summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)AuthorFilesLines
2021-09-25efi_loader: Fix spec ID event creationRuchika Gupta1-17/+23
TCG EFI Protocol Specification defines the number_of_algorithms field in spec ID event to be equal to the number of active algorithms supported by the TPM device. In current implementation, this field is populated with the count of all algorithms supported by the TPM which leads to incorrect spec ID event creation. Similarly, the algorithm array in spec ID event should be a variable length array with length being equal to the number_of_algorithms field. In current implementation this is defined as a fixed length array which has been fixed. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> CC: Masahisa Kojima <masahisa.kojima@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-18Revert "efi_capsule: Move signature from DTB to .rodata"Simon Glass4-47/+3
This was unfortunately applied despite much discussion about it beiong the wrong way to implement this feature. Revert it before too many other things are built on top of it. This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-14image: rsa: Move padding_algos to linker listsAlexandru Gagniuc1-0/+15
We are not guaranteed to have the padding_pkcs_15_verify symbol since commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY") The padding_algos only make sense with RSA verification, which can now be disabled in lieu of ECDSA. In fact this will lead to build failures because of the missing symbol mentioned earlier. To resolve this, move the padding_algos to a linker list, with declarations moved to rsa_verify.c. This is consistent with commit 6909edb4ce ("image: rsa: Move verification algorithm to a linker list") One could argue that the added #ifdef USE_HOSTCC is ugly, and should be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would be inconsistent with the "cryptos" list. This logic for was not previously explored: Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is similar to something being declared. However, should #ifndef USE_HOSTCC be part of the macro, it would not be obvious that it behaves differently on host code and target code. Having the #ifndef outside the macro makes this obvious. Also, the #ifdef is not always necessary. For example ecda-verify makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs. The fundamental issue is a lack of separation of host and target code in rsa_verify. Therefore, the declaration of a padding algo with the external #ifdef is more readable and consistent. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-14lib: fix typos in KconfigOleksandr Suvorov1-2/+2
There are trivial typos in the Kconfig file. Fixed them. Also, fixed grammar in the descriptions with typos. Fixes: d56b4b1974 ("configs: Migrate RBTREE, LZO, CMD_MTDPARTS, CMD_UBI and CMD_UBIFS") Fixes: 7264f2928b ("spl: fit: Eanble GZIP support for image decompression") Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-09-14lib/rsa: don't use NULL as key_idHeinrich Schuchardt1-1/+1
If keydir is not provided but name is we want to use name as key_id. But with the current coding name is only used on its own if it is NULL and keydir is provided which never occurs. Fixes: 824ee745fbca ("lib/rsa: Use the 'keyfile' argument from mkimage") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-14pci: Drop DM_PCI check from fdtdecSimon Glass1-2/+8
We don't need this check anymore since when PCI is enabled, driver model is always used. Sadly this doesn't work with nds32 for some reason to do with the toolchain. Add a work-around for that. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-13Merge tag 'efi-2021-10-rc4-2' of ↵Tom Rini3-13/+10
https://source.denx.de/u-boot/custodians/u-boot-efi Pull request for efi-2021-10-rc4-2 Documentation: * improve documentation of U-Boot for /config DT node * integrate bloblist documentation UEFI: * correct usage of EFI_CALL() * code tidy up
2021-09-11efi_loader: simplify efi_watchdog_timer_notify()Heinrich Schuchardt1-2/+1
We can call do_reset() directly without invoking the UEFI API. This decreases the code size. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11efi_loader: Remove incorrect calls of EFI_CALL in TCG2Ilias Apalodimas1-9/+6
There is two unneeded EFI_CALL references in tcg2_measure_pe_image(). The first one in efi_search_protocol() and the second on in the device path calculation. The second isn't even a function we should be calling, but a pointer assignment, which happens to work with the existing macro. While at it switch the malloc call to a calloc, remove the unnecessary cast and get rid of an unneeded if statement before copying the device path Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11efi_loader: require CONFIG_BLKHeinrich Schuchardt1-0/+1
The move to driver model should by now be completed. To be able to remove pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI support. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-11efi_loader: boot_service_capability_min should be capitalizedMasahisa Kojima1-2/+2
boot_service_capability_min is constant, it should be capitalized. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-09Kconfig: Drop duplicate 'select SHA512' instancesTom Rini2-2/+0
When dropping SHA512_ALGO in general, we didn't catch some cases where an option was selecting both SHA512 and SHA512_ALGO and caused them to select SHA512 twice. Kconfig doesn't complain, but this is still wrong and should be corrected. Fixes: e60e44993120 ("lib: Drop SHA512_ALGO in lieu of SHA512") Reported-by: Andreas Schwab <schwab@suse.de> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08common: Move MD5 hash to hash_algo[] array.Alexandru Gagniuc1-2/+2
MD5 is being called directly in some places, but it is not available via hash_lookup_algo("md5"). This is inconsistent with other hasing routines. To resolve this, add an "md5" entry to hash_algos[]. The #ifdef clause looks funnier than those for other entries. This is because both MD5 and SPL_MD5 configs exist, whereas the other hashes do not have "SPL_" entries. The long term plan is to get rid of the ifdefs, so those should not be expected to survive much longer. The md5 entry does not have .hash_init/update/finish members. That's okay because hash_progressive_lookup_algo() will catch that, and return -EPROTONOSUPPORT, while hash_lookup_algo() will return the correct pointer. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASHAlexandru Gagniuc1-1/+1
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for CHAIN_OF_TRUST to select SPL_HASH now. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks] Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08lib: Drop SHA512_ALGO in lieu of SHA512Alexandru Gagniuc5-13/+7
SHA512_ALGO was used as a "either SHA512 or SHA384", although the implementations of these two algorithms share a majority of code. From a Kconfig interface perspective, it makes sense to present two distinct options. This requires #ifdefing out the SHA512 implementation from sha512.c. The latter doesn't make any sense. It's reasonable to say in Kconfig that SHA384 depends on SHA512, and seems to be the more polite way to handle the selection. Thus, automatically select SHA512 when SHA384 is enabled. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-04efi_loader: fix efi_tcg2_hash_log_extend_event() parameter checkMasahisa Kojima1-1/+1
TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL apiMasahisa Kojima1-0/+19
TCG EFI Protocol Specification defines the required parameter checking and return value for each API. This commit adds the missing parameter check and fixes the wrong return value to comply the specification. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04efi_loader: correct determination of secure boot stateHeinrich Schuchardt1-8/+31
When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04efi_loader: efi_auth_var_type for AuditMode, DeployedModeHeinrich Schuchardt2-2/+4
Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04efi_loader: don't load signature database from fileHeinrich Schuchardt3-19/+26
The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04efi_loader: rounding of image sizeHeinrich Schuchardt1-2/+2
We should not first allocate memory and then report a rounded up value as image size. Instead first round up according to section allocation and then allocate the memory. Fixes: 82786754b9d2 ("efi_loader: ImageSize must be multiple of SectionAlignment") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04efi_loader: sections with zero VirtualSizeHeinrich Schuchardt1-4/+27
In a section header VirtualSize may be zero. This is for instance seen in the .sbat section of shim. In this case use SizeOfRawData as section size. Fixes: 9d30a941cce5 ("efi_loader: don't load beyond VirtualSize") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
2021-08-23Merge tag 'efi-2021-10-rc3' of ↵Tom Rini3-4/+5
https://source.denx.de/u-boot/custodians/u-boot-efi Pull request for efi-2021-10-rc3 Documentation: * Rename Freescale to NXP * Document structures used for the UEFI TCG2 protocol UEFI: * Device paths must use EfiBootServicesData
2021-08-22display_options: Do not use %llu in print_sizeMatwey V. Kornilov1-1/+6
tiny-printf variant doesn't know how to handle %llu format string, but both tiny-printf and print_size can meet in SPL when TFTP is used to obtain main u-boot image. This is known to lead to critical boot issue at AM335x platform when printf is catched in infinite loop. To avoid such issues and make print_size function tiny-printf friendly, use %u instead of %luu. Note, that the size value is guaranteed to be less than 1024 in this conditional branch, so the cast to unsigned int is safe. Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-22tiny-printf: Handle %pM format when CONFIG_SPL_NET_SUPPORT is enabledMatwey V. Kornilov1-13/+13
%pM format string is used to print MAC-address and this is required while SPL network boot. This patch fixes the SPL boot issues like the following: Trying to boot from USB eth ## Error: flags type check failure for "ethaddr" <= "40309614M" (type: m) ## Error inserting "ethaddr" variable, errno=1 eth0: eth_cpsw## Error: flags type check failure for "eth1addr" <= "81f01114M" (type: m) ## Error inserting "eth1addr" variable, errno=1 , eth1: usb_ether eth_cpsw Waiting for PHY auto negotiation to complete......... TIMEOUT ! Problem booting with BOOTP SPL: failed to boot from all boot devices ### ERROR ### Please RESET the board ### Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-17efi_loader: use EfiBootServicesData for DP to textHeinrich Schuchardt1-1/+1
Memory allocated in the implementation of the EFI_DEVICE_PATH_TO_TEXT_PROTOCOL must be of type EfiBootServicesData. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17efi_loader: use EfiBootServicesData for device pathHeinrich Schuchardt1-1/+1
dp_alloc() was using a constant from the wrong enum resulting in creating device paths in EfiReservedMemory. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17efi_loader: use correct type for AllocatePages, AllocatePoolHeinrich Schuchardt1-2/+3
Use enum efi_memory_type and enum_allocate_type in the definitions of the efi_allocate_pages(), efi_allocate_pool(). In the external UEFI API leave the type as int as the UEFI specification explicitely requires that enums use a 32bit type. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-16lib: ecdsa: Implement UCLASS_ECDSA verification on targetAlexandru Gagniuc5-0/+160
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-14efi_loader: refactor efi_append_scrtm_version()Masahisa Kojima1-13/+1
Refactor efi_append_scrtm_version() to use common function for adding eventlog and extending PCR. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14efi_loader: add ExitBootServices() measurementMasahisa Kojima2-0/+75
TCG PC Client PFP spec requires to measure "Exit Boot Services Invocation" if ExitBootServices() is invoked. Depending upon the return code from the ExitBootServices() call, "Exit Boot Services Returned with Success" or "Exit Boot Services Returned with Failure" is also measured. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Swap two ifs in efi_exit_boot_services(). efi_tcg2_notify_exit_boot_services must have EFIAPI signature. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14efi_loader: add boot variable measurementMasahisa Kojima2-0/+141
TCG PC Client PFP spec requires to measure "Boot####" and "BootOrder" variables, EV_SEPARATOR event prior to the Ready to Boot invocation. Since u-boot does not implement Ready to Boot event, these measurements are performed when efi_start_image() is called. TCG spec also requires to measure "Calling EFI Application from Boot Option" for each boot attempt, and "Returning from EFI Application from Boot Option" if a boot device returns control back to the Boot Manager. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14efi_loader: add secure boot variable measurementMasahisa Kojima1-0/+165
TCG PC Client PFP spec requires to measure the secure boot policy before validating the UEFI image. This commit adds the secure boot variable measurement of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr". Note that this implementation assumes that secure boot variables are pre-configured and not be set/updated in runtime. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14efi_loader: Uri() device path nodeHeinrich Schuchardt1-0/+13
iPXE used Uri() device path nodes. So we should support them in the device path to text protocol. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-03Merge https://source.denx.de/u-boot/custodians/u-boot-samsungTom Rini1-2/+0
2021-08-02lib: Allow using 0x when a decimal value is requestedSimon Glass1-11/+17
U-Boot mostly uses hex for value input, largely because addresses are much easier to understand in hex. But in some cases a decimal value is requested, such as where the value is small or hex does not make sense in the context. In these cases it is sometimes useful to be able to provide a hex value in any case, if only to resolve any ambiguity. Add this functionality, for increased flexibility. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02lib: Move common digit-parsing code into a functionSimon Glass1-7/+24
The code to convert a character into a digit is repeated twice in this file. Factor it out into a separate function. This also makes the code a little easier to read. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02lib: Drop unnecessary check for hex digitSimon Glass1-1/+1
If we see 0x then we can assume this is the start of a hex value. It does not seem necessary to check for a hex digit after that since it will happen when parsing the value anyway. Drop this check to simplify the code and reduce size. Add a few more test cases for when a 0x prefix is used. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02global: Convert simple_strtoul() with decimal to dectoul()Simon Glass4-4/+9
It is a pain to have to specify the value 10 in each call. Add a new dectoul() function and update the code to use it. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02global: Convert simple_strtoul() with hex to hextoul()Simon Glass4-13/+17
It is a pain to have to specify the value 16 in each call. Add a new hextoul() function and update the code to use it. Add a proper comment to simple_strtoul() while we are here. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02efi_loader: typo cerificateHeinrich Schuchardt1-1/+1
%s/cerificate/certificate/ Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-01lib: disable CONFIG_SPL_HEXDUMP by defaultHeinrich Schuchardt1-2/+1
CONFIG_HEXDUMP is needed to display UEFI variables using 'printenv -e'. Enabling CONFIG_SPL_HEXDUMP only makes sense for debugging purposes. Hence CONFIG_SPL_HEXDUMP should not be enabled by default. The following boards currently have CONFIG_SPL_HEXDUMP=y. This includes boards that don't use SPL at all. axm_defconfig imx8mm-cl-iot-gate_defconfig imx8mm_venice_defconfig imxrt1020-evk_defconfig imxrt1050-evk_defconfig kontron_sl28_defconfig kp_imx53_defconfig lx2160ardb_tfa_stmm_defconfig mt7622_rfb_defconfig octeon_ebb7304_defconfig octeon_nic23_defconfig qemu_arm64_defconfig qemu_arm_defconfig qemu-riscv32_defconfig qemu-riscv32_smode_defconfig qemu-riscv64_defconfig qemu-riscv64_smode_defconfig qemu-x86_64_defconfig qemu-x86_defconfig sandbox64_defconfig sandbox_defconfig stm32mp15_basic_defconfig stm32mp15_trusted_defconfig synquacer_developerbox_defconfig taurus_defconfig xilinx_versal_virt_defconfig The patch only keeps it enabled on sandbox_spl_defconfig Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-29mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL EngineMarc Kleine-Budde1-0/+11
This patch adds the possibility to pass the PIN the OpenSSL Engine used during signing via the environment variable MKIMAGE_SIGN_PIN. This follows the approach used during kernel module signing ("KBUILD_SIGN_PIN") or UBIFS image signing ("MKIMAGE_SIGN_PIN"). Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2021-07-29lib: rsa: rsa-sign: Minor bug in debug messageChan, Donald1-1/+1
*sig_size isn't set until later so use the correct variables. Signed-off-by: Donald Chan <hoiho@lab126.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-29lib: rsa: rsa-verify: Fix a typo in a debug messageThomas Perrot1-1/+1
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
2021-07-28lib: Create a new Kconfig option for charset conversionSimon Glass2-1/+9
Rather than looking at two KConfig options in the Makefile, create a new Kconfig option for compiling lib/charset.c Enable it for UFS also, which needs this support. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-27lib: strto: add simple_strtoll functionRoland Gaudig1-0/+8
Add simple_strtoll function for converting a string containing digits into a long long int value. Signed-off-by: Roland Gaudig <roland.gaudig@weidmueller.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-27samsung: exynos: Convert SROMC interface to a driverSimon Glass1-2/+0
Add a bus driver for this and use it to configure the bus parameters for the Ethernet interface. Drop the old pre-driver-model code. Switch over to use driver model for Ethernet. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com> Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
2021-07-24efi_loader: remove asm/setjmp.h from efi_api.hAKASHI Takahiro1-0/+1
In the commit c982874e930d ("efi_loader: refactor efi_setup_loaded_image()"), setjmp-related definitions were moved to efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer refererenced in efi_api.h. This also fixes some error when efi_api.h will be included in mkeficapsule.c. Fixes: c982874e930d ("efi_loader: refactor efi_setup_loaded_image()") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-07-24efi_loader: capsule: remove authentication dataAKASHI Takahiro1-13/+57
If capsule authentication is disabled and yet a capsule file is signed, its signature must be removed from image data to flush. Otherwise, the firmware will be corrupted after update. Fixes: 04be98bd6bcf ("efi: capsule: Add support for uefi capsule authentication") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>