load initrd' succeeded

Now the size and CRC32 can be compared to the provided file.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-28 19:37:14 +01:00
Ilias Apalodimas
ec80b4735a efi_loader: Implement FileLoad2 for initramfs loading
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.

The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.

[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-28 19:37:14 +01:00
Heinrich Schuchardt
76be687288 efi_loader: implement EFI_RT_PROPERTIES_TABLE
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.

Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
2020-02-26 19:32:09 +01:00
Heinrich Schuchardt
0e228853b5 efi_loader: EFI_RNG_PROTOCOL
Do not use quotation marks for Kconfig help text.
Replace rng abbreviation by full words.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-02-19 12:53:36 +01:00
Simon Glass
336d4615f8 dm: core: Create a new header file for 'compat' features
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.

Move the compatibility features into a separate header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-05 19:33:46 -07:00
Simon Glass
61b29b8268 dm: core: Require users of devres to include the header
At present devres.h is included in all files that include dm.h but few
make use of it. Also this pulls in linux/compat which adds several more
headers. Drop the automatic inclusion and require files to include devres
themselves. This provides a good indication of which files use devres.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Anatolij Gustschin <agust@denx.de>
2020-02-05 19:33:46 -07:00
Simon Glass
1ea1c7d80f string: Allow arch override of strndup() also
At present architectures can override strdup() but not strndup(). Use
the same option for both.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-05 19:33:46 -07:00
Simon Glass
194fca9130 dm: pci: Update a few more interfaces for const udevice *
Tidy up a few places where const * should be used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-02-05 19:33:45 -07:00
Tom Rini
e8c2d25845 libfdt: Revert 6dcb8ba4 from upstream libfdt
In upstream libfdt, 6dcb8ba4 "libfdt: Add helpers for accessing
unaligned words" introduced changes to support unaligned reads for ARM
platforms and 11738cf01f15 "libfdt: Don't use memcpy to handle unaligned
reads on ARM" improved the performance of these helpers.

In practice however, this only occurs when the user has forced the
device tree to be placed in memory in a non-aligned way, which in turn
violates both our rules and the Linux Kernel rules for how things must
reside in memory to function.

This "in practice" part is important as handling these other cases adds
visible (1 second or more) delay to boot in what would be considered the
fast path of the code.

Cc: Patrice CHOTARD <patrice.chotard@st.com>
Cc: Patrick DELAUNAY <patrick.delaunay@st.com>
Link: https://www.spinics.net/lists/devicetree-compiler/msg02972.html
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Patrice Chotard <patrice.chotard@st.com>
2020-01-30 13:30:35 -05:00
Christoph Müllner
0f97e923d4 optee: Replace uninitialized return variable by proper one.
As hinted by GCC 9, there is a return statement that returns
an uninitialized variable in optee_copy_firmware_node().
This patch addresses this.

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
2020-01-30 13:30:35 -05:00
Heinrich Schuchardt
1611235b85 lib: Kconfig dependencies for pseudo-random library
drivers/rng/sandbox_rng.c requires rand() to be defined but configuration
option CONFIG_CONFIG_LIB_RAND selected in drivers/rng/Kconfig does not
exist.

test/lib/test_aes.c requires rand() to be defined.

Fix the selection criteria for choice "Pseudo-random library support type".

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-25 12:04:36 -05:00
Heinrich Schuchardt
1b27753a96 lib: rsa: consider CONFIG_SPL_RSA
CONFIG_SPL_RSA is meant to control if lib/rsa/* is used for SPL. Adjust
lib/Makefile to consider this setting.

This was correctly setup with commit 51c14cd128 ("verified-boot: Minimal
support for booting U-Boot proper from SPL") and got lost with commit
089df18bfe ("lib: move hash CONFIG options to Kconfig").

Fixes: 089df18bfe ("lib: move hash CONFIG options to Kconfig")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-25 12:04:36 -05:00
Heinrich Schuchardt
e605ab8483 trace: provide Sphinx style comments
Correct some function comments. Convert to Sphinx style.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-01-22 17:47:57 -05:00
Dario Binacchi
6124667cd8 lib: ignore oid_registry_data.c file
The file is generated by scripts/build_OID_registry based on the
include/linux/oid_registry.h file.

Signed-off-by: Dario Binacchi <dariobin@libero.it>
2020-01-22 17:47:57 -05:00
Simon Glass
4d979bfdbc common: Move and rename CONFIG_SYS_SUPPORT_64BIT_DATA
This is not really a CONFIG since it is not intended to be set by boards.
Move it into the compiler header with other similar defines, and rename
it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 17:53:52 -05:00