Commit graph

1941 commits

Author SHA1 Message Date
AKASHI Takahiro
f0ff75f249 efi_loader: factor out the common code from efi_transfer_secure_state()
efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
964d5326c9 efi_loader: fix unreachable statement in efi_sigstore_parse_siglist
"if (left < esl->signature_size)" is not reachable in a while loop.
But it is still valuable in case that a given signature database is
somehow corrupted. So fix the while loop condition.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
e3f5c9cb0f lib/crypto, efi_loader: move some headers to include/crypto
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
AKASHI Takahiro
7b8b63fb8e lib/crypto, efi_loader: avoid multiple inclusions of header files
By adding extra symbols, we can now avoid including x509_parser and
pkcs7_parser.h files multiple times.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-05-04 12:26:11 +02:00
Marek Vasut
e7882f65f0 tiny-printf: Support %i
The most basic printf("%i", value) formating string was missing,
add it for the sake of convenience.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
2020-05-01 11:03:24 -04:00
Tom Rini
78021b6337 Pull request for UEFI sub-system for efi-2020-07-rc2
This pull request contains bug fixes needed due to the merged changes for
 EFI secure boot.
 
 Patches are supplied to identify EFI system partitions.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6qkUQACgkQxIHbvCwF
 GsRGkQ//R1VltRXNk4RrYiKbsU33biNAIWQB4IhQpm6w1SgsrPAb7yWJEg1xhJ3P
 qhujDlVlW2s2Cz+sMkQOTd5/ln55IegJZ4LFlQuOhJCO22TzEenP8bkziMU7UBu8
 YtbhtV5cru2DBMg8uBQCazw9Lue5WUktzHgWhiNy+yBY5g6j+vkQHjy/+BjpC6RD
 7KT4qfyh+hyhss+O2lLjQYwobVwVxnCfQikWSdfMRqptC8N/lYMGNjiNk42HJssX
 cWy44TNUePgCE5pES1krXmR3q7fT/ocuWW2g8QynEJIqjZSWVTmZqLgdba3pd5Di
 kfleoByXLS0/HS6AgjdJNv+vwRuOot1RBXfbVYnDwb7flFThvu3xBzy55IMHa6uH
 eHDt3v1W3ZSwGnxiTzdbHISH5JidBUJAq+h+S3Zy52plbkgMWplPgFptSscM6+yo
 YrCTlzuj019X/Lm1JfO2X7NqhGPX9/MiMDwfvE+BGnWRhwOHNSu/S6+Iu1XUBrXN
 Q/tnHJxK1FGcoq73a/5VgiSkfnEl1+YdjdAUM8+nJdUPCL5xCWX1jXNxE0vq0l4U
 Y3zsjCj5lM4TnDUJvbOacMM4ltjxSMpBwmkGdleYOcKJxU8WD0YNuhUL2nnUFuDx
 7MYHonEPz5s3T+IiMoNAtYr3BHKcxedHNkmpoJsaPS69zMGq7dM=
 =38oT
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc2

This pull request contains bug fixes needed due to the merged changes for
EFI secure boot.

Patches are supplied to identify EFI system partitions.
2020-04-30 15:11:06 -04:00
Simon Glass
0b885bcfd9 acpi: Add an acpi command
It is useful to dump ACPI tables in U-Boot to see what has been generated.
Add a command to handle this.

To allow the command to find the tables, add a position into the global
data.

Support subcommands to list and dump the tables.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
b38309b737 acpi: Move the xsdt pointer to acpi_ctx
Put this in the context along with the other important pointers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
7e586f6907 acpi: Put table-setup code in its own function
We always write three basic tables to ACPI at the start. Move this into
its own function, along with acpi_fill_header(), so we can write a test
for this code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-30 17:16:12 +08:00
Simon Glass
29b351122e acpi: Move acpi_add_table() to generic code
Move this code to a generic location so that we can test it with sandbox.
This requires adding a few new fields to acpi_ctx, so drop the local
variables used in the original code.

Also use mapmem to avoid pointer-to-address casts which don't work on
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
86e1778ded acpi: Convert part of acpi_table to use acpi_ctx
The current code uses an address but a pointer would result in fewer
casts. Also it repeats the alignment code in a lot of places so this would
be better done in a helper function.

Update write_acpi_tables() to make use of the new acpi_ctx structure,
adding a few helpers to clean things up.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Simon Glass
93f7f82782 acpi: Add a method to write tables for a device
A device may want to write out ACPI tables to describe itself to Linux.
Add a method to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-30 17:16:12 +08:00
Heinrich Schuchardt
11078bb262 efi_loader: identify EFI system partition
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-30 10:25:07 +02:00
Tom Rini
545c747447 Move Python tools to use absolute paths
Minor buildman fixes for new features
 Make libfdt code more similar to upsteam
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6mTJMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreZRmAf/TeHuh9nWXr7jRAyl8YEaXfBablceBYF/
 l/bHpIyPy1NH5wRMB1kwGIZUydSM44/FIVnvlo1iVI0DVuO1cSIY98WM2waMP0Tk
 WiDg3XR7eMpTMNjG13KP6TrFG5ybfOopRYdpuUfjPTBm8RQyuFMziaQwOrDQdoXt
 9yQ8rzM6hB7Gj3LgORond04KZYRUcYC+uhcuDo8WPUjrqS8vSpeAG34n6lT4z9KG
 BdmhQuIybvCngdi/t9ovyTfq5UfIsXp0ngUN6My/j0IjykZT4nu6qllge8gcukCM
 3iqrqhcjkO9psPdk6NXf2akTdxDH4Mf8PqFbvqmABNQbDSEVinVnrA==
 =H2KE
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-27apr20' of git://git.denx.de/u-boot-dm

Move Python tools to use absolute paths
Minor buildman fixes for new features
Make libfdt code more similar to upsteam
2020-04-28 09:52:01 -04:00
Tom Rini
08977f873f Merge branch '2020-04-27-master-imports'
- Assorted bugfixes.
- Documentation improvements including support for https://u-boot.readthedocs.io/
2020-04-27 17:50:43 -04:00
Heinrich Schuchardt
cc3860f66f lib: zlib: fix formatting, reference
Provide a valid reference for the deflate format.
Reformat the ALGORITHM and REFERENCES comments.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-27 14:55:29 -04:00
Weijie Gao
04cb39946c lib: enable lzma decompression support for SPL build
This patch enables LZMA decompression support for SPL build

Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
2020-04-27 20:29:33 +02:00
Masahiro Yamada
3e69db1223 fdt_region: move fdt_region.c to common/ from lib/libfdt/
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.

fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.

Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-04-26 14:23:55 -06:00
Masahiro Yamada
bcbdab70a2 libfdt: migrate fdt_ro.c to a wrapper of scripts/dtc/libfdt/fdt_ro.c
There is no essential difference between scripts/dtc/libfdt/fdt_ro.c
and lib/libfdt/fdt_ro.c

Migrate to a simple wrapper like the other files.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-04-26 14:23:39 -06:00
Simon Glass
2c2ca207e4 uuid: Use const char * where possible
Update the arguments of these functions so they can be called from code
which uses constant strings.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-24 16:40:09 -04:00
Simon Glass
fdc79a6b12 lib: Add a function to convert a string to upper case
Add a helper function for this operation. Update the strtoul() tests to
check upper case as well.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-24 16:40:09 -04:00
Michal Simek
4b4858936f lib: strto: Stop detection when invalid char is used
This issue has been found when mtd partition are specified. Autodetection
code should stop when the first invalid char is found.

Here is the example of commands:
setenv mtdids nand0=memory-controller@e000e000
setenv mtdparts "mtdparts=nand0:4m(boot),4m(env),64m(kernel),96m(rootfs)"
mtd list

Before:
Zynq> mtd list
List of MTD devices:
* nand0
  - type: NAND flash
  - block size: 0x20000 bytes
  - min I/O: 0x800 bytes
  - OOB size: 64 bytes
  - OOB available: 16 bytes
  - ECC strength: 1 bits
  - ECC step size: 2048 bytes
  - bitflip threshold: 1 bits
  - 0x000000000000-0x000010000000 : "nand0"
	  - 0x000000000000-0x000000400000 : "boot"
	  - 0x000000400000-0x000000800000 : "env"
	  - 0x000000800000-0x000006c00000 : "kernel"
	  - 0x000006c00000-0x000010000000 : "rootfs"

Where it is visible that kernel partition has 100m instead of 64m

After:
Zynq> mtd list
* nand0
  - type: NAND flash
  - block size: 0x20000 bytes
  - min I/O: 0x800 bytes
  - OOB size: 64 bytes
  - OOB available: 16 bytes
  - ECC strength: 1 bits
  - ECC step size: 2048 bytes
  - bitflip threshold: 1 bits
  - 0x000000000000-0x000010000000 : "nand0"
	  - 0x000000000000-0x000000400000 : "boot"
	  - 0x000000400000-0x000000800000 : "env"
	  - 0x000000800000-0x000004800000 : "kernel"
	  - 0x000004800000-0x00000a800000 : "rootfs"

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Fixes: 0486497e2b ("lib: Improve _parse_integer_fixup_radix base 16 detection")
Tested-by: Heiko Schocher <hs@denx.de>
Tested-by: Pali Rohár <pali@kernel.org>
2020-04-24 16:40:09 -04:00
Heinrich Schuchardt
f6a24a177f lib: do not provide hexdump in SPL
SPL should not be enlarged by building with CONFIG_HEXDUMP=y.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-24 10:51:32 -04:00
Heinrich Schuchardt
4f4d526f59 lib: do not build OID registry in SPL
The OID registry is only used by crypto functions that are not built in
SPL. So we should not build it in SPL.

Fixes: a9b45e6e83 ("lib: add oid registry utility")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-24 10:51:32 -04:00
Kever Yang
10d887ddfa libfdt: Make fdtdec_get_child_count() available for HOST
The tool need to use fdtdec_get_child_count(), make it available for
HOST_CC.

Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:10:01 -04:00
Rasmus Villemoes
080019b86c make env_entry::callback conditional on !CONFIG_SPL_BUILD
The callback member of struct env_entry is always NULL for an SPL
build. Removing it thus saves a bit of run-time memory in the
SPL (when CONFIG_SPL_ENV_SUPPORT=y) since struct env_entry is embedded
in struct env_entry_node - i.e. about 2KB for the normal case of
512+change hash table entries.

Two small fixups are needed for this, all other references to the
callback member are already under !CONFIG_SPL_BUILD: Don't initialize
.callback in set_flags() - hsearch_r doesn't use that value
anyway. And make env_callback_init() initialize ->callback to NULL for
a new entry instead of relying on an unused or deleted entry having
NULL in ->callback.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Rasmus Villemoes
34284970a1 lib/hashtable.c: don't test ->callback in SPL
In SPL, environment callbacks are not supported, so e->callback is
always NULL. Removing this makes the SPL a little smaller (about 400
bytes in my ppc build) with no functional change.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Rasmus Villemoes
7f529f6585 lib/hashtable.c: create helper for calling env_entry::callback
This is preparation for compiling out the "call the callback" code and
associated error handling for SPL, where ->callback is always NULL.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:09:59 -04:00
Atish Patra
f614753c4b fdtdec: Fix boundary check
In U-Boot, the reserved memory end address is considered as a inclusive
address. This notion is followed while adding a reserved memory node to
the DT.

For example:
end_address = start_address + size - 1

Follow the same notion and fix the end address computation while checking
for existing nodes.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2020-04-23 10:14:16 +08:00
Atish Patra
2a2119e10c lib: kconfig: Add option to set BZIP2 compression method
There is no way to select BZIP2 compression method.
Add it under library/compression config where all other
compression related configs are present.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-17 12:32:36 -04:00
Tom Rini
cf87f7cd8c Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
 
 * provides an implementation of UEFI secure booting
 * fixes a problem with the rsa_mod_exp driver which stops some boards
   from booting when CONFIG_RSA is enabled which is needed for UEFI
   secure booting
 * enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
 * fixes some function comments
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
 GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
 bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
 t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
 to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
 gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
 pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
 iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
 rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
 QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
 4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
 pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
 =+ZDZ
 -----END PGP SIGNATURE-----

Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc1

This pull request

* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
  from booting when CONFIG_RSA is enabled which is needed for UEFI
  secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
2020-04-16 16:41:40 -04:00
Tom Rini
f51b4bcf61 Functions for reading indexed values from device tree
Enhancements to 'dm' command
 Log test enhancements and syslog driver
 DM change to read parent ofdata before children
 Minor fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl6YdaMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYLRwf8C+vKmERVLLcrMZMMiLctbY2kVflJV8zG
 RjFwBcazZDPYjtHqClFZtJyIDYzgkVQRo+QPcdLxjcA+gjSXdteeRa0XTsBTXOZQ
 kbs7yBkL+rCIO2WyXtuyajsmDMQtqM5vYgeBdTeYnJu7NVxwRMYrUqqAKLolNpIN
 SKNYz+a8OEOG2EetbTdwwrmSpNy/cZ3wDGYK25DFTte8/vCZMRBTPiiNSrLp/RsM
 xIojRcLqzARwpvPfFZ8psASKei9+5oIICUrNvwwQGtjepvZwdFQEl90SKaHw8kMf
 sP9rxuqlEN5ec6xnMTUgwfnyBZgNIMSeb4KVPP1rxN2eAa5+bK1OlQ==
 =gyyY
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-10apr20-take2' of git://git.denx.de/u-boot-dm

Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
2020-04-16 13:45:03 -04:00
Laurentiu Tudor
b9200b191f fdtdec: support multiple phandles in memory carveout
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.

Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-16 08:07:58 -06:00
Simon Glass
bfeb5d460c acpi: Add support for DMAR
The DMA Remapping Reporting (DMAR) table contains information about DMA
remapping.

Add a version simple version of this table with only the minimum fields
filled out. i.e. no entries.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-16 14:36:28 +08:00
Simon Glass
91fe8b79f6 acpi: Add a central location for table version numbers
Each ACPI table has its own version number. Add the version numbers in a
single function so we can keep them consistent and easily see what
versions are supported.

Start a new acpi_table file in a generic directory to house this function.
We can move things over to this file from x86 as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-04-16 14:36:28 +08:00
Simon Glass
776cc20194 x86: Move acpi_table header to main include/ directory
This file is potentially useful to other architectures saddled with ACPI
so move most of its contents to a common location.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
2020-04-16 14:36:28 +08:00
AKASHI Takahiro
d0f07949cc efi_loader: set up secure boot
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
                      supported by the platform firmware

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
4540dabdca efi_loader: image_loader: support image authentication
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
8353516f4a efi_loader: variable: add VendorKeys variable
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
	    keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
434ffb6422 efi_loader: variable: add secure boot state transition
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
767f6eeb01 efi_loader: variable: support variable authentication
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
be6296d05b efi_loader: add signature database parser
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
593e17d673 efi_loader: add signature verification functions
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
9bf09b5120 efi_loader: add CONFIG_EFI_SECURE_BOOT config option
Under this configuration, UEFI secure boot support will be added
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Heinrich Schuchardt
540faca8a1 efi_loader: function descriptions efi_watchdog.c
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:02 +02:00
Heinrich Schuchardt
55976b7fae efi_loader: add missing doc comments in efi_disk.c
Add missing descriptions for functions in efi_disk.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Heinrich Schuchardt
76956556fc efi_loader: function descriptions efi_unicode_collation.c
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Peter Robinson
bdf329e4a3 efi_loader: enable RNG if DM_RNG is enabled
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Tom Rini
1f47e2aca4 Xilinx changes for v2020.07
common:
 - Align ENV_FAT_INTERFACE
 - Fix MAC address source print log
 - Improve based autodetection code
 
 xilinx:
 - Enable netconsole
 
 Microblaze:
 - Setup default ENV_OFFSET/ENV_SECT_SIZE
 
 Zynq:
 - Multiple DT updates/fixes
 - Use DEVICE_TREE environment variable for DTB selection
 - Switch to single zynq configuration
 - Enable NOR flash via DM
 - Minor SPL print removal
 - Enable i2c mux driver
 
 ZynqMP:
 - Print multiboot register
 - Enable cache commands in mini mtest
 - Multiple DT updates/fixes
 - Fix firmware probing when driver is not enabled
 - Specify 3rd backup RAM boot mode in SPL
 - Add SPL support for zcu102 v1.1 and zcu111 revA
 - Redesign debug uart enabling and psu_init delay
 - Enable full u-boot run from EL3
 - Enable u-boot.itb generation without ATF with U-Boot in EL3
 
 Versal:
 - Enable distro default
 - Enable others SPI flashes
 - Enable systems without DDR
 
 Drivers:
 - Gem:
   - Flush memory after freeing
   - Handle mdio bus separately
 - Watchdog:
   - Get rid of unused global data pointer
   - Enable window watchdog timer
 - Serial:
   - Change reinitialization logic in zynq serial driver
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCXoxw9wAKCRDKSWXLKUoM
 IbQxAKCK23yTy4FoN8oTGTYsbmLOA9kVUQCbBx8lg4nBeA8ihSaAnY+HMDF37YI=
 =Lg54
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2020.07' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2020.07

common:
- Align ENV_FAT_INTERFACE
- Fix MAC address source print log
- Improve based autodetection code

xilinx:
- Enable netconsole

Microblaze:
- Setup default ENV_OFFSET/ENV_SECT_SIZE

Zynq:
- Multiple DT updates/fixes
- Use DEVICE_TREE environment variable for DTB selection
- Switch to single zynq configuration
- Enable NOR flash via DM
- Minor SPL print removal
- Enable i2c mux driver

ZynqMP:
- Print multiboot register
- Enable cache commands in mini mtest
- Multiple DT updates/fixes
- Fix firmware probing when driver is not enabled
- Specify 3rd backup RAM boot mode in SPL
- Add SPL support for zcu102 v1.1 and zcu111 revA
- Redesign debug uart enabling and psu_init delay
- Enable full u-boot run from EL3
- Enable u-boot.itb generation without ATF with U-Boot in EL3

Versal:
- Enable distro default
- Enable others SPI flashes
- Enable systems without DDR

Drivers:
- Gem:
  - Flush memory after freeing
  - Handle mdio bus separately
- Watchdog:
  - Get rid of unused global data pointer
  - Enable window watchdog timer
- Serial:
  - Change reinitialization logic in zynq serial driver

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-04-07 17:13:35 -04:00
Michal Simek
0486497e2b lib: Improve _parse_integer_fixup_radix base 16 detection
Base autodetection is failing for this case:
if test 257 -gt 3ae; then echo first; else echo second; fi

It is because base for 3ae is recognized by _parse_integer_fixup_radix() as
10. The code detects the first char which is not between 'a'/'A' or 'f'/'F'
to change base from dec to hex.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Shiril Tichkule <shirilt@xlinx.com>
2020-04-06 12:52:45 +02:00