Persist non-volatile UEFI variables in a file on the EFI system partition.
The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.
The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.
The efi_secure_boot flag should match the UEFIvariable SecureBoot.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Set the read only property of the UEFI variables AuditMode and DeployedMode
conforming to the UEFI specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI specification the variable VendorKeys is 1 if the
"system is configured to use only vendor-provided keys".
As we do not supply any vendor keys yet the variable VendorKeys must be
zero.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not change the value of parameter attributes in function
efi_set_variable_int(). This allows to use it later.
Do not use variable attr for different purposes but declare separate
variables (attr and old_attr).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Simplify the implementation of the UEFI boot manager:
* avoid EFI_CALL for SetVariable() and GetVariable()
* remove unnecessary type conversions
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read
only.
Avoid EFI_CALL() for SetVariable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let the 'printenv -e' command display the read only flag.
If the variable is time authenticated write the time stamp.
Avoid EFI_CALL() when calling SetVariable() and GetVariable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have two implementations of UEFI variables:
* variables provided via an OP-TEE module
* variables stored in the U-Boot environment
Read only variables are up to now only implemented in the U-Boot
environment implementation.
Provide a common interface for both implementations that allows handling
read-only variables.
As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allocated tmpbuf_cluster dynamically to reduce the data size added by
compiling with CONFIG_FAT_WRITE.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:
lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
Use %zu for printing size_t.
Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.
In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).
In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Split the existing test case-1 into case1 and a new case-2:
case-1 for non-SecureBoot mode; case-2 for SecureBoot mode.
In addition, one corner case is added to case-2; a image is signed
but a corresponding certificate is not yet installed in "db."
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.
With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A signed image may have multiple signatures in
- each WIN_CERTIFICATE in authenticode, and/or
- each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)
In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.
With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
- the case where a digest algorithm used in signature is not supported by
U-Boot, or
- the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.
Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
WIN_CERT_TYPE_PKCS_SIGNED_DATA
WIN_CERT_TYPE_EFI_PKCS1_15
As EDK2 does, we will support the first two that are pkcs7 SignedData.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Now that commit 3e57f879ee ("mtd: nand: raw: denali: Assert reset
before deassert") added the reset assertion, this code in the board
file is unneeded.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Fixed delay 200us is not working in certain platforms. Change to
poll for reset completion status to have more reliable reset process.
Controller will set the rst_comp bit in intr_status register after
controller has completed its reset and initialization process.
Tested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Radu Bacrau <radu.bacrau@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Always put the controller in reset, then take it out of reset.
This is to make sure controller always in reset state in both SPL and
proper Uboot.
This is preparation for the next patch to poll for reset completion
(rst_comp) bit after reset.
Tested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Radu Bacrau <radu.bacrau@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This UART controller is integrated with a FIFO. Enable it.
You can put the next character into the FIFO while the transmitter
is sending out the current character. This works slightly faster.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Ensure the transmitter is empty when chaining the baudrate or any
hardware settings. If a character is remaining in the transmitter,
the console will be garbled.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
After all, I am not a big fan of using a structure to represent the
hardware register map.
You do not need to know the entire register map.
Add only necessary register macros.
Use FIELD_PREP() instead of maintaining a pair of shift and mask.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now that this directory contains only uniphier_sbc_boot_is_swapped(),
move it to boot-device.c and delete the sbc/ directory entirely.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Since commit 1517126fda ("ARM: uniphier: select DM_ETH"), DM-based
drivers/net/smc911x.c is compiled, but it is never probed because the
parent node lacks the DM-based driver.
I need a skeleton driver to populate child devices (but the next commit
will move more hardware settings to the this driver).
I put this to drivers/bus/uniphier-system-bus.c because this is the
same path as the driver in Linux kernel.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
I actually do not see this used these days because eMMC or NAND is used
for non-volatile devices. Dump the burden to maintain this crappy code.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This was used by the old sLD3 SoC, the support of which was removed
by commit 00aa453ebf ("ARM: uniphier: remove sLD3 SoC support").
There is no more user of this function.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, the supports for the following two ARMv7 SoC groups
are exclusive, because the boot ROM loads the SPL to a different
address:
- LD4, sLD8 (SPL is loaded at 0x00040000)
- Pro4, Pro5, PXs2, LD6b (SPL is loaded at 0x00100000)
This limitation exists only when CONFIG_SPL=y.
Instead of using crappy CONFIG options, checking SPL and SPL_TEXT_BASE
is cleaner.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
I increased the maximum U-Boot proper size from time to time, but
configs/uniphier_v7_defconfig hit the current limit 832KB.
Some historical info:
In the initial support, the max size was 512MB.
Commit 58d702274c ("ARM: uniphier: increase CONFIG_SYS_MONITOR_LEN")
increased it to 576KB, and commit 3ce5b1a8d8 ("ARM: uniphier: move
SPL stack address") moved the SPL stack location to avoid the memory
map conflict. It was the solution to increase the size without changing
the NOR boot image map.
commit 1a4bd3a095 ("ARM: uniphier: increase CONFIG_SYS_MONITOR_LEN
again") ended up with increasing the max size again, breaking the NOR
boot image map. The limit was set to 832KB, otherwise the SPL stack
would overwrite the U-Boot proper image:
CONFIG_SPL_STACK - CONFIG_SYS_UBOOT_BASE + sizeof(struct image_header) = 0xd0000
To increase CONFIG_SYS_MONITOR_LEN even more, the SPL stack must be
moved somewhere. I put it back to the original location prior to
commit 3ce5b1a8d8.
With this change, there is no more practical size limit.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This reverts commit 45f41c134b.
This weird workaround was the best I came up with at that time
to boot U-Boot from TF-A.
I noticed U-Boot successfully boots on LD20 (i.e. CA72 CPU) by using
the latest TF-A.
Specifically, since the following TF-A commit, U-Boot runs at EL2
instead of EL1, and this issue went away as a side-effect.
|commit f998a052fd94ea082833109f25b94ed5bfa24e8b
|Author: Masahiro Yamada <yamada.masahiro@socionext.com>
|Date: Thu Jul 25 10:57:38 2019 +0900
|
| uniphier: run BL33 at EL2
|
| All the SoCs in 64-bit UniPhier SoC family support EL2.
|
| Just hard-code MODE_EL2 instead of using el_implemented() helper.
|
| Change-Id: I7ab48002c5205bc8c013e1b46313b57d6c431db0
| Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
However, if I reverted that, this problem would come back, presumably
because some EL1 code in U-Boot triggers this issue.
Now that commit f8ddd8cbb5 ("arm64: issue ISB after updating system
registers") fixed this issue properly, this weird workaround is no
longer needed irrespective of the exception level at which U-Boot runs.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
patman support for Python3 on Ubuntu 14.04
new checkpatch check to avoid #ifdefs
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl8InaQRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreazvAgAgqyvPY2o+BNHscrx9/6sEOHSAVty/D5t
SdaphzRezlJOWy9MC/ZyqyevZjogN7fgGNQVgh/I4BklIc/N5Omn68/+JWylSFVP
taJKiJD1IVSThTXGOMTxlDiTxY7NfVDUDjtFIpCDswBrnSJlX+2v/RsehUwVIrYn
NJwiRXd33IdS1vh1mqqNgwbZNBo+zGWn5LApq71vLSVkiQlmcpMG9FmYYRcg/AhG
3Xd2HB2ANcvb13fMMcwd3s4WPNYoiJvwjSHScNDUPEip7XeZNDiNeq4gC6d2Uw+J
zC3/vOCP3eRtAnr6syJ5QcGN/eeKwLtnTE+fOuOm6s5Y98po4iMykA==
=3fC5
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-10jul20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm
of-platdata: better phandle and compatible-string support
patman support for Python3 on Ubuntu 14.04
new checkpatch check to avoid #ifdefs
Call pytest3 with argument -ra to display the reason why Python tests are
skipped.
The -r flag displays a test summary info for each test. -ra eliminates
this info for passed tests.
Pros an cons were discussed in:
https://lists.denx.de/pipermail/u-boot/2020-June/417090.html
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>