u-boot.git/include/efi_api.h, branch v2022.04 Unnamed repository; edit this file 'description' to name the repository. efi_loader: correctly handle mixed hashes and signatures in db 2022-01-29T09:23:40+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-01-28T22:20:31+00:00 4b634313232ed4a17bbf66d228764fef639e1f65 A mix of signatures and hashes in db doesn't always work as intended. Currently if the digest algorithm is not explicitly set to sha256 we stop walking the security database and reject the image. That's problematic in case we find and try to check a signature before inspecting the sha256 hash. If the image is unsigned we will reject it even if the digest matches. Since we no longer reject the image on unknown algorithms add an explicit check and reject the image if any other hash algorithm apart from sha256 is detected on dbx. Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.

That's problematic in case we find and try to check a signature before
inspecting the sha256 hash.  If the image is unsigned we will reject it
even if the digest matches.

Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Enable RISCV_EFI_BOOT_PROTOCOL support 2022-01-29T09:23:40+00:00 Sunil V L sunilvl@ventanamicro.com 2022-01-28T15:18:44+00:00 1ccf87165e38cb32f2444d8fd4b3e4d8ea13928e This adds support for new RISCV_EFI_BOOT_PROTOCOL to communicate the boot hart ID to bootloader/kernel on RISC-V UEFI platforms. The specification of the protocol is hosted at: https://github.com/riscv-non-isa/riscv-uefi Signed-off-by: Sunil V L <sunilvl@ventanamicro.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.

The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi

Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: printing TCG2 protocol GUID 2022-01-19T15:16:33+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-16T16:46:38+00:00 38040a63a3e838a1eeb56c7d18875be485b14f5c We support the TCG2 protocol. Allow command efidebug to print it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
We support the TCG2 protocol. Allow command efidebug to print it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
cmd: efidebug: simplify printing GUIDs 2022-01-19T15:16:33+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-16T13:10:23+00:00 3adae64220be502cd6d522c96a3af7dd420a1a67 Use "%pS" to print text representations of GUIDs. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Use "%pS" to print text representations of GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: Locate all block devices in the app 2021-12-31T05:45:01+00:00 Simon Glass sjg@chromium.org 2021-12-29T18:57:36+00:00 613cd0c46796cae340382679bc01ef220daf3768 When starting the app, locate all block devices and make them available to U-Boot. This allows listing partitions and accessing files in filesystems. EFI also has the concept of 'disks', meaning boot media. For now, this is not obviously useful in U-Boot, but add code to at least locate these. This can be expanded later as needed. We cannot use printf() in the early stub or app since it is not compiled in Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
When starting the app, locate all block devices and make them available
to U-Boot. This allows listing partitions and accessing files in
filesystems.

EFI also has the concept of 'disks', meaning boot media. For now, this
is not obviously useful in U-Boot, but add code to at least locate these.
This can be expanded later as needed.

We cannot use printf() in the early stub or app since it is not compiled
in

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: bump EFI_SPECIFICATION_VERSION to 2.9 2021-11-20T09:53:00+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-11-17T17:55:59+00:00 dc52578d7b48342c04484184199831893a983cbf We have implemented all what is new in UEFI specification 2.9 and relevant for U-Boot. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
We have implemented all what is new in UEFI specification 2.9 and relevant
for U-Boot.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES 2021-11-20T09:53:00+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-11-16T17:46:27+00:00 43eaf5b13f31395afbef3ff89d99a4f6c1a2ba63 Implement the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group handling. Add the definition of EFI_EVENT_GROUP_AFTER_READY_TO_BOOT. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Implement the EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group
handling.

Add the definition of EFI_EVENT_GROUP_AFTER_READY_TO_BOOT.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Sphinx comments in efi_api.h 2021-11-20T09:53:00+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-11-20T08:28:54+00:00 e032cb2ac98d7085bec258dd19617409f0f70e90 Fix incorrect Sphinx comments in efi_api.h: * add missing 'struct' * correct indentation Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Fix incorrect Sphinx comments in efi_api.h:

* add missing 'struct'
* correct indentation

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi: add comment for efi_system_table and efi_configuration_table 2021-11-20T09:53:00+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-11-12T07:24:27+00:00 45c16fd0c2457d64fa94ddf3f96818542ebf72b6 This commit adds the comment for efi_system_table and efi_configuration_table structure. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This commit adds the comment for efi_system_table and
efi_configuration_table structure.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add missing const qualifier 2021-10-25T19:13:06+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-22T11:24:24+00:00 f86352eb825a450d298b9c1a2b88c07b523c1039 This commit fixes the following compilation warning of boottime->install_configuration_table() function. lib/efi_selftest/efi_selftest_tcg2.c:475:46: warning: passing argument 1 of ‘boottime->install_configuration_table’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] ret = boottime->install_configuration_table(&smbios_guid, dmi); Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
This commit fixes the following compilation warning
of boottime->install_configuration_table() function.

lib/efi_selftest/efi_selftest_tcg2.c:475:46:
warning: passing argument 1 of ‘boottime->install_configuration_table’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
  ret = boottime->install_configuration_table(&smbios_guid, dmi);

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>