Commit Graph

2843 Commits

Author SHA1 Message Date
Ilias Apalodimas
b436cc6a57 efi_loader: add sha384/512 on certificate revocation
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-05-07 23:17:26 +02:00
Jan Kiszka
6ae494831d efi_loader: Select EVENT as well
Fixes

WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
  Depends on [n]: EVENT [=n]
  Selected by [y]:
  - EFI_LOADER [=y] && OF_LIBFDT [=y] && ...

and the succeeding build breakage.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-07 23:17:26 +02:00
Jan Kiszka
90c52423be lib/date: Make rtc_mktime and mktime64 Y2038-ready
We currently overflow due to wrong types used internally in rtc_mktime,
on all platforms, and we return a too small type on 32-bit.

One consumer that directly benefits from this is mktime64. Many others
may still store the result in a wrong type.

While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by
714209832d).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-05-05 15:06:02 -04:00
AKASHI Takahiro
4e65ca00f3 efi_loader: bootmgr: add booting from removable media
Under the current implementation, booting from removable media using
a architecture-specific default image name, say BOOTAA64.EFI, is
supported only in distro_bootcmd script. See the commit 74522c898b
("efi_loader: Add distro boot script for removable media").

This is, however, half-baked implementation because
1) UEFI specification requires this feature to be implemented as part
   of Boot Manager's responsibility:

  3 - Boot Manager
  3.5.1 Boot via the Simple File Protocol
  When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will
  start with a device path that points to the device that implements the
  EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next
  part of the FilePath may point to the file name, including
  subdirectories, which contain the bootable image. If the file name is
  a null device path, the file name must be generated from the rules
  defined below.
  ...
  3.5.1.1 Removable Media Boot Behavior
  To generate a file name when none is present in the FilePath, the
  firmware must append a default file name in the form
  \EFI\BOOT\BOOT{machine type short-name}.EFI ...

2) So (1) entails the hehavior that the user's preference of boot media
   order should be determined by Boot#### and BootOrder variables.

With this patch, the semantics mentioned above is fully implemented.
For example, if you want to boot the system from USB and SCSI in this
order,
* define Boot0001 which contains only a device path to the USB device
  (without any file path/name)
* define Boot0002 which contains only a device path to the SCSI device,
and
* set BootOrder to Boot0001:Boot0002

To avoid build error for sandbox, default file name "BOOTSANDBOX.efi"
is defined even if it is out of scope of UEFI specification.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
On sandbox use binary name corresponding to host architecture.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
AKASHI Takahiro
d8465ffc01 efi_loader: export efi_locate_device_handle()
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Masahisa Kojima
eca08ce94c lib/charset: add u16_strlcat() function
Provide u16 string version of strlcat().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
d30924f16b lib: fix selection of CONFIG_CHARSET
lib/charset.c is not optional for
EFI_APP || EFI_LOADER || UFS || UT_UNICODE.
These must select CONFIG_CHARSET.

Fixes: 726cd9836d ("efi: Make unicode printf available to the app")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
c900a42eb0 efi_selftest: error handling in efi_selftest_tcg2
If memory allocation fails, write an error message.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
0db8221f32 efi_selftest: clean up unaligned unit test
* fix typo %s/give/given/
* don't use void * in pointer arithmetic

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
1b2c3e543c efi_selftest: buildefi_selftest_unaligned.c
The unit test has not been built since CPU_V7 was rename CPU_V7A.

Fixes: acf1500138 ("arm: v7: Kconfig: Rename CPU_V7 as CPU_V7A")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Heinrich Schuchardt
5c1037d578 efi_loader: reset colors before clearing screen
When resetting the text console the colors have to be set before clearing
the screen. Otherwise the background color may be wrong.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03 21:39:22 +02:00
Simon Glass
747093dd40 vpl: Add Kconfig options for VPL
Add VPL versions of commonly used Kconfig options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-05-02 09:58:13 -04:00
AKASHI Takahiro
6c640422ba efi_loader: disk: allow blk devices even without UCLASS_PARTITION
While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is
seen optional under the current implementation.
So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices.

Fixes: commit d97e98c887 ("efi_loader: disk: use udevice instead of blk_desc")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Mark Kettenis <kettenis@openbsd.org>
2022-04-29 14:25:40 +02:00
Heinrich Schuchardt
8da26f5156 efi_loader: simplify efi_add_conventional_memory_map()
Remove redundant constraint.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
4f419960bf efi_loader: simplify try_load_entry()
Use function efi_create_indexed_name() to create the BootXXXX variable
name.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
dd1086ac6b efi: fix devpath_is_partition()
If the path consists only of an end node, it does not refer to a partition.
Avoid returning a random value from the stack in this case.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:25:39 +02:00
Heinrich Schuchardt
7ea79e511d efi_loader: don't call log with __func__ as parameter
The log functions print file name, line number, and function name if
selected via the log command or customizing. Don't print the function
name twice.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29 14:23:30 +02:00
Tom Rini
11232139e3 nds32: Remove the architecture
As removal of nds32 has been ack'd for the Linux kernel, remove support
here as well.

Cc: Rick Chen <rick@andestech.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-04-25 16:04:05 -04:00
Tom Rini
8cfac237b9 Merge branch '2022-04-25-initial-implementation-of-stdboot'
To quote the author:
The bootflow feature provide a built-in way for U-Boot to automatically
boot an Operating System without custom scripting and other customisation.
This is called 'standard boot' since it provides a standard way for
U-Boot to boot a distro, without scripting.

It introduces the following concepts:

   - bootdev - a device which can hold a distro
   - bootmeth - a method to scan a bootdev to find bootflows (owned by
                U-Boot)
   - bootflow - a description of how to boot (owned by the distro)

This series provides an implementation of these, enabled to scan for
bootflows from MMC, USB and Ethernet. It supports the existing distro
boot as well as the EFI loader flow (bootefi/bootmgr). It works
similiarly to the existing script-based approach, but is native to
U-Boot.

With this we can boot on a Raspberry Pi 3 with just one command:

   bootflow scan -lb

which means to scan, listing (-l) each bootflow and trying to boot each
one (-b). The final patch shows this.

With a standard way to identify boot devices, booting become easier. It
also should be possible to support U-Boot scripts, for backwards
compatibility only.

...

The design is described in these two documents:

https://drive.google.com/file/d/1ggW0KJpUOR__vBkj3l61L2dav4ZkNC12/view?usp=sharing

https://drive.google.com/file/d/1kTrflO9vvGlKp-ZH_jlgb9TY3WYG6FF9/view?usp=sharing
2022-04-25 16:02:27 -04:00
Simon Glass
8565efd509 lib: Add a way to find the postiion of a trailing number
At present it is not possible to find out which part of the string is the
number part and which is before it. Add a new variant which provides this
feature, so we can separate the two in the caller.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Simon Glass
d667a0d8f4 lib: Fix a few bugs in trailing_strtoln()
At present this has a minor bug in that it reads the byte before the
start of the string, if it is empty. Also it doesn't handle a
non-numeric prefix which is only one character long.

Fix these bugs with a reworked implementation. Add a test for the second
case. The first one is hard to test.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25 10:00:03 -04:00
Tom Rini
46a06ed82a Pull request for efi-2022-07-rc1-3
Documentation:
 
 * Document image size parameter of bootefi command
 
 UEFI:
 
 * avoid building partition support in SPL/TPL where not required
 * improve integration of EFI subsystem and driver model
 * restore ability to boot arbitrary blob
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmJka8UACgkQxIHbvCwF
 GsQXVw/+OuG4lYgiBZUUOFtu7CZZTrEnMGszRhXmwEzTMNq2NBNRP1lRJFhyyU50
 ElS/I7wZwhFtEnsL5H4mf3Ww7BQLELecg/Q7bnDYhPNg4JWUWUSCGOVUkNRs5O1h
 3f6HBkdbvDVvITgopqEj1v4sNwSJCr8sFJQPe0o7i9FAb0+dbO/Er3Z6afp9vcsQ
 C6iiNq4zTaGm0YUZf1wOCJMngijvkJ+z+McAFCCAwH0zbT7GfNpmGNr8iviYPWJM
 tKzkvO73+LhGR6fgRl9XewbV0Mlkd2q54nfZrP+7tTycIrj0G/OUOyPnOUaJk485
 keouzcIVSzZGjeQtsZ9Rrw8EounuMJ/pRyGNsoWIyeY98gqJxtVYnrlNm/TvFs6F
 vALsqq0LsRkVmM/ut8eleV/U8Q6n6IYL4xtAH0tm4Jf4mrW1zt8IgWQnNOlHqg9J
 RjOAF0y38KUAoC7RzGjU+RJcWPoYuKGxEWEdGvIu3qP9blwaZ7UKRxqWilOgbypf
 pxbp9YsnT8pqY9cs6mzSZHPjJFSMVocaRzD521kgShS4cxOJHpZHU4wzd5hS4BFr
 BIMCSPPyuRmn3E2DDqncEtL4C7OoPV+LLXVyrF2neiWwjMd/4rGAoYnDwjRkD7dP
 uSFsNt9N3Mqpjwl/iMI5Kd+mOJ77TWnf9fKrEft4BIXexopzAms=
 =a5qc
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-07-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-07-rc1-3

Documentation:

* Document image size parameter of bootefi command

UEFI:

* avoid building partition support in SPL/TPL where not required
* improve integration of EFI subsystem and driver model
* restore ability to boot arbitrary blob
2022-04-23 18:42:00 -04:00
AKASHI Takahiro
d97e98c887 efi_loader: disk: use udevice instead of blk_desc
In most of all cases, we can avoid using blk_desc which is expected
to be private to udevice(UCLASS_BLK), that is, the data should not
be manipulated outside the device driver unless really needed.

Now efi_disk's internally use dev_read/write() interfaces
if CONFIG_PARTITIONS is enabled.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a3cb34e9b7 efi_loader: disk: not delete BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
b406eb04c3 efi_loader: disk: a helper function to delete efi_disk objects
This function is expected to be called, in particular from dm's pre_remove
hook, when associated block devices no longer exist.

Add efi_disk_remove() function.
This function removes an efi_disk object for a raw disk device (UCLASS_BLK)
and related objects for its partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "remove"
interface every time a raw disk device is to be disconnected.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
3c809dfed7 efi_loader: disk: not create BLK device for BLK(IF_TYPE_EFI_LOADER) devices
When we create an efi_disk device with an UEFI application using driver
binding protocol, the 'efi_driver' framework tries to create
a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to
calling a PROBE callback, efi_disk_probe().
In this case, however, we don't need to create another "efi_disk" device
as we already have this device instance.

So we should avoid recursively invoke further processing in the callback
function.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a9bf024b29 efi_loader: disk: a helper function to create efi_disk objects from udevice
Add efi_disk_probe() function.
This function creates an efi_disk object for a raw disk device (UCLASS_BLK)
and additional objects for related partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "probe"
interface every time one raw disk device is detected and activated.
We assume that partition devices (UCLASS_PARTITION) have been created
when this function is invoked.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
a57ad20d07 efi_loader: split efi_init_obj_list() into two stages
In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated
in order to support dynamic enumeration of efi_disk objects.

This can, however, be problematic particularly in case of file-based
variable storage (efi_variable.c, default).
Non-volatile variables are to be restored from EFI system partition
by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list()
is called in board_init_r(), we don't know yet what disk devices
we have since none of device probing commands (say, scsi rescan) has not
been executed at that stage.

So in this commit, a preparatory change is made; efi_init_obj_list() is
broken into the two functions;
   * efi_init_early(), and
   * new efi_init_obj_list()

Only efi_init_early() will be called in board_init_r(), which allows
us to execute any of device probing commands, either though "preboot"
variable or normal command line, before calling efi_init_obj_list() which
is to be invoked at the first execution of an efi-related command
(or at efi_launch_capsules()) as used to be.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:41 +02:00
AKASHI Takahiro
38f255b960 efi_loader: disk: compile efi_disk when CONFIG_BLK
Now we can build efi_loader with block device support (CONFIG_BLK) and
without CONFIG_PARTITIONS.
So change Makefile.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23 22:05:34 +02:00
AKASHI Takahiro
7a06fd7579 efi_loader: PARTITION_UUIDS should be optional
In the current implementation, partition table support (either GPT or DOS)
is not mandatory. So CONFIG_PARTITION_UUIDS should not be enabled
(selected) unconditionally.

Fixes: commit 17f8cda505 ("efi_loader: set partition GUID in device path for SIG_TYPE_GUID")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-23 22:05:34 +02:00
Andrew Abbott
0de71bb580 fdt: Fix TPL SEPARATE_BSS check when locating DTB
Commit 690af71850 changed this condition
from an explicit

IS_ENABLED(CONFIG_SPL_SEPARATE_BSS)

to

CONFIG_IS_ENABLED(SEPARATE_BSS)

The documentation for CONFIG_IS_ENABLED() in include/linux/kconfig.h
implies that we will get the correct behaviour, but the actual behaviour
differs such that this condition is now always false.

This stopped TPL being able to load the device tree blob at least on the
ROCKPro64 board (RK3399 SoC), since the wrong device tree location was
chosen.

The issues causing this behaviour with CONFIG_IS_ENABLED() are:

1. The documentation implies that CONFIG_SPL_BUILD =>
   CONFIG_SPL_<option> is considered before the TPL equivalent.

   Actually, the TPL options have higher priority - see definition of
   _CONFIG_PREFIX.

2. The documentation implies a fallthrough, eg. if CONFIG_SPL_BUILD is
   defined but the CONFIG_SPL_<option> is not, then it will proceed to
   check if CONFIG_TPL_BUILD

   Actually, if CONFIG_TPL_BUILD is defined, then it stops there
   and CONFIG_SPL_BUILD is not considered - see definition of
   _CONFIG_PREFIX.

   During TPL build, at least for the ROCKPro64, both CONFIG_TPL_BUILD
   and CONFIG_SPL_BUILD are defined, but because of the above, only TPL
   options are considered. Since there is no CONFIG_TPL_SEPARATE_BSS,
   this fails.

Fixes: 690af71850 ("fdt: Correct condition for SEPARATE_BSS")
Signed-off-by: Andrew Abbott <andrew@mirx.dev>
2022-04-22 15:44:10 -04:00
Pali Rohár
1a47e6d47c crc16: Move standard CRC-16 implementation from ubifs to lib
This implementation provides standard CRC-16 algorithm with polynomial
x^16 + x^15 + x^2 + 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Pali Rohár
bb3d71b7ef crc16-ccitt: Rename file with CRC-16-CCITT implementation to crc16-ccitt.c
U-Boot CRC-16 implementation uses polynomial x^16 + x^12 + x^5 + 1 which is
not standard CRC-16 algorithm, but it is known as CRC-16-CCITT. Rename file
crc16.c to crc16-ccitt.c to reduce confusion.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21 14:32:40 -04:00
Heinrich Schuchardt
8bf5f9af3b efi_loader: simplify efi_serialize_load_option()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
b27d8e4037 efi_loader: EFI_HII_STRING_PROTOCOL.GetString()
Use u16_strsize().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:21 +02:00
Heinrich Schuchardt
967407defe lib: simplify u16_strdup()
Use u16_strsize() instead of duplicating it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Heinrich Schuchardt
0121282d1a lib: convert u16_strlen() into a macro
The function u16_strlen() can be implemented as call to u16_strnlen().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15 11:26:20 +02:00
Sughosh Ganu
9736287173 FMP: Remove GUIDs for FIT and raw images
The capsule update code has been modified for getting the image GUID
values from the platform code. With this, each image now has a unique
GUID value. With this change, there is no longer a need for defining
GUIDs for FIT and raw images. Remove these GUID values.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
a9e6f01a94 efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabled
Currently, there are a bunch of boards which enable the UEFI capsule
update feature. The actual update of the firmware images is done
through the dfu framework which uses the dfu_alt_info environment
variable for getting information on the update, like device, partition
number/address etc. The dfu framework allows the variable to be set
through the set_dfu_alt_info function defined by the platform, or if
the function is not defined, it gets the variable from the
environment. Using the value set in the environment is not very
robust, since the variable can be modified from the u-boot command
line and this can cause an incorrect update.

To prevent this from happening, define the set_dfu_alt_info function
when the capsule update feature is enabled. A weak function is defined
which sets the dfu_alt_info environment variable by getting the string
for the variable from the platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
7cf06f09cc capsule: Put a check for image index before the update
The current capsule update code compares the image GUID value in the
capsule header with the image GUID value obtained from the
GetImageInfo function of the Firmware Management Protocol(FMP). This
comparison is done to ascertain if the FMP's SetImage function can be
called for the update. Make this checking more robust by comparing the
image_index value passed through the capsule with that returned by the
FMP's GetImageInfo function. This protects against the scenario of the
firmware being updated in a wrong partition/location on the storage
device if an incorrect value has been passed through the capsule,
since the image_index is used to determine the location of the update
on the storage device.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-15 10:43:18 +02:00
Sughosh Ganu
1ea06bc929 capsule: FMP: Populate the image descriptor array from platform data
Currently, the image descriptor array that has been passed to the
GetImageInfo function of the Firmware Management Protocol(FMP) gets
populated through the data stored with the dfu framework. The
dfu data is not restricted to contain information only of the images
updatable through the capsule update mechanism, but it also contains
information on other images. The image descriptor array is also parsed
by the ESRT generation code, and thus the ESRT table contains entries
for other images that are not being handled by the FMP for the capsule
updates. Fix this by populating the image descriptor array from the
structure initialised in the board file.

The other issue fixed is assignment of a separate GUID for all images
in the image descriptor array. The UEFI specification mandates that
all entries in the ESRT table should have a unique GUID value as part
of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all
images are assigned a single GUID value, either an FIT GUID or a raw
image GUID. This is fixed by obtaining the GUID values from the
efi_fw_images array defined per platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Dhananjay Phadke
e146a2c12f lib/crypto: support sha384/sha512 in x509/pkcs7
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509,
(not set by ported linux code, but needed by __UBOOT__ part).

EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for
correctness if certificates contain sha384WithRSAEncryption or
sha512WithRSAEncryption OIDs.

Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-11 11:39:19 -04:00
SESA644425
81eff51047 lib: rsa: Update function padding_pss_verify (any-salt)
Modify function to support any salt length instead of max
length only. Function now detects salt length by parsing
the content of db buffer. Note that it works with (but is
not limited to) zero-length, digest-length and max-length

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
fb7330545e lib: rsa: Leverage existing data buffer instead of systematic copy
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to reduce memory
consumption of function by replacing memory copies of parts of
const buffer by pointers to the original buffer (masked_db and
h are subparts of msg buffer which is declared const, salt is a
subpart of db which is a working buffer, unmodified after being
filled). New pointers scope is limited to the function where
they are declared (not returned to caller by any mean), zeroing
risk of memory fault related to the change.

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
SESA644425
c755aa8a1d lib: rsa: Fix const-correctness of rsassa_pss functions
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to update
const-correctness in targeted functions to comply with
coding-rules and avoid const-cast

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11 11:39:19 -04:00
Masami Hiramatsu
7660cfee0f efi_loader: Use sysreset instead of reset command
Use sysreset_walk_halt() directly from reset-after-capsule-on-disk
feature to reboot (cold reset) machine instead of using reset command
interface, since this is not a command.
Note that this will make CONFIG_EFI_CAPSULE_ON_DISK depending on
the CONFIG_SYSRESET.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-09 21:06:31 +02:00
Masami Hiramatsu
39bdf11580 efi_loader: Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK=n
Make efi_load_capsule_drivers() available even if EFI_CAPSULE_ON_DISK
is disabled because the caller (efi_init_obj_list()) expects it only
relays on EFI_HAVE_CAPSULE_SUPPORT.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-09 21:06:31 +02:00
Tom Saeger
f2288a26ab efi_loader: optional persistence of variables
Since be66b89da3 ("efi_loader: configuration of variables store")
the choice of EFI_VARIABLE_FILE_STORE or EFI_MM_COMM_TEE
is mutually-exclusive, however efi_var_to_file also allows
for "neither". Provide an additional Kconfig option.

Signed-off-by: Tom Saeger <tom.saeger@oracle.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-09 21:06:31 +02:00
Simon Glass
b7463f198d Make ASYMMETRIC_KEY_TYPE depend on FIT_SIGNATURE
Add this dependency to avoid a build error if FIT_SIGNATURE is not
enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:03:17 -04:00
Simon Glass
ccfc9d7841 lzma: Tidy up the function prototype
This should use a const pointer for the input stream. Fix this and also
add a proper comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-06 14:01:42 -04:00