u-boot.git/include/efi_loader.h, branch v2020.10-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: new function efi_memcpy_runtime() 2020-07-11T21:14:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-06-28T14:30:29+00:00 b0dd8cb4076ea178df93ad56be6636dcdb444c33 Provide a memcpy() function that we can use at UEFI runtime. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Provide a memcpy() function that we can use at UEFI runtime.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: export efi_convert_pointer() 2020-07-11T21:14:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-24T17:05:22+00:00 a44d2a23992ba70dfeefbad9c55249bfc6be9fbc We need ConvertPointer() to adjust pointers when implementing runtime services within U-Boot. After ExitBootServices() gd is not available anymore. So we should not use EFI_ENTRY() and EFI_EXIT(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We need ConvertPointer() to adjust pointers when implementing  runtime
services within U-Boot.

After ExitBootServices() gd is not available anymore. So we should not use
EFI_ENTRY() and EFI_EXIT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: add digest-based verification for signed image 2020-07-11T21:14:15+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:57+00:00 7926dfb579cb17efc62ede2ce6d5c0a6f7e2f855 In case that a type of certificate in "db" or "dbx" is EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains a public key for RSA decryption, but a digest of image to be loaded. If the value matches to a value calculated from a given binary image, it is granted for loading. With this patch, common digest check code, which used to be used for unsigned image verification, will be extracted from efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and extra step for digest check will be added to efi_image_authenticate(). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.

With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: image_loader: verification for all signatures should pass 2020-07-11T21:14:15+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-08T05:01:56+00:00 11bafb259648dea054e07dc5c8003eb8c736f36c A signed image may have multiple signatures in - each WIN_CERTIFICATE in authenticode, and/or - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE) In the initial implementation of efi_image_authenticate(), the criteria of verification check for multiple signatures case is a bit ambiguous and it may cause inconsistent result. With this patch, we will make sure that verification check in efi_image_authenticate() should pass against all the signatures. The only exception would be - the case where a digest algorithm used in signature is not supported by U-Boot, or - the case where parsing some portion of authenticode has failed In those cases, we don't know how the signature be handled and should just ignore them. Please note that, due to this change, efi_signature_verify_with_sigdb()'s function prototype will be modified, taking "dbx" as well as "db" instead of outputing a "certificate." If "dbx" is null, the behavior would be the exact same as before. The function's name will be changed to efi_signature_verify() once current efi_signature_verify() has gone due to further improvement in intermediate certificates support. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: export initialization state 2020-07-03T16:03:56+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-19T18:21:58+00:00 15b1bf10d1a1b21ecbf20169e30688df1c8e34be Export the UEFI sub-system initialization state. This will allow to treat the setting of UEFI variables during and after initialization differently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Export the UEFI sub-system initialization state. This will allow to treat
the setting of UEFI variables during and after initialization differently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: validate load option 2020-06-03T15:19:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-31T20:46:09+00:00 0e69bcfb27644f9e7c575aa3565bcff922c7dec2 For passing the optional data of the load option to the loaded imaged protocol we need its size. efi_deserialize_load_option() is changed to return the size of the optional data. As a by-product we get a partial validation of the load option. Checking the length of the device path remains to be implemented. Some Coverity defects identified the load options as user input because get_unaligned_le32() and get_unaligned_le16() is called. But non of these Coverity defects can be resolved without marking functions with Coverity specific tags. Reported-by: Coverity (CID 303760) Reported-by: Coverity (CID 303768) Reported-by: Coverity (CID 303776) Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
For passing the optional data of the load option to the loaded imaged
protocol we need its size.

efi_deserialize_load_option() is changed to return the size of the optional
data.

As a by-product we get a partial validation of the load option.
Checking the length of the device path remains to be implemented.

Some Coverity defects identified the load options as user input because
get_unaligned_le32() and get_unaligned_le16() is called. But non of these
Coverity defects can be resolved without marking functions with Coverity
specific tags.

Reported-by: Coverity (CID 303760)
Reported-by: Coverity (CID 303768)
Reported-by: Coverity (CID 303776)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: device path for virtio block devices 2020-05-21T08:00:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-20T20:39:35+00:00 19ecced71cfb92519e8ef7dddbc4138d871fe97c The UEFI specification does not define a device sub-type for virtio. Let's use a vendor hardware node here. This avoids creation of two handles with the same device path indicating our root node. Reported-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The UEFI specification does not define a device sub-type for virtio.
Let's use a vendor hardware node here.

This avoids creation of two handles with the same device path indicating
our root node.

Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
common: Drop log.h from common header 2020-05-19T01:19:18+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:05+00:00 f7ae49fc4f363a803dab3be078e93ead8e75a8e9 Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
common: Drop part.h from common header 2020-05-18T21:33:33+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:39:58+00:00 e6f6f9e64882ddf242437c73fdd9ff06a8eb7c21 Move this uncommon header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: round the memory area in efi_add_memory_map() 2020-05-17T19:59:53+00:00 Michael Walle michael@walle.cc 2020-05-17T10:29:19+00:00 714497e327e7304a2b67d5f780f415c6e1c300d0 Virtually all callers of this function do the rounding on their own. Some do it right, some don't. Instead of doing this in each caller, do the rounding in efi_add_memory_map(). Change the size parameter to bytes instead of pages and remove aligning and size calculation in all callers. There is no more need to make the original efi_add_memory_map() (which takes pages as size) available outside the module. Thus rename it to efi_add_memory_map_pg() and make it static to prevent further misuse outside the module. Signed-off-by: Michael Walle <michael@walle.cc> Add missing comma in sunxi_display.c. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Virtually all callers of this function do the rounding on their own.
Some do it right, some don't. Instead of doing this in each caller,
do the rounding in efi_add_memory_map(). Change the size parameter
to bytes instead of pages and remove aligning and size calculation in
all callers.

There is no more need to make the original efi_add_memory_map() (which
takes pages as size) available outside the module. Thus rename it to
efi_add_memory_map_pg() and make it static to prevent further misuse
outside the module.

Signed-off-by: Michael Walle <michael@walle.cc>
Add missing comma in sunxi_display.c.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>