Commit Graph

2687 Commits

Author SHA1 Message Date
Philippe Reynes
b560c704d6 lib: rsa: rsa-verify: also check that padding is not NULL
This commit adds a check on the padding in the function rsa_verify_key
to avoid using a NULL pointer.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-26 15:26:45 -04:00
Masahisa Kojima
3d49ee8510 efi_loader: add SMBIOS table measurement
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).

The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.

Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.

This commit also fixes the following compiler warning:

lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
  const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26 17:58:14 +02:00
Heinrich Schuchardt
a45dac1785 efi_loader: simplify tcg2_measure_secure_boot_variable()
Don't duplicate GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
02fef8b101 efi_loader: simplify efi_sigstore_parse_sigdb()
Simplify efi_sigstore_parse_sigdb() by using existing functions.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:07 +02:00
Heinrich Schuchardt
e618d1d285 efi_loader: function to get GUID for variable name
In multiple places we need the default GUID matching a variable name.
The patch provides a library function. For secure boot related variables
like 'PK', 'KEK', 'db' a lookup table is used. For all other variable
names EFI_GLOBAL_VARIABLE is returned.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
Heinrich Schuchardt
d47671c631 efi_loader: treat UEFI variable name as const
UEFI variable names are typically constants and hence should be defined as
const. Unfortunately some of our API functions do not define the parameters
for UEFI variable names as const. This requires unnecessary conversions.

Adjust parameters of several internal functions to tre UEFI variable names
as const.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-25 21:13:06 +02:00
AKASHI Takahiro
7a6fb28c8e efi_loader: capsule: add back efi_get_public_key_data()
The commit 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
.rodata"") failed to revert the removal of efi_get_public_key_data().

Add back this function and move it under lib/efi_loader so that other
platforms can utilize it. It is now declared as a weak function so that
it can be replaced with a platform-specific implementation.

Fixes: 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to
	.rodata"")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Masahisa Kojima
f86352eb82 efi_loader: add missing const qualifier
This commit fixes the following compilation warning
of boottime->install_configuration_table() function.

lib/efi_selftest/efi_selftest_tcg2.c:475:46:
warning: passing argument 1 of ‘boottime->install_configuration_table’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  ret = boottime->install_configuration_table(&smbios_guid, dmi);

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-25 21:13:06 +02:00
Tom Rini
f055f2e5a2 Pull request for efi-2022-01-rc1
Documentation:
 	Use Sphinx 3.43.
 	Move system reset documentation to HTML
 
 UEFI:
 	Fix linking EFI apps with LLVM
 	Fix alignment of loaded image
 	Correct simple network protocol test
 	Code cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmFyqecACgkQhO4vgnE3
 U0vdwA//Vwg4q3fbMB/FeoI4cbdSJl1+IYnPdbZC1+TAnyv9kLuPlYON54GMwBo5
 K4qbvuzn8clAohJUPjUqPJumFLSzUqdVxCKqg4gFxfufTSH8T+LvmcooSbZW3y6d
 S4lgybbg5i5cwhi141sbL3wxQibNeFDhY3aIA6v8cKYtH+37MDFsTJ4rwq93r+bF
 cZlN6vHPZsklgTs66jJnlZs809ECH/3+BurM3+NQBz+AJFpKhxIpHkE/He16Yt/t
 6vLBfux4iRYF8OtEP1/7pPu4NKXfXOE3MkGTTzoYAiG7LM3kIuGn+De2dY/Z3CGE
 6WXTt7trzkwW1z1sXafMFFiV8n0Gj/ubDLTD3X9AVVWvp7LAIJmcU8dx79C0eKzJ
 HWHZqwAl4ZYlaxUbf7n/C6Mlhjnis0WUNiqc/OSgGhVmn4HeOOgrjVted3uvvm/9
 enR2HlSqibF8KOzcZec5fsPt9GxS/ZlGcUKMiYO1+wKbM+EQG0bz0v2uiers/U8o
 ixurj0Hj0tJEvaOEcHCQH99ug2PKpFDysOPc31lOrmg8jfD1Bxq728UWxfFYDSmI
 2cxv3G8K65imCrI7eTMTDG3AmdF142CET7MzNOMUlwcnqCskax2UhPVncXJdvFlT
 z00DdMF5Z6/gHfIYGu7KRt1MZ/yBWJOjt8J78ttIo40o1jJP4Rk=
 =EhtP
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-01-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-01-rc1

Documentation:
	Use Sphinx 3.43.
	Move system reset documentation to HTML

UEFI:
	Fix linking EFI apps with LLVM
	Fix alignment of loaded image
	Correct simple network protocol test
	Code cleanup
2021-10-22 12:43:30 -04:00
Heinrich Schuchardt
db61e70e0d efi_loader: efi_dp_from_lo() should skip VenMedia node
The 'efidebug boot dump' command should not display the VenMedia() device
path node preceding the device path of the initial ram disk.

By letting efi_dp_from_lo() skip the VenMedia() device path node we can
simplify the coding.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
9ad37fe405 efi_loader: avoid multiple local copies of lf2_initrd_guid
Create the GUID as a global variable.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
05345425ca efi_loader: efi_dp_from_lo() unused parameter size
Parameter size is never used in function efi_dp_from_lo(). Remove it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
0421735dd8 efi_loader: efi_dp_from_lo() don't copy GUID
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Ilias Apalodimas
ebdea88d57 efi_loader: Fix loaded image alignment
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).

So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.

[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:04 +02:00
Heinrich Schuchardt
fa00b6fc3f efi_loader: don't load Shim's MOK database from file
When using a file to store UEFI variables we must make sure that secure
boot related variables are not loaded from this file. With commit
9ef82e2947 ("efi_loader: don't load signature database from file")
this has already been implemented for variables defined in the UEFI
specification. As most Linux distributions use Shim we should do the same
for Shim's MOK database.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-21 03:46:04 +02:00
Simon Glass
c779e0d923 efi_loader: Drop code that doesn't work with driver model
This code should never have been added as it builds a new feature on top
of legacy code. This has already been improved with the dependency on BLK.

Add a dependency on DM_ETH also, to avoid needing to deal with this old
code.

Boards which want EFI_LOADER should migrate to driver model first.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
28fc87ee3a efi_selftest: Receive the packets until the receive buffer is empty
Repeatedly receive the packets until the receive buffer is empty.
If the buffer is empty, EFI_SIMPLE_NETWORK_PROTOCOL::Receive()
returns EFI_NOT_READY. We don't need to use the wait_for_event()
every time.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
9845b92436 efi_selftest: Do not check EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT
Do not check EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT in packet
receiving loop. This depends on the implementation and not
related to whether the packet can be received or not.

Whether the received packets are available or not is ensured
by wait_for_packet, and that is already done in the loop.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Masami Hiramatsu
39a37adf51 efi_selftest: Use EFI_SIMPLE_NETWORK_PROTOCOL::GetStatus() for media check
According to the UEF specification v2.9, the main purpose of the
EFI_SIMPLE_NETWORK_PROTOCOL::GetStatus() is for checking the link
status via EFI_SIMPLE_NETWORK_MODE::MediaPresent.
So this uses net->get_status() for checking the link status before
running network test.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-21 03:46:03 +02:00
Tom Rini
79b8849d4c u-boot-imx-20211020
-------------------
 
 First PR from u-boot-imx for 2022.01
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/9535
 
 - new board: kontron-sl-mx8mm
 - imx8m:
 	- fix secure boot
 - imx ESDHC: fixes
 - i.MX53: Support thum2, bmode and fixes for Menlo board
 	  usbarmory switch to Ethernet driver model
 - imx6 :
 	- DDR calibration for Toradex boards
 - imx7:
 	- Fixes
 - Updated gateworks boards (ventana / venice)
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYXAPLA8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76ZZdwCfQBZyd9IWYk3vY0lYgCZsBYl8oXoAn0o9BjVu
 tMJRAcFOLxegM4CJAeqC
 =zg72
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20211020' of https://source.denx.de/u-boot/custodians/u-boot-imx

u-boot-imx-20211020
-------------------

First PR from u-boot-imx for 2022.01

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/9535

- new board: kontron-sl-mx8mm
- imx8m:
	- fix secure boot
- imx ESDHC: fixes
- i.MX53: Support thum2, bmode and fixes for Menlo board
	  usbarmory switch to Ethernet driver model
- imx6 :
	- DDR calibration for Toradex boards
- imx7:
	- Fixes
- Updated gateworks boards (ventana / venice)

# gpg verification failed.
2021-10-20 14:24:09 -04:00
Ilias Apalodimas
d6f8ab30a2 treewide: Remove OF_PRIOR_STAGE
The previous patches removed OF_PRIOR_STAGE from the last consumers of the
Kconfig option.  Cleanup any references to it in documentation,  code and
configuration options.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-18 13:19:50 -04:00
Thierry Reding
b9aad37591 fdtdec: Support reserved-memory flags
Reserved memory nodes can have additional flags. Support reading and
writing these flags to ensure that reserved memory nodes can be properly
parsed and emitted.

This converts support for the existing "no-map" flag to avoid extending
the argument list for fdtdec_add_reserved_memory() to excessive length.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
9019487608 fdtdec: Reorder fdtdec_set_carveout() parameters for consistency
The fdtdec_set_carveout() function's parameters are inconsistent with
the parameters passed to fdtdec_add_reserved_memory(). Fix up the order
to make it more consistent.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
46cb067803 fdtdec: Support compatible string list for reserved memory
Reserved memory nodes can have a compatible string list to identify the
type of reserved memory that they represent. Support specifying an
optional compatible string list when creating these nodes.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
4bf88ba76a fdtdec: Support retrieving the name of a carveout
When retrieving a given carveout for a device, allow callers to query
the name. This helps differentiating between carveouts when there are
more than one.

This is also useful when copying carveouts to help assign a meaningful
name that cannot always be guessed.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Thierry Reding
d5598cfa9b fdtdec: Allow using fdtdec_get_carveout() in loops
In order make it possible to use fdtdec_get_carveout() in loops, return
FDT_ERR_NOTFOUND when the passed-in index exceeds the number of phandles
present in the given property.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-10-13 14:18:30 -07:00
Tom Rini
f331497d3a - add 30bpp support (EFI, simplefb, vidconsole)
- fix video console name in CONSOLE_MUX Kconfig help
  - move mxsfb driver config option to Kconfig
  - remove unused mx3fb driver
 -----BEGIN PGP SIGNATURE-----
 
 iGwEABECACwWIQSC4hxrSoIUVfFO0kRM6ATMmsalXAUCYWHeIw4cYWd1c3RAZGVu
 eC5kZQAKCRBM6ATMmsalXPMXAJsEn/v2k7xaWSjP11DfkPdoj2rmGQCeIijNt60a
 4UNYJe3S4pPBiNMamJo=
 =spnC
 -----END PGP SIGNATURE-----

Merge tag 'video-20211009' of https://source.denx.de/u-boot/custodians/u-boot-video

 - add 30bpp support (EFI, simplefb, vidconsole)
 - fix video console name in CONSOLE_MUX Kconfig help
 - move mxsfb driver config option to Kconfig
 - remove unused mx3fb driver

# gpg verification failed.
2021-10-09 17:47:27 -04:00
Simon Glass
2a2d8e94dd lz4: Use a private header for U-Boot
At present U-Boot has a header file called lz4.h for its own use. If the
host has its own lz4 header file installed (e.g. from the 'liblz4-dev'
package) then host builds will use that instead.

Move the U-Boot file into its own directory, as is done with various
other headers with the same problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-09 13:09:56 -04:00
Mark Kettenis
79f9defeba efi_loader: GOP: Fix 30bpp block transfer support
Convert pixel values when necessary like we do for 16bpp
framebuffers.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-10-09 18:50:31 +02:00
Mark Kettenis
01fcf0eea6 efi_loader: GOP: Add 30bpp support
Provide correct framebuffer information for 30bpp modes.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
2021-10-09 18:46:13 +02:00
Simon Glass
13c133b995 image: Drop unnecessary #ifdefs from image.h
This file has a lot of conditional code and much of it is unnecessary.
Clean this up to reduce the number of build combinations.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:27 -04:00
Simon Glass
1eccbb16a2 efi: Correct dependency on FIT_SIGNATURE
At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.

This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.

It might be better to avoid using 'select' in this situation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:27 -04:00
Simon Glass
e7d285b2f3 image: Use the correct checks for CRC32
Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
2bbed3ff8c image: Use Kconfig to enable FIT_RSASSA_PSS on host
Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.

Drop the #ifdef around padding_pss_verify() too since it is not needed.
Use the compiler to check the config where possible, instead of the
preprocessor.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
0c303f9a66 image: Drop IMAGE_ENABLE_OF_LIBFDT
Add a host Kconfig for OF_LIBFDT. With this we can use
CONFIG_IS_ENABLED(OF_LIBFDT) directly in the tools build, so drop the
unnecessary indirection.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
2c21256b27 hash: Use Kconfig to enable hashing in host tools and SPL
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
603d15a572 spl: cypto: Bring back SPL_ versions of SHA
Unfortunately these were removed by mistake. This means that adding hash
support to SPL brings in all software algorithms, with a substantial
increase in code size.

The origin of the problem was renaming them to SPL_FIT_xxx and then these
were removed altogether in a later commit.

Add them back. This aligns with CONFIG_MD5, for example, which has an SPL
variant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: f5bc9c25f3 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx")
Fixes: eb5171ddec ("common: Remove unused CONFIG_FIT_SHAxxx selectors")
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-08 15:53:26 -04:00
Simon Glass
5a4f10d71b gzip: Avoid use of u64
The gzip API uses the u64 type in it, which is not available in the host
build. This makes it impossible to include the header file.

We could make this type available, but it seems unnecessary. Limiting the
compression size to that of the 'unsigned long' type seems good enough. On
32-bit machines the limit then becomes 4GB, which likely exceeds available
RAM anyway, therefore it should be sufficient. On 64-bit machines this is
effectively u64 anyway.

Update the header file and implementation to use 'ulong' instead of 'u64'.

Add a definition of u32 for the cases that seem to need exactly that
length. This should be safe enough.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
94d0a2efc0 zstd: Create a function for use from U-Boot
The existing zstd API requires the same sequence of calls to perform its
task. Create a helper for U-Boot, to avoid code duplication, as is done
with other compression algorithms. Make use of of this from the image
code.

Note that the zstd code lacks a test in test/compression.c and this should
be added by the maintainer.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
67bc59df05 Add support for an owned buffer
When passing a data buffer back from a function, it is not always clear
who owns the buffer, i.e. who is responsible for freeing the memory used.
An example of this is where multiple files are decompressed from the
firmware image, using a temporary buffer for reading (since the
compressed data has to live somewhere) and producing a temporary or
permanent buffer with the resuilts.

Where the firmware image can be memory-mapped, as on x86, the compressed
data does not need to be buffered, but the complexity of having a buffer
which is either allocated or not, makes the code hard to understand.

Introduce a new 'abuf' which supports simple buffer operations:

- encapsulating a buffer and its size
- either allocated with malloc() or not
- able to be reliably freed if necessary
- able to be converted to an allocated buffer if needed

This simple API makes it easier to deal with allocated and memory-mapped
buffers.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Simon Glass
930c887e0f lib: Add memdup()
Add a function to duplicate a memory region, a little like strdup().

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-10-08 15:53:26 -04:00
Ricardo Salveti
7ce83854f2 Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP
The CAAM on IMX7ULP doesn't support public key hardware acceleration
(PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP
too.

Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX")
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2021-10-07 16:53:50 +02:00
Oleksandr Suvorov
d4f05b3198 lib: rsa: fix dependency for SPL_RSA_VERIFY
SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct
dependency.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2021-10-06 09:15:14 -04:00
Pali Rohár
a3423b3f23 acpi: Use U-Boot version for OEM_REVISION
OEM_REVISION is 32-bit unsigned number. It should be increased only when
changing software version. Therefore it should not depend on build time.

Change calculation to use U-Boot version numbers and set this revision
to date number.

Prior this change OEM_REVISION was calculated from build date and stored in
the same format.

After this change macro U_BOOT_BUILD_DATE is not used in other files so
remove it from global autogenerated files and also from Makefile.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-06 09:15:14 -04:00
Alexandru Gagniuc
c5b68ef8af arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee
This config is only used by three boards with this SOC. Most other
platforms derive this information from devicetree, and are unlikely
to ever need this config.

Moreover, it is confusing when Kconfig asks for this value under
"Support OPTEE images", but does not do anything with the value.
Move it to imx7 for those boards who still make use of it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:50:14 -04:00
Alexandru Gagniuc
f6953047cb lib: optee: Remove CONFIG_OPTEE_LOAD_ADDR
This value is not used by u-boot, and it should not. The load address
of an OPTEE image is defined by said image. Either a uImage or a FIT
will have a defined load address and entry point. Those values are the
correct ones, not CONFIG_OPTEE_LOAD_ADDR.

Commit f25006b96e ("optee: Add CONFIG_OPTEE_LOAD_ADDR") justifies
this config by requiring its presence in u-boot's .config for other
images as part of a larger build, claiming it is "the best way".

This argument is not persuasive. U-boot's configuration is driven by
platform requirements, not the other way around. It seems more likely
that the argument is conflating tooling issues with Kconfig. Yocto and
buildroot have excellent mechanisms for defining values across the
board (pun intended). u-boot's Kconfig is the wrong place to do it.

Furthermore, it is not "best" for u-boot because it hardcodes a value
which is then not used. In fact the load address that u-boot uses is
the one derived from the OPTEE image.

Confused yet? I sure was. To prevent future confusion, remove
CONFIG_OPTEE_LOAD_ADDR.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:47:13 -04:00
Alexandru Gagniuc
1ab968b2fb lib: optee: Remove CONFIG_OPTEE_TZDRAM_BASE
It is no longer used in u-boot. Information about the TZDRAM location
is usually available in the devicetree as "/reserved-memory/" nodes.
Because this isn't used, remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:46:56 -04:00
Alexandru Gagniuc
26fc66709c lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image()
The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the
memory allocated to the OPTEE region. according to according to commit
c5a6e8bd00 ("optee: Add optee_verify_bootm_image()"). The TZDRAM is
with some limitations, described by "/reserved-memory" nodes in the
devicetree.

Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary
regions which have nothing to do with actual DRAM. They are not used
to configure the hardware or set up the Trust Zone Controller (TZC)
for OP-TEE -- the devicetree values are used instead.

When a valid OP-TEE image does not fall within the region described by
these configs, u-boot will refuse to load it. In fact, it mostly
serves to cause "bootm" to reject perfectly good OP-TEE images.

Ironically, someone has to correctly configure the devicetree for
TZDRAM, then go back and enter the same information in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-10-05 08:46:23 -04:00
Patrick Delaunay
51827f9a8b lib: optee: remove the duplicate CONFIG_OPTEE
The configuration CONFIG_OPTEE is defined 2 times:
1- in lib/optee/Kconfig for support of OPTEE images loaded by bootm command
2- in drivers/tee/optee/Kconfig for support of OP-TEE driver.

It is abnormal to have the same CONFIG define for 2 purpose;
and it is difficult to managed correctly their dependencies.

Moreover CONFIG_SPL_OPTEE is defined in common/spl/Kconfig
to manage OPTEE image load in SPL.

This definition causes an issue with the macro CONFIG_IS_ENABLED(OPTEE)
to test the availability of the OP-TEE driver.

This patch cleans the configuration dependency with:
- CONFIG_OPTEE_IMAGE (renamed) => support of OP-TEE image in U-Boot
- CONFIG_SPL_OPTEE_IMAGE (renamed) => support of OP-TEE image in SPL
- CONFIG_OPTEE (same) => support of OP-TEE driver in U-Boot
- CONFIG_OPTEE_LIB (new) => support of OP-TEE library

After this patch, the macro have the correct behavior:
- CONFIG_IS_ENABLED(OPTEE_IMAGE) => Load of OP-TEE image is supported
- CONFIG_IS_ENABLED(OPTEE) => OP-TEE driver is supported

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-10-05 08:44:48 -04:00
Tom Rini
1d1f98c8ee Various of-platdata improvements, including CONFIG_OF_REAL
-----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmFR2fMRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreaAnAf/ZKPy3CRphbgAmbLhNQhQGpLosLcFp343
 cv53gfsv1DakLRrhqMSnOQSVoTg9P22uHbooDDR9WHfZyEL6tvGZ+dgN2/wlDhDj
 wbvvsM7FB+uvLVfMF3MURQBvy4dPO+FyCm/uHmry2V2uqWPw4ss+aVhxeQ5s4/oI
 LpS6yaiM8UAj2GTUZSqJ1+/W7YG9N6tL73n0PDyCvSrdCkyPWqpww1rtST88SfFI
 bBEWc6ksna/29haOwHQ2xopEbVxtHv2byULfqUtnsbtE4Ozw8o0fx66tdwPHTQlM
 7eSuRiEbqjlJuUZFIbMat7nb7inZkaWupZ/Sr1HUUiDdKMygrRsQhg==
 =x8Uf
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-next-27sep21' of https://source.denx.de/u-boot/custodians/u-boot-dm into next

Various of-platdata improvements, including CONFIG_OF_REAL
2021-09-27 11:09:23 -04:00
Tom Rini
e908d20fcb Prepare v2021.10-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFRyIMACgkQFHw5/5Y0
 tyz1jgv/aTtHWVcGiw+nvvnnlgdrY4h9yVP5AfBLhOR7ogYOw2B9xHmdh+9oCas9
 Rt45AC4nFvUszxCPJqg36kjljTKRVapemHqhCbgGGeb9GYMkNb1zjk79WnuqgeJy
 ydBUCh1NQI5pOvrpDv7kWRx1IyDi/gUgQO3RBdufbunNmn4Zj4jlw5RmMTgDACRC
 cvTr39gVQq1LOzL2W7+XkSfiEejtGERNs32Nt+jzyAm5a2PkngULUnPW6WsHu+qy
 5YJTR50TK55QgPIdoiqY14BUDpqEbHlNKsE7p6hHkDf6XSS7gLHYW2tVVt2Z8ocg
 9cW35Qotov7MeiSClc3SIEPiIefwh2oTVf0uYoP+uvlRAComvcIzphq68NIQe6Av
 es+ZJI1Qx5ERvDQMMW3xOHTlcBGgpqA0Y/QVr62rE8bEzK/1gvTiP+hVVqzUrnHJ
 f3ZAVt16clIfXKAxGsW4Am05iMmT+rtcS5IrUMuEzmkb0KK58YXsOVmsKHLX9aI1
 T74ewXfu
 =y67Q
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc5' into next

Prepare v2021.10-rc5
2021-09-27 09:45:36 -04:00
Simon Glass
f99cbe4e86 fdt: Update Makefile rules with the new OF_REAL Kconfig
Simplify some of the Makefile rules using this Kconfig.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-25 09:46:15 -06:00
Simon Glass
7de8bd03c3 treewide: fdt: Move fdt_get_config_... to ofnode_conf_read...
The current API is outdated as it requires a devicetree pointer.

Move these functions to use the ofnode API and update this globally. Add
some tests while we are here.

Correct the call in exynos_dsim_config_parse_dt() which is obviously
wrong.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-25 09:46:15 -06:00
Ruchika Gupta
346cee3ac5 efi_loader: Fix spec ID event creation
TCG EFI Protocol Specification defines the number_of_algorithms
field in spec ID event to be equal to the number of active
algorithms supported by the TPM device. In current implementation,
this field is populated with the count of all algorithms supported
by the TPM which leads to incorrect spec ID event creation.

Similarly, the algorithm array in spec ID event should be a variable
length array with length being equal to the number_of_algorithms field.
In current implementation this is defined as a fixed length array
which has been fixed.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
CC: Masahisa Kojima <masahisa.kojima@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-25 12:31:08 +02:00
Marek Vasut
1274698d13 lmb: Add generic arch_lmb_reserve_generic()
The arc/arm/m68k/microblaze/mips/ppc arch_lmb_reserve() implementations
are all mostly the same, except for a couple of details. Implement a
generic arch_lmb_reserve_generic() function which can be parametrized
enough to cater for those differences between architectures. This can
also be parametrized enough so it can handle cases where U-Boot is not
relocated to the end of DRAM e.g. because there is some other reserved
memory past U-Boot (e.g. unmovable firmware for coprocessor), it is not
relocated at all, and other such use cases.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Alexey Brodkin <alexey.brodkin@synopsys.com>
Cc: Angelo Dureghello <angelo@sysam.it>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Cc: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Cc: Hai Pham <hai.pham.ud@renesas.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Wolfgang Denk <wd@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-23 14:15:32 -04:00
Marek Vasut
270f8710f9 crc32: Add crc32 implementation using __builtin_aarch64_crc32b
ARMv8.0 has optional crc32 instruction for crc32 calculation. The
instruction is mandatory since ARMv8.1. The crc32 calculation is
faster using the dedicated instruction, e.g. 1.4 GHz iMX8MN gives:

  => time crc32 0x50000000 0x2000000
  time: 0.126 seconds # crc32 instruction
  time: 0.213 seconds # software crc32

Add implementation using the compiler builtin wrapper for the crc32
instruction and enable it by default, since we don't support any
platforms which do not implement this instruction.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
[trini: Make crc32_table guarded by CONFIG_ARM64_CRC32]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-23 14:15:32 -04:00
Simon Glass
47a25e81d3 Revert "efi_capsule: Move signature from DTB to .rodata"
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.

Revert it before too many other things are built on top of it.

This reverts commit ddf67daac3.
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-18 03:47:50 -06:00
Pali Rohár
121a165c51 Remove including timestamp.h in version.h
Header file version.h does not use anything from timestamp.h. Including of
timestamp.h has side effect which cause recompiling object file at every
make run because timestamp.h changes at every run.

So remove timestamp.h from version.h and include timestamp.h in files
which needs it.

This change reduce recompilation time of final U-Boot binary when U-Boot
source files were not changed as less source files needs to be recompiled.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Add in lib/acpi/acpi_table.c and test/dm/acpi.c, rework a few others]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Pali Rohár
bdfb6d70bb version: Move version_string[] from version.h to version_string.h
More C files do not use compile time timestamp macros and do not have to be
recompiled every time when SOURCE_DATE_EPOCH changes.

This patch moves version_string[] from version.h to version_string.h and
updates other C files which only needs version_string[] string to include
version_string.h instead of version.h. After applying this patch these
files are not recompiled every time when SOURCE_DATE_EPOCH changes.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Pali Rohár
fa9c5da702 efi_loader: Use directly version_string variable
Macro U_BOOT_VERSION_STRING is already stored in variable version_string.
So use directly this variable instead of storing U_BOOT_VERSION_STRING into
temporary variable.

Signed-off-by: Pali Rohár <pali@kernel.org>
[trini: This area was reworked since posted, what is here is now really
        inspired by the previous version, so drop Ilias' Acked-by]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-17 12:10:44 -04:00
Tom Rini
6674edaabf Prepare v2021.10-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFBKRgACgkQFHw5/5Y0
 tyw/PwwAtGB3rBeYW4rjWuMC5WP1UDTnvZIAok5ImWumWDahjDm8Yq2VCzAe9adw
 EYBjuNmaNl9aQvGVqlVJeIcLku5MLuLQu2za8vhc1R8X9VTPPY+LLTcdOokOmB8y
 8JiaE7fJsb1bZeV+diF9tss3B0IkUrwSJtW1d+qfdz/4UiRvwK5BhnZgzIobDldO
 g1Ldz/xiR2GOAXlUMwDrNAi6qNvmeAqRsQxySVrjltAV2ST7LJnOiHuWvJX6g6VS
 l796Hleh/kULfEW6n+1ZaTNqvVRcJ8xYSOG8w8y9u6HuPBA3JrYH1p1Eo5n7PPDv
 US71Iy/ncweTyfTMEBThWLqjHOQ05sVkWX/r4fj2iJRli+Og53lE1fVJ4ajIx7vz
 Tc76wI43i0I5lr2yTErjUG6EzDDoueqd+c8BwxihNLUK/+QG31xoCEMfC80C25ro
 QhYVFgiPWN0ySUD5M5tbGXODvfNNIDKXpY5oSOTVtemZtDEMpO2zBM1s/K3RV7Ud
 Je9Pj0Cu
 =Me42
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc4' into next

Prepare v2021.10-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>

# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	board/Arcturus/ucp1020/spl.c
#	cmd/mvebu/Kconfig
#	common/Kconfig.boot
#	common/image-fit.c
#	configs/UCP1020_defconfig
#	configs/sifive_unmatched_defconfig
#	drivers/pci/Kconfig
#	include/configs/UCP1020.h
#	include/configs/sifive-unmatched.h
#	lib/Makefile
#	scripts/config_whitelist.txt
2021-09-16 10:29:40 -04:00
Alexandru Gagniuc
de41f0ee0d image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")

The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.

To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")

One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:

Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.

Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-14 11:46:48 -04:00
Oleksandr Suvorov
5145bc73bd lib: fix typos in Kconfig
There are trivial typos in the Kconfig file. Fixed them.
Also, fixed grammar in the descriptions with typos.

Fixes: d56b4b1974 ("configs: Migrate RBTREE, LZO, CMD_MTDPARTS, CMD_UBI and CMD_UBIFS")
Fixes: 7264f2928b ("spl: fit: Eanble GZIP support for image decompression")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-09-14 09:07:18 -04:00
Heinrich Schuchardt
d607dfd878 lib/rsa: don't use NULL as key_id
If keydir is not provided but name is we want to use name as key_id.

But with the current coding name is only used on its own if it is NULL
and keydir is provided which never occurs.

Fixes: 824ee745fb ("lib/rsa: Use the 'keyfile' argument from mkimage")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-14 09:07:18 -04:00
Simon Glass
b717f2f2d1 pci: Drop DM_PCI check from fdtdec
We don't need this check anymore since when PCI is enabled, driver model
is always used.

Sadly this doesn't work with nds32 for some reason to do with the
toolchain. Add a work-around for that.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-13 18:23:13 -04:00
Tom Rini
56a85b831f Pull request for efi-2021-10-rc4-2
Documentation:
 
 * improve documentation of U-Boot for /config DT node
 * integrate bloblist documentation
 
 UEFI:
 
 * correct usage of EFI_CALL()
 * code tidy up
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmE8coEACgkQxIHbvCwF
 GsSB4Q//VpVKE5/xKiDFkdFjrjgXLWv1ORuQ1glBf5Br/0SnYjTI570RKWtJRfn4
 ugW/ytZpfudi60EMOwmPEAx2nd6ERJeFewUkcsJjvRC/2gX1u49XkSHxoolqQlji
 1DaeWz3CH6LLq8d09ha1AsYWL2aFqZd8YrpICq47BmKJNitGd1puI+co2w0HpAFj
 mn2+J9ctbn3Evl0ipSzLB2MMR65Q79qyM3eJXUqli2t1BkWMsyqHtVDNVCTUKj4I
 TKOU7DNkwNcalKayzplSrMzzucQnkaQQbErhd78aYRsC2sIY2HTkhi2J7iFhN6/I
 tCZ45AD6+8UpCs1jy5xCJAJJ0nW44xmW7Q+UM61P75DJMccaUb2cKMvZKidiSu9m
 8ck5IBU8fVN9khhMxoVR54aKLK9tmJRjVX1ugrVCXoh32Dzu+Ikf9n91ACHaduU8
 s92DIrH3f9tyBQIHNLL0LGgDLB6YYTzLrmlcPC/t7n5iJUoznDdQddrhS4/9qx+l
 fpyyGLo8Vk/krvyNrYpiamRi2kGKV0CAWvig1YGjeDT6baC4NsEYjgL6JKKN6QPi
 xeENZ+yJJMvY5DXdaoERRMJutfuep64XkLx8mqYSNCIcLIjOpGrV7rk0O6qU5Ww+
 +9kLQq1ygWeDR0t6BWHlX5nEImvqc1+vDPb8IMt9r6aIZ/ED9/U=
 =hPaX
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc4-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc4-2

Documentation:

* improve documentation of U-Boot for /config DT node
* integrate bloblist documentation

UEFI:

* correct usage of EFI_CALL()
* code tidy up
2021-09-12 20:33:21 -04:00
Heinrich Schuchardt
aec7c0925c efi_loader: simplify efi_watchdog_timer_notify()
We can call do_reset() directly without invoking the UEFI API.
This decreases the code size.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Ilias Apalodimas
0bf538ce0c efi_loader: Remove incorrect calls of EFI_CALL in TCG2
There is two unneeded EFI_CALL references in tcg2_measure_pe_image().
The first one in efi_search_protocol() and the second on in the device path
calculation.  The second isn't even a function we should be calling, but a
pointer assignment, which happens to work with the existing macro.

While at it switch the malloc call to a calloc, remove the unnecessary cast
and get rid of an unneeded if statement before copying the device path

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Heinrich Schuchardt
6919619f9c efi_loader: require CONFIG_BLK
The move to driver model should by now be completed. To be able to remove
pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI
support.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Masahisa Kojima
bad49da2bc efi_loader: boot_service_capability_min should be capitalized
boot_service_capability_min is constant, it should be capitalized.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11 11:02:02 +02:00
Tom Rini
465bff8b10 Kconfig: Drop duplicate 'select SHA512' instances
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting  both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice.  Kconfig doesn't complain, but this is still wrong
and should be corrected.

Fixes: e60e449931 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-09 11:11:33 -04:00
Alexandru Gagniuc
fe54aeaa4a common: Move MD5 hash to hash_algo[] array.
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
0721209699 common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT.  This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
e60e449931 lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-08 16:11:46 -04:00
Simon Glass
5ed16a9511 net: Rename SPL_NET_SUPPORT to SPL_NET
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-04 12:48:53 -04:00
Simon Glass
2a73606668 serial: Rename SERIAL_SUPPORT to SERIAL
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-04 12:26:01 -04:00
Masahisa Kojima
538c0f2d37 efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Masahisa Kojima
580d7242b1 efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
7219856dae efi_loader: correct determination of secure boot state
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.

* If a platform key PK is present and DeployedMode=1, we are in deployed
  mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
b191aa429e efi_loader: efi_auth_var_type for AuditMode, DeployedMode
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
9ef82e2947 efi_loader: don't load signature database from file
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
f3a343d733 efi_loader: rounding of image size
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.

Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
1ea133acd6 efi_loader: sections with zero VirtualSize
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.

Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
2021-09-04 12:03:57 +02:00
Andreas Schwab
c8291f53b0 lib: add crc16.o if CONFIG_MMC_SPI_CRC_ON for SPL build
CONFIG_MMC_SPI_CRC_ON needs the crc16 functions, but it was not included
in an SPL build.  For non-SPL builds, crc16.o is already added
unconditionally.  This also removes CONFIG_SPL_YMODEM_SUPPORT from the
sifive board configs, which is only relevant for some ARM boards and was
only set for its side effect of adding crc16.o.
2021-09-02 10:17:45 -04:00
Heinrich Schuchardt
295ab733df lib: -Wformat-truncation in rsa_engine_get_priv_key
With glibc 2.33 (Ubuntu package glibc6 2.33-0ubuntu9) building
sifive_unmatched_defconfig results in:

In file included from /usr/include/stdio.h:866,
                  from ././include/compiler.h:26,
                  from <command-line>:
In function ‘snprintf’,
     inlined from ‘rsa_engine_get_priv_key’ at ./tools/../^:273:4:
/usr/include/riscv64-linux-gnu/bits/stdio2.h:71:10: warning:
‘%s’ directive argument is null [-Wformat-truncation=]
    71 |   return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
       |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    72 |        __glibc_objsize (__s), __fmt,
       |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    73 |        __va_arg_pack ());
       |        ~~~~~~~~~~~~~~~~~

Avoid passing a NULL string.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-01 19:25:37 -04:00
Chia-Wei Wang
74bda4fe3d lib/md5: Export progressive APIs
Export the MD5 hash init/update/finish progressive APIs
for better flexibility.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-09-01 19:25:37 -04:00
Alexandru Gagniuc
fe68a67a5f lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Older OpenSSL and libressl versions have a slightly different API.
This require #ifdefs to support. However, we still can't support it
because the ECDSA path does not compile with these older versions.
These #ifdefs are truly a vestigial appendage.

Alternatively, the ECDSA path could be updated for older libraries,
but this requires significant extra code, and #ifdefs. Those libraries
are over three years old, and there concerns whether it makes sense to
build modern software for real world use against such old libraries.

Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-01 19:25:37 -04:00
Michal Simek
b4c2c151b1 Kconfig: Remove all default n/no options
default n/no doesn't need to be specified. It is default option anyway.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31 17:47:49 -04:00
Tom Rini
4865db0716 Pull request for efi-2021-10-rc3
Documentation:
 
 * Rename Freescale to NXP
 * Document structures used for the UEFI TCG2 protocol
 
 UEFI:
 
 * Device paths must use EfiBootServicesData
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmEf+AgACgkQhO4vgnE3
 U0skxhAAjjv6yMYLYlj2YNTtYDS2zVsnsY8i/vmWNmGYvwfrlcUC/e3J00ftBIjI
 DEwImrzefvQwr4NOZgIlyxR81NwboWULxvHSF5avwctxQVoTElkSfE2Ji+nFYa23
 P/L7E/Zf+NwTHBlE1wfkNJPZ/zya73DTOe+MGWvLnvOX56JZqEJOgmTtcQntRUll
 9zkB76j6sCk8B3ydFZmzGqhB4aslJBypG+bQB72XXGVBZoHb9pEPv90hBl616AN/
 5H8WewxTE2s6z3IfexxPAc7ssMQuW3RWw0WsJvBVviw8tSPj4SZjg5HNHAM3mz/i
 EXHUqAEySP1oT6P4hVef7Xc9gC67N+dVZGAA1QcZBkAnH+BQQ2GmIWX5+3mZJflq
 3eHWhMUHWc4q76MbN9QqReAo3wJ3GsBqdA1oORR5FgIPwEVl0jwQMYv6frC/vB6/
 6VX8WcbAWsixjf8QeQlibfMqBO9xZI1Iue5rN6DcwMey6dZrDnXGMdk7Woj6F4ga
 tERYBt+UBawTf2ww24wMXc7Hw2dZ6kj44ls2doRFKqHOpaY9Mk2QPTaVPrFkj33J
 3xlH2BYdB3ALriS1jN6Qcq6xEwyaMdkj5MzVyitunaCLiAKKORwGf0chkqiRiA+k
 zEET0uDBtO7beraiUJU9jeMPcVj3mYpiFR/CZBD/HWOVB/KwhGU=
 =gMKg
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc3

Documentation:

* Rename Freescale to NXP
* Document structures used for the UEFI TCG2 protocol

UEFI:

* Device paths must use EfiBootServicesData
2021-08-23 12:44:12 -04:00
Matwey V. Kornilov
f52352f65e display_options: Do not use %llu in print_size
tiny-printf variant doesn't know how to handle %llu format string, but both
tiny-printf and print_size can meet in SPL when TFTP is used to obtain main
u-boot image. This is known to lead to critical boot issue at AM335x platform
when printf is catched in infinite loop.

To avoid such issues and make print_size function tiny-printf friendly, use %u
instead of %luu. Note, that the size value is guaranteed to be less than 1024
in this conditional branch, so the cast to unsigned int is safe.

Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-21 18:23:02 -04:00
Matwey V. Kornilov
c091f65234 tiny-printf: Handle %pM format when CONFIG_SPL_NET_SUPPORT is enabled
%pM format string is used to print MAC-address and this is required while SPL
network boot.

This patch fixes the SPL boot issues like the following:

    Trying to boot from USB eth
    ## Error: flags type check failure for "ethaddr" <= "40309614M" (type: m)
    ## Error inserting "ethaddr" variable, errno=1
    eth0: eth_cpsw## Error: flags type check failure for "eth1addr" <=
    "81f01114M" (type: m)
    ## Error inserting "eth1addr" variable, errno=1
    , eth1: usb_ether
    eth_cpsw Waiting for PHY auto negotiation to complete......... TIMEOUT !
    Problem booting with BOOTP
    SPL: failed to boot from all boot devices
    ### ERROR ### Please RESET the board ###

Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-21 18:23:02 -04:00
Heinrich Schuchardt
9a4b3c8e91 efi_loader: use EfiBootServicesData for DP to text
Memory allocated in the implementation of the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL must be of type EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
426a15893f efi_loader: use EfiBootServicesData for device path
dp_alloc() was using a constant from the wrong enum resulting in creating
device paths in EfiReservedMemory.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
49d225e7bf efi_loader: use correct type for AllocatePages, AllocatePool
Use enum efi_memory_type and enum_allocate_type in the definitions of the
efi_allocate_pages(), efi_allocate_pool().

In the external UEFI API leave the type as int as the UEFI specification
explicitely requires that enums use a 32bit type.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Alexandru Gagniuc
928a8be794 lib: ecdsa: Implement UCLASS_ECDSA verification on target
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Masahisa Kojima
61ee780352 efi_loader: refactor efi_append_scrtm_version()
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
fdff03e5b3 efi_loader: add ExitBootServices() measurement
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
8fc4e0b427 efi_loader: add boot variable measurement
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.

TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
cfbcf054a3 efi_loader: add secure boot variable measurement
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".

Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Heinrich Schuchardt
148ce20520 efi_loader: Uri() device path node
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00