u-boot.git/include/efi_loader.h, branch v2022.07-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: add sha384/512 on certificate revocation 2022-05-07T21:17:26+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-05-06T12:36:00+00:00 b436cc6a57cae017343a549f4b701e748d7e6448 Currently we don't support sha384/512 for the X.509 certificate in dbx. Moreover if we come across such a hash we skip the check and approve the image, although the image might needs to be rejected. Rework the code a bit and fix it by adding an array of structs with the supported GUIDs, len and literal used in the U-Boot crypto APIs instead of hardcoding the GUID types. It's worth noting here that efi_hash_regions() can now be reused from efi_signature_lookup_digest() and add sha348/512 support there as well Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: export efi_locate_device_handle() 2022-05-03T19:39:22+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-28T08:09:38+00:00 d8465ffc019a742ae6c8770179f359317c5f101a This function will be used in the next commit where some behavior of EFI boot manager will be expanded. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
This function will be used in the next commit where some behavior
of EFI boot manager will be expanded.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: disk: a helper function to create efi_disk objects from udevice 2022-04-23T20:05:41+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-19T01:05:12+00:00 a9bf024b2933bba0e23038892970a18b72dfaeb4 Add efi_disk_probe() function. This function creates an efi_disk object for a raw disk device (UCLASS_BLK) and additional objects for related partitions (UCLASS_PARTITION). So this function is expected to be called through driver model's "probe" interface every time one raw disk device is detected and activated. We assume that partition devices (UCLASS_PARTITION) have been created when this function is invoked. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Add efi_disk_probe() function.
This function creates an efi_disk object for a raw disk device (UCLASS_BLK)
and additional objects for related partitions (UCLASS_PARTITION).

So this function is expected to be called through driver model's "probe"
interface every time one raw disk device is detected and activated.
We assume that partition devices (UCLASS_PARTITION) have been created
when this function is invoked.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: split efi_init_obj_list() into two stages 2022-04-23T20:05:41+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-04-19T01:05:11+00:00 a57ad20d07e82f9ddbbdf981c8f8dd5368b225e4 In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated in order to support dynamic enumeration of efi_disk objects. This can, however, be problematic particularly in case of file-based variable storage (efi_variable.c, default). Non-volatile variables are to be restored from EFI system partition by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list() is called in board_init_r(), we don't know yet what disk devices we have since none of device probing commands (say, scsi rescan) has not been executed at that stage. So in this commit, a preparatory change is made; efi_init_obj_list() is broken into the two functions; * efi_init_early(), and * new efi_init_obj_list() Only efi_init_early() will be called in board_init_r(), which allows us to execute any of device probing commands, either though "preboot" variable or normal command line, before calling efi_init_obj_list() which is to be invoked at the first execution of an efi-related command (or at efi_launch_capsules()) as used to be. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated
in order to support dynamic enumeration of efi_disk objects.

This can, however, be problematic particularly in case of file-based
variable storage (efi_variable.c, default).
Non-volatile variables are to be restored from EFI system partition
by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list()
is called in board_init_r(), we don't know yet what disk devices
we have since none of device probing commands (say, scsi rescan) has not
been executed at that stage.

So in this commit, a preparatory change is made; efi_init_obj_list() is
broken into the two functions;
   * efi_init_early(), and
   * new efi_init_obj_list()

Only efi_init_early() will be called in board_init_r(), which allows
us to execute any of device probing commands, either though "preboot"
variable or normal command line, before calling efi_init_obj_list() which
is to be invoked at the first execution of an efi-related command
(or at efi_launch_capsules()) as used to be.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
capsule: board: Add information needed for capsule updates 2022-04-15T08:43:18+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2022-04-15T05:59:34+00:00 741ef867288bb294039e34ab2287ffe981b05b86 Add a structure which defines the information that is needed for executing capsule updates on a platform. Some information in the structure like the dfu string is used for making the update process more robust while some information like the per platform image GUIDs is used for fixing issues. Initialise this structure in the board file, and use the information for the capsule updates. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
Add a structure which defines the information that is needed for
executing capsule updates on a platform. Some information in the
structure like the dfu string is used for making the update process
more robust while some information like the per platform image GUIDs
is used for fixing issues. Initialise this structure in the board
file, and use the information for the capsule updates.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
efi_loader: remove efi_disk_is_system_part() 2022-03-20T10:03:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-03-04T23:36:50+00:00 b78631d54f72f063e1f2a5d14a349b1b0d8fbce7 The block IO protocol may be installed on any handle. We should make no assumption about the structure the handle points to. efi_disk_is_system_part() makes an illegal widening cast from a handle to a struct efi_disk_obj. Remove the function. Fixes: Fixes: 41fd506842c2 ("efi_loader: disk: add efi_disk_is_system_part()") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The block IO protocol may be installed on any handle. We should make
no assumption about the structure the handle points to.

efi_disk_is_system_part() makes an illegal widening cast from a handle
to a struct efi_disk_obj. Remove the function.

Fixes: Fixes: 41fd506842c2 ("efi_loader: disk: add efi_disk_is_system_part()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: export efi_system_partition_guid 2022-03-20T10:03:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-03-19T06:04:03+00:00 90dcd9b2d3a318391453d9d623d931a568906cb5 The efi_system_partition_guid is needed in multiple places. Export it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The efi_system_partition_guid is needed in multiple places. Export it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: efi_dp_find_obj() add protocol check 2022-03-20T10:03:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-03-19T05:35:43+00:00 e46ef1db9e2c87d5aa13a04ea2329b8bae7ea9db Let function efi_dp_find_obj() additionally check if a given protocol is installed on the handle relating to the device-path. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Let function efi_dp_find_obj() additionally check if a given protocol is
installed on the handle relating to the device-path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: fix efi_dp_find_obj() 2022-03-20T10:03:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-03-04T07:20:00+00:00 c409593d0853da646194b0a3d65c8b45fe7cb6d4 efi_dp_find_obj() should not return any handle with a partially matching device path but the handle with the maximum matching device path. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
efi_dp_find_obj() should not return any handle with a partially matching
device path but the handle with the maximum matching device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: export efi_dp_shorten() 2022-03-20T10:03:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-02-26T11:10:10+00:00 8399488672e8717d3aa454f9f67408f96168074f Rename function shorten_path() to efi_dp_shorten() and export it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Rename function shorten_path() to efi_dp_shorten() and export it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>