u-boot.git/include/efi_loader.h, branch v2020.07-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: disk: add efi_disk_is_system_part() 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-27T09:48:20+00:00 41fd506842c2d9385d940cffe8ceeb8456c29fc5 This function will check if a given handle to device is an EFI system partition. It will be utilised in implementing capsule-on-disk feature. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Add function description. Return bool. Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This function will check if a given handle to device is an EFI system
partition. It will be utilised in implementing capsule-on-disk feature.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Add function description. Return bool.
Reviewed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: remove CONFIG_EFI_SECURE_BOOT in efi_loader.h 2020-04-30T08:25:07+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:38:38+00:00 d9f3307a826b0b4be818c26dd3f5db49095f846b The guard doesn't make any difference, so remove it. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The guard doesn't make any difference, so remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: identify EFI system partition 2020-04-30T08:25:07+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-19T14:16:31+00:00 11078bb262a2a2489cbc5962f2e7faad5b288194 In subsequent patches UEFI variables shalled be stored on the EFI system partition. Hence we need to identify the EFI system partition. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In subsequent patches UEFI variables shalled be stored on the EFI system
partition. Hence we need to identify the EFI system partition.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: support image authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:44+00:00 4540dabdcacaea50bf874115f28adc103966d25a With this commit, image validation can be enforced, as UEFI specification section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled. Currently we support * authentication based on db and dbx, so dbx-validated image will always be rejected. * following signature types: EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images) EFI_CERT_X509_GUID (x509 certificate for signed images) Timestamp-based certificate revocation is not supported here. Internally, authentication data is stored in one of certificates tables of PE image (See efi_image_parse()) and will be verified by efi_image_authenticate() before loading a given image. It seems that UEFI specification defines the verification process in a bit ambiguous way. I tried to implement it as closely to as EDK2 does. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: variable: support variable authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:41+00:00 767f6eeb01d331a7570a1a5e89010b09e5499bfb With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is supported for authenticated variables and the system secure state will transfer between setup mode and user mode as UEFI specification section 32.3 describes. Internally, authentication data is stored as part of authenticated variable's value. It is nothing but a pkcs7 message (but we need some wrapper, see efi_variable_parse_signature()) and will be validated by efi_variable_authenticate(), hence efi_signature_verify_with_db(). Associated time value will be encoded in "{...,time=...}" along with other UEFI variable's attributes. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: add signature database parser 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:40+00:00 be6296d05b072f312a20587cf2de8e4456bcb8ff efi_signature_parse_sigdb() is a helper function will be used to parse signature database variable and instantiate a signature store structure in later patches. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: add signature verification functions 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:39+00:00 593e17d673abe8e903412e6d55b2eb54b159b096 In this commit, implemented are a couple of helper functions which will be used to materialize variable authentication as well as image authentication in later patches. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: definition of GetNextVariableName() 2020-03-22T17:38:02+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-22T17:28:20+00:00 7a4e717b9c0c255137a58f3ab90f002fc3aade2b 'vendor' is both an input and an output parameter. So it cannot be constant. Fixes: 0bda81bfdc5c ("efi_loader: use const efi_guid_t * for variable services") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
'vendor' is both an input and an output parameter. So it cannot be
constant.

Fixes: 0bda81bfdc5c ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: export a couple of protocol related functions 2020-03-17T07:29:52+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-03-17T02:12:36+00:00 b51ec639788bdf8220de458f49498d9f19f65b2b This is a preparatory patch. Those functions will be used in an implementation of UEFI firmware management protocol as part of my capsule update patch. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This is a preparatory patch.
Those functions will be used in an implementation of UEFI firmware
management protocol as part of my capsule update patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: Implement FileLoad2 for initramfs loading 2020-02-28T18:37:14+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-02-21T07:55:45+00:00 ec80b4735a593961fe701cc3a5d717d4739b0fd0 Following kernel's proposal for an arch-agnostic initrd loading mechanism [1] let's implement the U-boot counterpart. This new approach has a number of advantages compared to what we did up to now. The file is loaded into memory only when requested limiting the area of TOCTOU attacks. Users will be allowed to place the initramfs file on any u-boot accessible partition instead of just the ESP one. Finally this is an attempt of a generic interface across architectures in the linux kernel so it makes sense to support that. The file location is intentionally only supported as a config option argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security. Although U-boot is not responsible for verifying the integrity of the initramfs, we can enhance the offered security by only accepting a built-in option, which will be naturally verified by UEFI Secure Boot. This can easily change in the future if needed and configure that via ENV or UEFI variable. [1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.

The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.

[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>