u-boot.git/include/efi_loader.h, branch v2021.04 Unnamed repository; edit this file 'description' to name the repository. efi_loader: fix documentation in efi_loader.h 2021-02-26T15:17:43+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-02-25T07:02:37+00:00 c6f077a207921df8259170916ae9a2952b1fcd71 Correct missing descriptions and typos in efi_loader.h. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Correct missing descriptions and typos in efi_loader.h.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: efi_size_in_pages() missing parentheses 2021-01-20T07:17:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-17T06:52:09+00:00 0a7e5165ec21d8092565a833211b21b356195398 Add parentheses around size to avoid possible operator precedence problems. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Add parentheses around size to avoid possible operator precedence problems.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: remove EFI_UNICODE_COLLATION_PROTOCOL 2021-01-20T07:17:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-16T08:58:06+00:00 19ea5e66de3b68fc12533a32c412bfe0594f9ea0 In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2 language codes existed. This protocol is not part of the UEFI specification any longer. It was however required to run the UEFI Self Certification Test (SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of running the SCT. As the SCT does not need the protocol anymore it is time for removal. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In EFI 1.10 a version of the Unicode collation protocol using ISO 639-2
language codes existed. This protocol is not part of the UEFI specification
any longer. It was however required to run the UEFI Self Certification Test
(SCT) II, version 2.6, 2017. So we implemented it for the sole purpose of
running the SCT.

As the SCT does not need the protocol anymore it is time for removal.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: implement EFI_DT_FIXUP_PROTOCOL 2021-01-13T01:38:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-12-13T09:30:24+00:00 94686f60a2b9fd87842f473a5cdca316668765c3 A boot manager like GRUB can use the protocol to * apply U-Boot's fix-ups to the a device-tree * let U-Boot make memory reservations according to the device-tree * install the device-tree as a configuration table Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
A boot manager like GRUB can use the protocol to

* apply U-Boot's fix-ups to the a device-tree
* let U-Boot make memory reservations according to the device-tree
* install the device-tree as a configuration table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: setting boot device 2021-01-13T01:38:00+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-12T11:46:24+00:00 5f59518a7b1aef9ad3a91defa06cff82dd01cdc5 Up to now the bootefi command used the last file loaded to determine the boot partition. This has led to errors when the fdt had been loaded from another partition after the EFI binary. Before setting the boot device from a loaded file check if it is a PE-COFF image or a FIT image. For a PE-COFF image remember address and size, boot device and path. For a FIT image remember boot device and path. If the PE-COFF image is overwritten by loading another file, forget it. Do not allow to start an image via bootefi which is not the last loaded PE-COFF image. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Up to now the bootefi command used the last file loaded to determine the
boot partition. This has led to errors when the fdt had been loaded from
another partition after the EFI binary.

Before setting the boot device from a loaded file check if it is a PE-COFF
image or a FIT image.

For a PE-COFF image remember address and size, boot device and path.

For a FIT image remember boot device and path.

If the PE-COFF image is overwritten by loading another file, forget it.

Do not allow to start an image via bootefi which is not the last loaded
PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: carve out efi_check_pe() 2021-01-13T01:38:00+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-12T11:40:32+00:00 5dad05a0e61d759af2df8cf900d044a8485bd747 Carve out a function to check that a buffer contains a PE-COFF image. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Carve out a function to check that a buffer contains a PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi: capsule: Add support for uefi capsule authentication 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:57:09+00:00 04be98bd6bcfccf3ab028fda0ca962dd00f61260 Add support for authenticating uefi capsules. Most of the signature verification functionality is shared with the uefi secure boot feature. The root certificate containing the public key used for the signature verification is stored as part of the device tree blob. The root certificate is stored as an efi signature list(esl) file -- this file contains the x509 certificate which is the root certificate. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.

The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
efi_loader: Re-factor code to build the signature store from efi signature list 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:57:08+00:00 b4f20a5d83f0b8a5c30128966eabe68748631e66 The efi_sigstore_parse_sigdb function reads the uefi authenticated variable, stored in the signature database format and builds the signature store structure. Factor out the code for building the signature store. This can then be used by the capsule authentication routine to build the signature store even when the signature database is not stored as an uefi authenticated variable Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
efi_loader: Make the pkcs7 header parsing function an extern 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:57:07+00:00 201b8068f35385c1c7794f24d0a3ac427210f241 The pkcs7 header parsing functionality is pretty generic, and can be used by other features like capsule authentication. Make the function an extern, also changing it's name to efi_parse_pkcs7_header Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
efi_loader: Add size checks to efi_create_indexed_name() 2020-12-31T13:33:23+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-12-31T10:26:46+00:00 fe179d7fb5c10d8a4e299af06c766f47f2c8d51a Although the function description states the caller must provide a sufficient buffer, it's better to have in function checks that the destination buffer can hold the intended value. So let's add an extra argument with the buffer size and check that before doing any copying. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.

So let's add an extra argument with the buffer size and check that
before doing any copying.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>