| Age | Commit message (Collapse) | Author |
|---|
|
The exponent field of struct key_prop gets allocated an uint64_t,
and the contents are positioned from the back, so an exponent of
"0x01 0x00 0x01" becomes 0x0 0x0 0x0 0x0 0x0 0x1 0x0 0x1"
Right now rsa_gen_key_prop() allocates a uint64_t but sets exp_len
to the size returned from the parser, while on the other hand the
when getting the key from the devicetree exp_len always gets set to
sizeof(uint64_t).
So bring that in line with the established code.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Right now in multiple places there are only checks for the full
CONFIG_RSA_VERIFY_WITH_PKEY option, not split into main,spl,tpl variants.
This breaks when the rsa functions get enabled for SPL, for example to
verify u-boot proper from spl.
So fix this by using the existing helpers to distinguis between
build-steps.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
While the SPL may want to do signature checking this won't be
the case for TPL in all cases, as TPL is mostly used when the
amount of initial memory is not enough for a full SPL.
So on a system where SPL uses DM but TPL does not we currently
end up with a TPL compile error of:
lib/rsa/rsa-verify.c:48:25: error: dereferencing pointer to incomplete type ‘struct checksum_algo’
To prevent that change the $(SPL_) to $(SPL_TPL_) to distinguish
between both. If someone really needs FIT signature checking in
TPL as well, a new TPL_RSA_VERIFY config symbol needs to be added.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Add support for TPM2 GetRandom command
Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
Use function set_gd() for setting the register on ARM.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for efi-2020-10-rc1
This series comprises error corrections for the UEFI subsystem:
* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec
The boot manager uses log functions instead of printf() and debug().
The UEFI intialization state is exported.
|
|
- Resync Kconfiglib with the v14.1.0 release.
- Re-sync our <linux/compiler*h> files with v5.7-rc5 from upstream.
- Fully resync checkpatch.pl with v5.7 release.
To safely to all of the above, we have a few bugfixes about functions
that need a 'static inline' but weren't. We also stop setting
CROSS_COMPILE in arch/*/config.mk. Finally, with the above changes
boards can now opt-in to optimizing inlining and we do this for the
socfpga stratix10 platform for space savings.
|
|
The UEFI spec requires support for the FAT file system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Don't call rtc_mktime() twice with the same argument in
efi_variable_authenticate().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
When booting via the boot manager use log function for user messages
instead of printf() and debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The UEFI specification requires that when UEFI variables are set using time
based authentication we have to check that unused fields of the timestamp
are zero
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Use start and end address consistently as half-open interval.
Simplify the code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Just for style consistency, replace all the uses of debug() to
EFI_PRINT() in efi_image_loader.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Just for style consistency, replace all the uses of debug() to
EFI_PRINT in efi_variable.c.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Just for style consistency, replace all the uses of debug to
EFI_PRINT in efi_signature.c
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The simplest solution to revert the commit b32ac16f9a32 ("test/py: fix
test_efi_secboot/conftest.py") is to move efi_console_register()
forward before efi_disk_register().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Copy these from Linux v5.7-rc5 tag.
This brings in some handy new attributes and is otherwise important to
keep in sync.
We drop the reference to smp_read_barrier_depends() as it is not
relevant on the architectures we support at this time, based on where
it's implemented in Linux today. We drop the call to kasan_check_read()
as that is not relevant to U-Boot as well.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
This could give a confusing error message if it failed and didn't set
errno.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-mips into next
- net: pcnet: cleanup and add DM support
- Makefile: add rule to build an endian-swapped U-Boot image
used by MIPS Malta EL variants
- CI: add Qemu tests for MIPS Malta
|
|
efi_get_variable_common() does not use EFI_ENTRY(). So we should not use
EFI_EXIT() either.
Fixes: 767f6eeb01d3 ("efi_loader: variable: support variable authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as
UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2.
Use variable name secure_boot instead of sec_boot for the value of the
UEFI variable SecureBoot.
Avoid abbreviations in function descriptions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode.
So it should not be defined as int but as enum efi_secure_mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
- Convert fsl_espi to driver model (Chuanhua)
- Enable am335x baltos to DM_SPI (Jagan)
- Drop few powerpc board which doesn't have DM enabled (Jagan)
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc5
Use correct printf code in efi_image_parse().
Add random number generation to HTML documentation.
|
|
This reverts commit 0486497e2b5f4d36fa968a1a60fea358cbf70b65.
The strtoul has well-defined semantics. It is defined by the C standard and
POSIX. To quote the relevant section of the man pages,
> If base is zero or 16, the string may then include a "0x" prefix, and the
> number will be read in base 16; otherwise, a zero base is taken as 10
> (decimal) unless the next character is '0', in which case it is taken as
> 8 (octal).
Keeping these semantics is important for several reasons. First, it is very
surprising for standard library functions to behave differently than usual.
Every other implementation of strtoul has different semantics than the
implementation in U-Boot at the moment. Second, it can result in very
surprising results from small changes. For example, changing the string
"1f" to "20" causes the parsed value to *decrease*. Forcing use of the "0x"
prefix to specify hexidecimal numbers is a feature, not a bug. Lastly, this
is slightly less performant, since the entire number is parsed twice.
This fixes the str_simple_strtoul test failing with
test/str_ut.c:29, run_strtoul(): expect_val == val: Expected 0x44b (1099), got 0x1099ab (1087915)
test/str_ut.c:46, str_simple_strtoul(): 0 == run_strtoul(uts, str2, 0, 1099, 4): Expected 0x0 (0), got 0x1 (1)
Signed-off-by: Sean Anderson <seanga2@gmail.com>
CC: Michal Simek <michal.simek@xilinx.com>
CC: Shiril Tichkule <shirilt@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix the loop that parses FDT for a reserved memory node named "optee".
Before this change, if at least one subnode was found in the
reserved-memory node, the function endlessly looped since instruction
continue returned back in the loop without updating variable subnode.
This change fixes the issue by using a for loop.
Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
For size_t we have to use %zu for printing not %lu.
Fixes: 4540dabdcaca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
patman improvements to allow it to work with Zephyr
change to how sequence numbers are assigned to devices
minor fixes and improvements
|
|
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
|
|
At present fdtdec_add_reserved_memory() calls fdtdec_get_addr_size()
to get address and size for the subnodes of /reserved-memory node.
We should honor #address-cells and #size-cells properties in the
parent node.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
fdtdec_get_addr_size() expects size is of type 'fdt_size_t', and
return value is of type 'fdt_addr_t'. Adjust their types accordingly.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This displays incorrect data at present due to a missing header file
in display_options. Fix it.
Fixes: 09140113108 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Provide missing comments for the functions implementing the
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
smbios_add_string() cannot deal with empty strings. This leads to incorrect
property values and invalid tables. E.g. for the pine64-lts_defconfig
CONFIG_SMBIOS_MANUFACTURER="". Linux command dmidecode shows:
Table 1:
Manufacturer: sunxi
Product Name: sunxi
Table 3:
Invalid entry length (2). DMI table is broken! Stop.
Replace empty strings by "Unknown".
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
- Fixes 7e249bc13aaf: ("riscv: Move all SMP related SBI calls to
SBI_v01") Move sbi_probe_extension() out of CONFIG_SBI_V01.
- SiFive FU540 support SPL.
|
|
When build U-Boot SPL, meet an issue of undefined reference to
'crc7' for drivers/mmc/mmc_spi.c, so let's compile crc7.c when
CONFIG_MMC_SPI selected.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc4
This patch series addresses the following issues:
* allow compiling with clang
* add missing function descriptions to the HTML documentation
* simplify the validation of UEFI images
* validate load options in the UEFI boot manager
In a preparatory patch a structure definition is moved.
|
|
The global variable, efi_guid_cert_type_pkcs7, will also be used in
efi_image_loader.c in a succeeding patch so as to correctly handle
a signature type of authenticode in signed image.
Meanwhile, it is currently defined in efi_variable.c. Once some secure
storage solution for UEFI variables is introduced, efi_variable.c may
not always be compiled in.
So move the definition to efi_signature.c as a common place.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Rework the description of function cmp_pe_section().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
We want to follow the Linux kernel style for function descriptions.
Add missing parentheses after function names.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
In the UEFI sub-system we need to save gd when leaving to UEFI binaries and
have to restore gd when reentering U-Boot.
Define a new function set_gd() for setting gd and use it in the UEFI
sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Tom Rini <trini@konsulko.com>
|
|
For passing the optional data of the load option to the loaded imaged
protocol we need its size.
efi_deserialize_load_option() is changed to return the size of the optional
data.
As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.
Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.
Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
|
|
Move the CONFIG_GZIP_COMPRESSED from a config.h macro to a Kconfig menu
item. It is not selectable by a user because there is no reason to do
so. Instead it will be automatically selected by the stuff which uses
gzip(), like the zip command.
Remove it from the config_whitelist.txt. Also remove
CONFIG_GZIP_COMPRESS_DEF_SZ as this was never used on any board. The
default seems to be sane, otherwise it should be added as a Kconfig
option.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc3 (2)
Problems fixed with these patches are:
* UEFI sub-system not working with virtio block devices
* Missing SATA support in UEFI sub-system
* A superfluous debug statement
|
|
Prior to corrective patches for virtio and SATA devices the same device
path was installed on two different handles. This is not allowable.
With this patch we will throw an error if this condition occurs for
block devices.
Update a comment for the installation of the simple file system
protocol.
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Provide device path nodes for SATA devices.
This avoids creation of two handles with the same device path indicating
our root node.
This is what the device paths for a SATA drive with four partitions could
like:
/VenHw(..)/Sata(0x0,0xffff,0x0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(1,MBR,0x81ea591f,0x800,0x63ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(2,MBR,0x81ea591f,0x6400800,0x9ff830)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(3,MBR,0x81ea591f,0x6e00800,0x16ef2ab0)
/VenHw(..)/Sata(0x0,0xffff,0x0)/HD(4,MBR,0x81ea591f,0x1dcf3800,0x1dcedab0)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
