u-boot.git/include, branch v2022.10-rc4 Unnamed repository; edit this file 'description' to name the repository. Merge tag 'tpm-03092022' of https://source.denx.de/u-boot/custodians/u-boot-tpm 2022-09-03T18:55:37+00:00 Tom Rini trini@konsulko.com 2022-09-03T18:55:37+00:00 427aa3c9b72b6672f714389a6f71b6cc2841d559 TPM fixes and state reporting 
TPM fixes and state reporting
tpm: Allow committing non-volatile data 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:38+00:00 5208ed187cb6314dc64657802e8e5bb5a5e3a7fb Add an option to tell the TPM to commit non-volatile data immediately it is changed, rather than waiting until later. This is needed in some situations, since if the device reboots it may not write the data. Add definitions for the rest of the Cr50 commands while we are here. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.

Add definitions for the rest of the Cr50 commands while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Implement state command for Cr50 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:37+00:00 4c57ec76b7254cf1743748b70239bddf6100237a Add a vendor-specific TPM2 command for this and implement it for Cr50. Note: This is not part of the TPM spec, but is a Cr50 extension. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Allow reporting the internal state 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:36+00:00 3bb4db4c3883c66ee0bbf152e9ba1d2504fa8c9f It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Require a digest source when extending the PCR 2022-09-03T13:53:58+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:32+00:00 a557d258c6be49ec1253947a227189de149971df This feature is used for measured boot, so we can add a log entry to the TCPA with some information about where the digest comes from. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi: ECPT add EBBRv2.0 conformance profile 2022-09-03T08:13:26+00:00 Jose Marinho jose.marinho@arm.com 2021-12-17T12:55:05+00:00 648a8dcb39306ebd32353d6c503ac3b69e064190 Display the EBBRv2.0 conformance in the ECPT table. The EBBRv2.0 conformance profile is set in the ECPT if CONFIG_EFI_EBBR_2_0_CONFORMANCE=y. Signed-off-by: Jose Marinho <jose.marinho@arm.com> Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE. Enable the setting by default. Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Display the EBBRv2.0 conformance in the ECPT table.

The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.

Signed-off-by: Jose Marinho <jose.marinho@arm.com>

Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: Create ECPT table 2022-09-03T07:35:48+00:00 Jose Marinho jose.marinho@arm.com 2021-12-23T14:51:07+00:00 6b92c1735205eef308a9e33ec90330a3e6d27fc3 The ECPT table will be included in the UEFI specification 2.9+. The ECPT table was introduced in UEFI following the code-first path. The acceptance ticket can be viewed at: https://bugzilla.tianocore.org/show_bug.cgi?id=3591 The Conformance Profiles table is a UEFI configuration table that contains GUID of the UEFI profiles that the UEFI implementation conforms with. The ECPT table is created when CONFIG_EFI_ECPT=y. The config is set by default. Signed-off-by: Jose Marinho <jose.marinho@arm.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
	https://bugzilla.tianocore.org/show_bug.cgi?id=3591

The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.

The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: ensure all block devices are probed 2022-09-01T05:21:25+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-08-31T14:37:35+00:00 d5391bf02b9dc6a84fe33ba913caf70061909950 Only probed block devices are available in the UEFI sub-system. Multiple block devices may be involved in the boot process. So we have to make sure that all block devices are probed. Another reason is that we store UEFI variables on the ESP which may be on any block device. On the sandbox before the patch: => efidebug devices No EFI system partition Device Device Path ================ ==================== 000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b) 000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D) 000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1) After the patch: => efidebug devices No EFI system partition Device Device Path ================ ==================== 000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b) 000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D) 000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0) 000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1) 000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1) 000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1) 000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2) 000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1) Fixes: a9bf024b2933 ("efi_loader: disk: a helper function to create efi_disk objects from udevice") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Only probed block devices are available in the UEFI sub-system. Multiple
block devices may be involved in the boot process. So we have to make sure
that all block devices are probed. Another reason is that we store UEFI
variables on the ESP which may be on any block device.

On the sandbox before the patch:

=> efidebug devices
No EFI system partition
Device           Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)

After the patch:

=> efidebug devices
No EFI system partition
Device           Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0)
000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)
000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1)
000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1)
000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2)
000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)

Fixes: a9bf024b2933 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
corenet_ds.h: Remove 2022-08-31T16:21:47+00:00 Tom Rini trini@konsulko.com 2022-08-26T14:53:36+00:00 fdffe6aae2c3a09f4502edd890ebb1200ff8f486 This was missed when removing the platform. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
This was missed when removing the platform.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
fs: fix comment typo 2022-08-31T16:16:01+00:00 Roger Knecht rknecht@pm.me 2022-08-25T12:12:01+00:00 da223d812bfe01ad745badce45a2d3b4482dc536 Fix typo in include/fs.h Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Roger Knecht <rknecht@pm.me> 
Fix typo in include/fs.h

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Roger Knecht <rknecht@pm.me>