summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-08-27lib/rsa: correct check after allocation in fdt_add_bignum()Heinrich Schuchardt
After allocating to pointer ctx we should check that pointer and not another pointer already checked above. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-25Merge https://gitlab.denx.de/u-boot/custodians/u-boot-marvellTom Rini
- Add basic Marvell/Cavium OcteonTX/TX2 support (Suneel) - Infrastructure changes to PCI uclass to support these SoC's (Suneel) - Add PCI, MMC & watchdog driver drivers for OcteonTX/TX2 (Suneel) - Increase CONFIG_SYS_MALLOC_F_LEN for qemu-x86 (Stefan)
2020-08-25Merge branch '2020-08-24-misc-improvements'Tom Rini
- Squashfs compression support - Coverity fixes - XEN guest updates - Finish previous MediaTek updates - Arm Total Compute platform support
2020-08-25fdtdec: Add API to read pci bus-range propertySuneel Garapati
Add fdtdec_get_pci_bus_range to read bus-range property values. Signed-off-by: Suneel Garapati <sgarapati@marvell.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-24xen: Code style conformityAnastasiia Lukianenko
Cleaning up the following: ERROR: do not use assignment in if condition #281: FILE: drivers/xen/pvblock.c:260: + if ((err = xenbus_switch_state(XBT_NIL, nodename, CHECK:COMPARISON_TO_NULL: Comparison to NULL could be written "err" #52: FILE: drivers/xen/pvblock.c:298: + if (err != NULL) { ERROR: do not use assignment in if condition #176: FILE: drivers/xen/gnttab.c:103: + if ((flags = nflags) & (GTF_reading | GTF_writing)) { WARNING: Missing or malformed SPDX-License-Identifier tag in line 1 #329: FILE: include/xen/gnttab.h:1: +/* WARNING: Misplaced SPDX-License-Identifier tag - use line 1 instead #330: FILE: include/xen/gnttab.h:2: + * SPDX-License-Identifier: GPL-2.0 ERROR: do not use assignment in if condition #630: FILE: lib/sscanf.c:558: + if ((n = inr) < width) { Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-24efi_loader: validate device path length in boot managerHeinrich Schuchardt
Bootxxxx variables are provided by the user and therefore cannot be trusted. We have to validate them before usage. A device path provided by a Bootxxxx variable must have an end node within the indicated device path length. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24efi_loader: efi_dp_check_length()Heinrich Schuchardt
We need to check that device paths provided via UEFI variables are not malformed. Provide function efi_dp_check_length() to check if a device path has an end node within a given number of bytes. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24efi_selftest: substitute ResetSystem() by do_reset()Heinrich Schuchardt
If ResetSystem() is not implemented at runtime, call do_reset() after test completion. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24efi_selftest: add a test for ResetSystem()Heinrich Schuchardt
The unit test will reset the system by calling the ResetSystem() runtime service before or after ExitBootServices() according to the users choice by setting environment variable efi_selftest to: * 'reset system' or * 'reset system runtime'. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-24efi_loader: ResetSystem() should not hangHeinrich Schuchardt
If ResetSystem() is not implemented at runtime, it should return instead of hanging in an endless loop. This allows the operating system to reset the system by other means as Linux does. It also matches what EDK II suggests in comments for functions ResetShutdown() and ResetWarm() in OvmfPkg/Library/ResetSystemLib/ResetSystemLib.c. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-20lib: fdt: Convert fdtdes_setup_mem..() to livetree APIMichal Simek
Convert fdtdec_setup_mem_size_base(), get_next_memory_node(), fdtdec_setup_memory_banksize() and fdtdec_setup_mem_size_base_lowest() to livetree API. Tested on ZynqMP zcu104 board. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-20lib: fdt: Introduce fdtdec_setup_mem_size_base_lowest()Michal Simek
New function should be called from board dram_init() because it initialized gd->ram_base/ram_size. It finds the lowest available memory. On systems with multiple memory nodes finding out the first memory node by fdtdec_setup_mem_size_base() is not enough because this memory can be above actual U-Boot VA mapping. Currently only mapping till 39bit is supported (Full 44bit mapping was removed by commit 7985cdf74b28 ("arm64: Remove non-full-va map code")). If DT starts with the first memory node above 39bit address then system can be unpredictable. The function is available only when multiple memory bank support is enabled. Calling fdtdec_setup_memory_banksize() from dram_init() is not possible because fdtdec_setup_memory_banksize() is saving dram information to bd structure which is placed on stack but not initialized at this time. Also stack is placed at location setup in dram_init(). Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-08-15Merge tag 'efi-2020-10-rc3-2' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-efi Pull request for UEFI sub-system for efi-2020-10-rc3 (2) This series includes bug fixes for: * UEFI secure boot - images with multiple signatures * UEFI secure boot - support for intermediate certificates * corrections for UEFI unit tests * missing loadaddr on MAIX board
2020-08-14lib: sscanf: add sscanf implementationAndrii Anisov
Port sscanf implementation from mini-os and introduce new Kconfig option to enable it: CONFIG_SSCANF. Disable by default. Signed-off-by: Andrii Anisov <andrii_anisov@epam.com> Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
2020-08-14efi_loader: signature: correct a behavior against multiple signaturesAKASHI Takahiro
Under the current implementation, all the signatures, if any, in a signed image must be verified before loading it. Meanwhile, UEFI specification v2.8b section 32.5.3.3 says, Multiple signatures are allowed to exist in the binary’s certificate table (as per PE/COFF Section “Attribute Certificate Table”). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx. This patch makes the semantics of signature verification compliant with the specification mentioned above. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13efi_loader: variable: fix secure state initializationAKASHI Takahiro
Under the new file-based variable implementation, the secure state is always and falsely set to 0 (hence, the secure boot gets disabled) after the reboot even if PK (and other signature database) has already been enrolled in the previous boot. This is because the secure state is set up *before* loading non-volatile variables' values from saved data. This patch fixes the order of variable initialization and secure state initialization. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: 5f7dcf079de8 ("efi_loader: UEFI variable persistence")
2020-08-13efi_loader: signature: rework for intermediate certificates supportAKASHI Takahiro
In this commit, efi_signature_verify(with_sigdb) will be re-implemented using pcks7_verify_one() in order to support certificates chain, where the signer's certificate will be signed by an intermediate CA (certificate authority) and the latter's certificate will also be signed by another CA and so on. What we need to do here is to search for certificates in a signature, build up a chain of certificates and verify one by one. pkcs7_verify_one() handles most of these steps except the last one. pkcs7_verify_one() returns, if succeeded, the last certificate to verify, which can be either a self-signed one or one that should be signed by one of certificates in "db". Re-worked efi_signature_verify() will take care of this step. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13efi_loader: variable: keep temporary buffer during the authenticationAKASHI Takahiro
This is a bug fix; Setting an authenticated variable may fail due to a memory corruption in the authentication. A temporary buffer will, if needed, be allocated to parse a variable's authentication data, and some portion of buffer, specifically signer's certificates, will be referenced by efi_signature_verify(). So the buffer should be kept valid until the authentication process is finished. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08efi_loader: set load options in boot managerHeinrich Schuchardt
Up to now we used the value of the bootargs environment variable as load options in the boot manager. This is not correct. The data has to be taken from the Boot#### variable. Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load options to the loaded image protocol. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08efi_loader: factor out efi_set_load_options()Heinrich Schuchardt
The bootefi bootmgr command has to set the load options for a loaded image from the value of BootXXXX variable. If the boot manager is not used, the value is set from the environment variable bootargs (or efi_selftest). Factor out a common function efi_set_load_options(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08efi_loader: add copyright noticeAKASHI Takahiro
Some amount of code was moved/derived from efi_variable.c regarding UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader: restructure code for TEE variables"). So add the orignal author's copyright notice. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-08lib/crypto: simplify public_key_verify_signatureHeinrich Schuchardt
The variable region is filled but never used. Remove it. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-07include/u-boot, lib/zlib: add sources for zlib decompressionJoao Marcos Costa
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on this function to decompress data from a raw disk image. The actual support for zlib into SquashFS sources will be added in a follow-up commit. Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
2020-08-04lmb/bdinfo: dump lmb info via bdinfoTero Kristo
Dump lmb status from the bdinfo command. This is useful for seeing the reserved memory regions from the u-boot cmdline. Signed-off-by: Tero Kristo <t-kristo@ti.com>
2020-08-03efi: Tidy up header includesSimon Glass
Two files relies on efi_driver.h to include common.h and dm.h which is incorrect. The former should always be included in a non-host C file and the latter should be included if driver model is used. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-08-01efi_selftest: block device test requires CONFIG_DOS_PARTITIONHeinrich Schuchardt
Do not execute the block device test if CONFIG_DOS_PARTITION=n. Imply CONFIG_DOS_PARTITION in Kconfig. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01efi_selftest: SNP test depends on networkHeinrich Schuchardt
If CONFIG_NET=n, testing the simple network protocol makes no sense. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01efi_loader: use CONFIG_STACK_SIZE in the UEFI sub-systemHeinrich Schuchardt
The Kconfig symbol CONFIG_STACK_SIZE is used both by ARM and Microblaze with the same meaning. Move it to menu 'General setup' so that we can use it for all architectures. Use the value of CONFIG_STACK_SIZE instead of a hard coded 16 MiB value for reserving memory in the UEFI sub-system. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01efi_loader: Enable run-time variable support for tee based variablesIlias Apalodimas
We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-01efi_loader: Trim output buffer size correctly for tee variablesIlias Apalodimas
The current code does not trim the output buffer correctly. In fact it doesn't trim the buffer at all, since it calculates a wrong value for it, which isn't even applied. So let's remove the unused temporary size variable and trim the buffer correctly. Since we are editing efi_get_next_variable_name_int(), fix an indentation error along the way. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Remove superfluous conversion to (u8 *) for memcpy argument. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-31env: Add support for explicit write access listMarek Vasut
This option marks any U-Boot variable which does not have explicit 'w' writeable flag set as read-only. This way the environment can be locked down and only variables explicitly configured to be writeable can ever be changed by either 'env import', 'env set' or loading user environment from environment storage. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-31env: Add option to only ever append environmentMarek Vasut
Add configuration option which prevents the environment hash table to be ever cleared and reloaded with different content. This is useful in case the first environment loaded into the hash table contains e.g. sensitive content which must not be dropped or reloaded. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Tom Rini <trini@konsulko.com>
2020-07-25Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"Michal Simek
This reverts commit 3ebe09d09a407f93022d945a205c5318239eb3f6. There is no user of this split function that's why remove it. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-25Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"Michal Simek
This reverts commit 118f4d4559a4386fa87a1e2509e84a1986b24a34. There is no user of this split function that's why remove it. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-24Revert "Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm"Tom Rini
This reverts commit 5d3a21df6694ebd66d5c34c9d62a26edc7456fc7, reversing changes made to 56d37f1c564107e27d873181d838571b7d7860e7. Unfortunately this is causing CI failures: https://travis-ci.org/github/trini/u-boot/jobs/711313649 Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-23Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dmTom Rini
binman support for FIT new UCLASS_SOC patman switch 'test' command minor fdt fixes patman usability improvements
2020-07-22lib: crypto: export and enhance pkcs7_verify_one()AKASHI Takahiro
The function, pkcs7_verify_one(), will be utilized to rework signature verification logic aiming to support intermediate certificates in "chain of trust." To do that, its function interface is expanded, adding an extra argument which is expected to return the last certificate in trusted chain. Then, this last one must further be verified with signature database, db and/or dbx. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22lib: crypto: add pkcs7_digest()AKASHI Takahiro
This function was nullified when the file, pkcs7_verify.c, was imported because it calls further linux-specific interfaces inside, hence that could lead to more files being imported from linux. We need this function in pkcs7_verify_one() and so simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22lib: crypto: import pkcs7_verify.c from linuxAKASHI Takahiro
The file, pkcs7_verify.c, will now be imported from linux code (crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit into U-Boot environment. In particular, pkcs7_verify_one() function will be used in a later patch to rework signature verification logic aiming to support intermediate certificates in "chain of trust." Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22lib: crypto: enable x509_check_for_self_signed()AKASHI Takahiro
When the file, x509_public_key.c, was imported from linux code in commit b4adf627d5b7 ("lib: crypto: add x509 parser"), x509_check_for_self_signed() was commented out for simplicity. Now it need be enabled in order to make pkcs7_verify_one(), which will be imported in a later patch, functional. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22lib: crypto: add public_key_verify_signature()AKASHI Takahiro
This function will be called from x509_check_for_self_signed() and pkcs7_verify_one(), which will be imported from linux in a later patch. While it does exist in linux code and has a similar functionality of rsa_verify(), it calls further linux-specific interfaces inside. That could lead to more files being imported from linux. So simply re-implement it here instead of re-using the code. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22efi_loader: use logging for block device messagesHeinrich Schuchardt
Use logging instead of printf() for messages occurring when scanning block devices during the initialization of the UEFI sub-system. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: document efi_save_gd(), efi_restore_gd()Heinrich Schuchardt
Provide function descriptions for efi_save_gd() and efi_restore_gd(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: loosen buffer parameter check in efi_file_readStefan Sørensen
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when the supplied buffer is too small, so a use-case is to call efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed size before doing the actual read. So move the buffer!=NULL check to after the buffer size has been checked. This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now boots out of the box. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: Check for the native OP-TEE result on mm_communicate callsIlias Apalodimas
Currently we only check for the return value of tee_invoke_func(). Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll eventually return an error, the correct thing to do is check for the OP_TEE return code as well. So let's check for that and move tee_shm_free() and tee_close_session() before exiting with an error to make sure we always clear the registered memory. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Use EFI_DEVICE_ERROR for TEE communication problems. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: Rename and correct values for ARM_SMC_MM_*Ilias Apalodimas
Instead of adding the definition for the specific MM SVC used in StandAloneMM we added the one used in the standard SMC calls. So change the value from -4 to -5 to match the correct one defined in EDK2 and rename them to avoid future confusion Fixes 23a397d2e2fb: ("efi_loader: Add headers for EDK2 StandAloneMM communication") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: don't use memmove() in efi_var_mem_del()Heinrich Schuchardt
efi_var_mem_del() is in __efi_runtime because it would be needed for a runtime implementation of SetVariable(). memmove() is not in __efi_runtime. So we should not use it in efi_var_mem_del(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22efi_loader: efi_current_var after SetVirtualAddressMapHeinrich Schuchardt
Variable efi_current_var is a pointer to a physical memory address that becomes invalid after SetVirtualAddressMap(). Instead of converting it via ConvertPointer() simply set it to NULL. Fixes: b02a707152dc ("efi_loader: enable UEFI variables at runtime") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-20Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"Michal Simek
This reverts commit 3ebe09d09a407f93022d945a205c5318239eb3f6. There is no user of this split function that's why remove it. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"Michal Simek
This reverts commit 118f4d4559a4386fa87a1e2509e84a1986b24a34. There is no user of this split function that's why remove it. Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>