u-boot.git/include/efi_loader.h, branch v2020.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: validate load option 2020-06-03T15:19:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-31T20:46:09+00:00 0e69bcfb27644f9e7c575aa3565bcff922c7dec2 For passing the optional data of the load option to the loaded imaged protocol we need its size. efi_deserialize_load_option() is changed to return the size of the optional data. As a by-product we get a partial validation of the load option. Checking the length of the device path remains to be implemented. Some Coverity defects identified the load options as user input because get_unaligned_le32() and get_unaligned_le16() is called. But non of these Coverity defects can be resolved without marking functions with Coverity specific tags. Reported-by: Coverity (CID 303760) Reported-by: Coverity (CID 303768) Reported-by: Coverity (CID 303776) Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
For passing the optional data of the load option to the loaded imaged
protocol we need its size.

efi_deserialize_load_option() is changed to return the size of the optional
data.

As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.

Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.

Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: device path for virtio block devices 2020-05-21T08:00:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-20T20:39:35+00:00 19ecced71cfb92519e8ef7dddbc4138d871fe97c The UEFI specification does not define a device sub-type for virtio. Let's use a vendor hardware node here. This avoids creation of two handles with the same device path indicating our root node. Reported-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.

This avoids creation of two handles with the same device path indicating
our root node.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
common: Drop log.h from common header 2020-05-19T01:19:18+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:05+00:00 f7ae49fc4f363a803dab3be078e93ead8e75a8e9 Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
common: Drop part.h from common header 2020-05-18T21:33:33+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:39:58+00:00 e6f6f9e64882ddf242437c73fdd9ff06a8eb7c21 Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: round the memory area in efi_add_memory_map() 2020-05-17T19:59:53+00:00 Michael Walle michael@walle.cc 2020-05-17T10:29:19+00:00 714497e327e7304a2b67d5f780f415c6e1c300d0 Virtually all callers of this function do the rounding on their own. Some do it right, some don't. Instead of doing this in each caller, do the rounding in efi_add_memory_map(). Change the size parameter to bytes instead of pages and remove aligning and size calculation in all callers. There is no more need to make the original efi_add_memory_map() (which takes pages as size) available outside the module. Thus rename it to efi_add_memory_map_pg() and make it static to prevent further misuse outside the module. Signed-off-by: Michael Walle <michael@walle.cc> Add missing comma in sunxi_display.c. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: disk: add efi_disk_is_system_part() 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-27T09:48:20+00:00 41fd506842c2d9385d940cffe8ceeb8456c29fc5 This function will check if a given handle to device is an EFI system partition. It will be utilised in implementing capsule-on-disk feature. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Add function description. Return bool. Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: remove CONFIG_EFI_SECURE_BOOT in efi_loader.h 2020-04-30T08:25:07+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:38:38+00:00 d9f3307a826b0b4be818c26dd3f5db49095f846b The guard doesn't make any difference, so remove it. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The guard doesn't make any difference, so remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: identify EFI system partition 2020-04-30T08:25:07+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-19T14:16:31+00:00 11078bb262a2a2489cbc5962f2e7faad5b288194 In subsequent patches UEFI variables shalled be stored on the EFI system partition. Hence we need to identify the EFI system partition. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: support image authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:44+00:00 4540dabdcacaea50bf874115f28adc103966d25a With this commit, image validation can be enforced, as UEFI specification section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled. Currently we support * authentication based on db and dbx, so dbx-validated image will always be rejected. * following signature types: EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images) EFI_CERT_X509_GUID (x509 certificate for signed images) Timestamp-based certificate revocation is not supported here. Internally, authentication data is stored in one of certificates tables of PE image (See efi_image_parse()) and will be verified by efi_image_authenticate() before loading a given image. It seems that UEFI specification defines the verification process in a bit ambiguous way. I tried to implement it as closely to as EDK2 does. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: variable: support variable authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:41+00:00 767f6eeb01d331a7570a1a5e89010b09e5499bfb With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is supported for authenticated variables and the system secure state will transfer between setup mode and user mode as UEFI specification section 32.3 describes. Internally, authentication data is stored as part of authenticated variable's value. It is nothing but a pkcs7 message (but we need some wrapper, see efi_variable_parse_signature()) and will be validated by efi_variable_authenticate(), hence efi_signature_verify_with_db(). Associated time value will be encoded in "{...,time=...}" along with other UEFI variable's attributes. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>