u-boot.git/lib/efi_loader/efi_image_loader.c, branch v2020.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: printf code in efi_image_parse() 2020-06-14T19:07:20+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-06-06T11:17:48+00:00 4bb4249b39ce7284408c4d604a656be941427e63 For size_t we have to use %zu for printing not %lu. Fixes: 4540dabdcaca ("efi_loader: image_loader: support image authentication") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
For size_t we have to use %zu for printing not %lu.

Fixes: 4540dabdcaca ("efi_loader: image_loader: support image
authentication")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: simplify PE consistency check 2020-06-03T15:19:18+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-30T05:35:59+00:00 55af40a5781f1de574822745c9c76b3a928388cd Knowing that at least one section header follows the optional header we only need to check for the length of the 64bit header which is longer than the 32bit header. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Knowing that at least one section header follows the optional header we
only need to check for the length of the 64bit header which is longer than
the 32bit header.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: function description cmp_pe_section() 2020-06-03T15:19:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-30T04:44:48+00:00 13f62d9f7edf4fe6a63506e83df03f43a9041cba Rework the description of function cmp_pe_section(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Rework the description of function cmp_pe_section().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: function descriptions efi_image_loader.c 2020-06-03T15:19:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-30T03:48:08+00:00 4afceb4d17ecb07ff92c8489fea066a288e1030e We want to follow the Linux kernel style for function descriptions. Add missing parentheses after function names. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We want to follow the Linux kernel style for function descriptions.

Add missing parentheses after function names.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: fix a Coverity check against array access 2020-05-09T07:30:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-05-08T05:51:59+00:00 52d7bfe78787c93b95e805b44bb4d746a65edde4 Coverity detected: Using "&opt->CheckSum" as an array. This might corrupt or misinterpret adjacent memory locations. The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is packed, but modify it in more logical form. Subsystem is a member next to CheckSum. Reported-by: Coverity (CID 300339) Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Coverity detected:
  Using "&opt->CheckSum" as an array.  This might corrupt or misinterpret
  adjacent memory locations.

The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.

Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: crypto/pkcs7_parser.h is not a local include 2020-05-07T16:23:18+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-05-07T15:57:43+00:00 d7ca3ce3d3b990503cb6e0bafad91aa2a7c96b9d User <> and not "" for referencing a global include. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
User <> and not "" for referencing a global include.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: pkcs7_parse_message() returns error pointer 2020-05-07T16:23:17+00:00 Patrick Wildt patrick@blueri.se 2020-05-07T00:17:14+00:00 6f146155f879ff42d465f0cca8ec2a7f8cb0961e Since pkcs7_parse_message() returns an error pointer, we must not check for NULL. We have to explicitly set msg to NULL in the error case, otherwise the call to pkcs7_free_message() on the goto err path will assume it's a valid object. Signed-off-by: Patrick Wildt <patrick@blueri.se> Add missing include linux/err.h Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Since pkcs7_parse_message() returns an error pointer, we must not
check for NULL.  We have to explicitly set msg to NULL in the error
case, otherwise the call to pkcs7_free_message() on the goto err
path will assume it's a valid object.

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Add missing include linux/err.h
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib/crypto, efi_loader: move some headers to include/crypto 2020-05-04T10:26:11+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-21T00:38:17+00:00 e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular, secure boot. So move them to include/crypto to avoid relative paths. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Don't include include x509_parser.h twice. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: support image authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:44+00:00 4540dabdcacaea50bf874115f28adc103966d25a With this commit, image validation can be enforced, as UEFI specification section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled. Currently we support * authentication based on db and dbx, so dbx-validated image will always be rejected. * following signature types: EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images) EFI_CERT_X509_GUID (x509 certificate for signed images) Timestamp-based certificate revocation is not supported here. Internally, authentication data is stored in one of certificates tables of PE image (See efi_image_parse()) and will be verified by efi_image_authenticate() before loading a given image. It seems that UEFI specification defines the verification process in a bit ambiguous way. I tried to implement it as closely to as EDK2 does. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
common: Move ARM cache operations out of common.h 2019-12-02T23:24:58+00:00 Simon Glass sjg@chromium.org 2019-11-14T19:57:39+00:00 1eb69ae498567bb0b62ee554647204e8245cdacc These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> 
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>