u-boot.git/include/efi_loader.h, branch v2021.01 Unnamed repository; edit this file 'description' to name the repository. efi_loader: use after free in efi_exit() 2020-12-29T01:09:04+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-28T22:24:40+00:00 be48b0f453a3903e924a4f1790f134b9b36e5fa8 Do not use data from the loaded image object after deleting it. Fixes: 126a43f15b36 ("efi_loader: unload applications upon Exit()") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Do not use data from the loaded image object after deleting it.

Fixes: 126a43f15b36 ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: describe struct efi_loaded_image_obj 2020-12-29T01:09:04+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-28T21:42:51+00:00 aeaf0e6d58093102aa35921c7bc6fcb0580504bd Add the missing description of some fields of struct efi_loaded_image_obj. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Add the missing description of some fields of struct efi_loaded_image_obj.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Add basic EFI_TCG2_PROTOCOL support 2020-11-14T04:05:46+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-11-11T09:18:11+00:00 c1c021052c7a03ed0226b4ce3e9b20c0498e2ccb Since U-boot EFI implementation is getting richer it makes sense to add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM available on the device. This is the initial implementation of the protocol which only adds support for GetCapability(). It's limited in the newer and safer TPMv2 devices. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Since U-boot EFI implementation is getting richer it makes sense to
add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM
available on the device.

This is the initial implementation of the protocol which only adds
support for GetCapability(). It's limited in the newer and safer
TPMv2 devices.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_selftest: keep devices in ExitBootServices() 2020-11-14T04:05:46+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-11-12T20:26:28+00:00 fccd3d9c42fbc6d6bfc5bac26bd6db413b2ab75b When calling ExitBootServices during out unit tests we should not detach devices as we need console output for runtime tests. Fixes: 529441ca89b1 ("efi_loader: Disable devices before handing over control") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
When calling ExitBootServices during out unit tests we should not detach
devices as we need console output for runtime tests.

Fixes: 529441ca89b1 ("efi_loader: Disable devices before handing over control")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add efi_create_indexed_name() 2020-10-30T13:27:43+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-10-29T04:47:46+00:00 077153e085b48e7683552667ab2247c991c1e1ff This function will be used from several places in UEFI subsystem to generate some specific form of utf-16 variable name. For example, L"Capsule0001" Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Move function to separate module. Use char * as argument instead of u16 *. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This function will be used from several places in UEFI subsystem
to generate some specific form of utf-16 variable name.
For example, L"Capsule0001"

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Move function to separate module.
Use char * as argument instead of u16 *.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: installation of EFI_RNG_PROTOCOL 2020-09-27T14:10:45+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-09-25T10:50:19+00:00 b59c13d42f42811912fd08f32f11e68a8e708c00 Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure to boot Linux 5.8. Only install the EFI_RNG_PROTOCOL if we have a RNG device. Reported-by: Scott K Logan <logans@cottsay.net> Cc: Neil Armstrong <narmstrong@baylibre.com> Cc: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.

Only install the EFI_RNG_PROTOCOL if we have a RNG device.

Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: efi_dp_check_length() 2020-08-24T14:37:53+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-23T08:49:46+00:00 5cad4a30932a31f1646510d35af7e9e36f71708a We need to check that device paths provided via UEFI variables are not malformed. Provide function efi_dp_check_length() to check if a device path has an end node within a given number of bytes. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We need to check that device paths provided via UEFI variables are not
malformed.

Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: signature: correct a behavior against multiple signatures 2020-08-14T10:28:25+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-14T05:39:23+00:00 52956e535e65c852b1f95d2ca5044cb7c4fc6bbe Under the current implementation, all the signatures, if any, in a signed image must be verified before loading it. Meanwhile, UEFI specification v2.8b section 32.5.3.3 says, Multiple signatures are allowed to exist in the binary’s certificate table (as per PE/COFF Section “Attribute Certificate Table”). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx. This patch makes the semantics of signature verification compliant with the specification mentioned above. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: signature: rework for intermediate certificates support 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:22+00:00 1115edd8462b047f83fcca4abcf89b68f2d87041 In this commit, efi_signature_verify(with_sigdb) will be re-implemented using pcks7_verify_one() in order to support certificates chain, where the signer's certificate will be signed by an intermediate CA (certificate authority) and the latter's certificate will also be signed by another CA and so on. What we need to do here is to search for certificates in a signature, build up a chain of certificates and verify one by one. pkcs7_verify_one() handles most of these steps except the last one. pkcs7_verify_one() returns, if succeeded, the last certificate to verify, which can be either a self-signed one or one that should be signed by one of certificates in "db". Re-worked efi_signature_verify() will take care of this step. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: set load options in boot manager 2020-08-08T17:03:24+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-07T15:49:39+00:00 0ad64007feb93dced461647c75f782160b1c8ede Up to now we used the value of the bootargs environment variable as load options in the boot manager. This is not correct. The data has to be taken from the Boot#### variable. Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load options to the loaded image protocol. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.

Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>