u-boot.git, branch v2022.07-rc2 Unnamed repository; edit this file 'description' to name the repository. Prepare v2022.07-rc2 2022-05-09T16:49:31+00:00 Tom Rini trini@konsulko.com 2022-05-09T16:49:31+00:00 f08ed34371c54244421eac8ffb4c77559c5ea013 Signed-off-by: Tom Rini <trini@konsulko.com> 
Signed-off-by: Tom Rini <trini@konsulko.com>
Merge tag 'efi-2022-07-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi 2022-05-08T15:31:48+00:00 Tom Rini trini@konsulko.com 2022-05-08T15:31:48+00:00 20cd58479f8c23cdb868fd9cd2042d59782056fc Pull request for efi-2022-07-rc3-2 UEFI: * Fix build errors due to - using sed with non-standard extension for regular expression - target architecture not recognized for CROSS_COMPILE=armv7a-* - CONFIG_EVENT not selected * add sha384/512 on certificate revocation Others: * factor out the user input handling in bootmenu command 
Pull request for efi-2022-07-rc3-2

UEFI:
* Fix build errors due to
  - using sed with non-standard extension for regular expression
  - target architecture not recognized for CROSS_COMPILE=armv7a-*
  - CONFIG_EVENT not selected
* add sha384/512 on certificate revocation

Others:
* factor out the user input handling in bootmenu command
Merge branch '2022-05-06-assorted-updates' 2022-05-08T15:29:50+00:00 Tom Rini trini@konsulko.com 2022-05-08T15:29:50+00:00 258a57907d158d3ba54ec4e6daf0595d2f670d65 - Drop "linux,phandle" setting code, it's very long obsolete. - Add ability to fix broken GPT via backup GPT. 
- Drop "linux,phandle" setting code, it's very long obsolete.
- Add ability to fix broken GPT via backup GPT.
test/py: Add more test cases for rejecting an EFI image 2022-05-07T21:17:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-05-06T12:36:01+00:00 4b494770577cc61c3c1a4b57ced2fc98d87957dc The previous patch adds support for rejecting images when the sha384/512 of an x.509 certificate is present in dbx. Update the sandbox selftests Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The previous patch adds support for rejecting images when the sha384/512
of an x.509 certificate is present in dbx.  Update the sandbox selftests

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: add sha384/512 on certificate revocation 2022-05-07T21:17:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-05-06T12:36:00+00:00 b436cc6a57cae017343a549f4b701e748d7e6448 Currently we don't support sha384/512 for the X.509 certificate in dbx. Moreover if we come across such a hash we skip the check and approve the image, although the image might needs to be rejected. Rework the code a bit and fix it by adding an array of structs with the supported GUIDs, len and literal used in the U-Boot crypto APIs instead of hardcoding the GUID types. It's worth noting here that efi_hash_regions() can now be reused from efi_signature_lookup_digest() and add sha348/512 support there as well Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
bootmenu: factor out the user input handling 2022-05-07T21:17:26+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2022-04-28T08:09:45+00:00 3ae6cf5400ee004c309f73f358c1043cf6d8eecc This commit moves the user input handling from cmd/bootmenu.c to common/menu.c to reuse it from other modules. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
This commit moves the user input handling from cmd/bootmenu.c
to common/menu.c to reuse it from other modules.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Select EVENT as well 2022-05-07T21:17:26+00:00 Jan Kiszka jan.kiszka@siemens.com 2022-04-27T05:47:15+00:00 6ae494831d13e96e5bc82b70c8061f5771219c3c Fixes WARNING: unmet direct dependencies detected for EVENT_DYNAMIC Depends on [n]: EVENT [=n] Selected by [y]: - EFI_LOADER [=y] && OF_LIBFDT [=y] && ... and the succeeding build breakage. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Fixes

WARNING: unmet direct dependencies detected for EVENT_DYNAMIC
  Depends on [n]: EVENT [=n]
  Selected by [y]:
  - EFI_LOADER [=y] && OF_LIBFDT [=y] && ...

and the succeeding build breakage.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
tools: mkimage: set OPENSSL_API_COMPAT 2022-05-07T21:17:25+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-05-06T11:28:52+00:00 e927e21c07483337ffb63b828d4ddb5e0db342b2 Building with OpenSSL 3.0 produces warnings like: ../tools/sunxi_toc0.c:846:17: warning: ‘RSA_get0_d’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 846 | if (root_key && RSA_get0_d(root_key)) { | ^~ As OpenSSL 3.0 is not available in elder Linux distributions just silence the warning. Add missing #include <openssl/bn.h>. Fixes: e9e87ec47c75 ("tools: mkimage: Add Allwinner TOC0 support") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Andre Przywara <andre.przywara@arm.com> 
Building with OpenSSL 3.0 produces warnings like:

../tools/sunxi_toc0.c:846:17: warning: ‘RSA_get0_d’ is deprecated:
Since OpenSSL 3.0 [-Wdeprecated-declarations]
  846 |                 if (root_key && RSA_get0_d(root_key)) {
      |                 ^~

As OpenSSL 3.0 is not available in elder Linux distributions
just silence the warning.

Add missing #include <openssl/bn.h>.

Fixes: e9e87ec47c75 ("tools: mkimage: Add Allwinner TOC0 support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Andre Przywara <andre.przywara@arm.com>
mkimage: Document misc options 2022-05-07T21:17:25+00:00 Sean Anderson sean.anderson@seco.com 2022-04-08T20:08:39+00:00 deb2638aa09e23e0ca263a77bde2079dc4bd48df Over the years, several options have not made it into the help message. Document them. Do the same for the man page. Signed-off-by: Sean Anderson <sean.anderson@seco.com> 
Over the years, several options have not made it into the help message.
Document them. Do the same for the man page.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Makefile: support CROSS_COMPILE=armv7a-* 2022-05-07T21:17:25+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-05-07T20:58:39+00:00 ecd4e5cf18b183b4b4679b2c1ce96df605b81746 Gentoo uses armv7a-hardfloat-linux-gnueabi- as cross compiler prefix. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Gentoo uses armv7a-hardfloat-linux-gnueabi- as cross compiler prefix.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>