u-boot.git/lib/efi_loader/efi_image_loader.c, branch v2022.01 Unnamed repository; edit this file 'description' to name the repository. efi_loader: correctly handle no tpm device error 2021-12-09T19:43:25+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-12-07T05:15:33+00:00 f9b51dcf294de9b5a0e3d121027121e320810f19 When the TCG2 protocol is installed in efi_tcg2_register(), TPM2 device must be present. tcg2_measure_pe_image() expects that TCP2 protocol is installed and TPM device is available. If TCG2 Protocol is installed but TPM device is not found, tcg2_measure_pe_image() returns EFI_SECURITY_VIOLATION and efi_load_image() ends with failure. The same error handling is applied to efi_tcg2_measure_efi_app_invocation(). Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
When the TCG2 protocol is installed in efi_tcg2_register(),
TPM2 device must be present.
tcg2_measure_pe_image() expects that TCP2 protocol is installed
and TPM device is available. If TCG2 Protocol is installed but
TPM device is not found, tcg2_measure_pe_image() returns
EFI_SECURITY_VIOLATION and efi_load_image() ends with failure.

The same error handling is applied to
efi_tcg2_measure_efi_app_invocation().

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Fix loaded image alignment 2021-10-21T01:46:04+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-10-11T12:10:23+00:00 ebdea88d57d5e67b8f6e6cf615300eedbc7200a9 We are ignoring the alignment communicated via the PE/COFF header. Starting 5.10 the Linux kernel will loudly complain about it. For more details look at [1] (in linux kernel). So add a function that can allocate aligned EFI memory and use it for our relocated loaded image. [1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Vincent Stehlé <vincent.stehle@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).

So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.

[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Vincent Stehlé <vincent.stehle@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: rounding of image size 2021-09-04T10:03:57+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-08-29T09:52:44+00:00 f3a343d7339acf1d531e438e15fef3c7975cfdcf We should not first allocate memory and then report a rounded up value as image size. Instead first round up according to section allocation and then allocate the memory. Fixes: 82786754b9d2 ("efi_loader: ImageSize must be multiple of SectionAlignment") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.

Fixes: 82786754b9d2 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: sections with zero VirtualSize 2021-09-04T10:03:57+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-08-29T09:52:44+00:00 1ea133acd64eb0099865b0649b1d039ef63787ee In a section header VirtualSize may be zero. This is for instance seen in the .sbat section of shim. In this case use SizeOfRawData as section size. Fixes: 9d30a941cce5 ("efi_loader: don't load beyond VirtualSize") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Asherah Connor <ashe@kivikakk.ee> 
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.

Fixes: 9d30a941cce5 ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
efi_loader: fix Sphinx warning 2021-06-09T10:35:01+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-06-08T22:21:24+00:00 b95e5edc424a14c1d03848c03f92389a945d3e61 Brackets '[' need to be escaped to avoid a build warning lib/efi_loader/efi_image_loader.c:223: WARNING: Inline strong start-string without end-string. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
Brackets '[' need to be escaped to avoid a build warning

    lib/efi_loader/efi_image_loader.c:223:
    WARNING: Inline strong start-string without end-string.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add PE/COFF image measurement 2021-05-28T14:17:01+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-05-26T03:09:58+00:00 163a0d7e2cbdbdf26d90ac8d30c0495b814f3245 "TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log. Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Replace CONFIG_HASH_CALCULATE by CONFIG_HASH Fix conversions between pointers and u64. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace CONFIG_HASH_CALCULATE by CONFIG_HASH
Fix conversions between pointers and u64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled 2021-05-25T11:06:57+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-05-14T00:53:36+00:00 f6081a8a1e45e4864e36d83ccc236eef62478b1f This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: don't load beyond VirtualSize 2021-02-14T09:34:15+00:00 Asherah Connor ashe@kivikakk.ee 2021-02-09T06:19:48+00:00 9d30a941cce5ed055da18398f4deba18830d00d6 PE section table entries' SizeOfRawData must be a multiple of FileAlignment, and thus may be rounded up and larger than their VirtualSize. We should not load beyond the VirtualSize, which is "the total size of the section when loaded into memory" -- we may clobber real data at the target in some other section, since we load sections in reverse order and sections are usually laid out sequentially. Signed-off-by: Asherah Connor <ashe@kivikakk.ee> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.

We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: carve out efi_check_pe() 2021-01-13T01:38:00+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-01-12T11:40:32+00:00 5dad05a0e61d759af2df8cf900d044a8485bd747 Carve out a function to check that a buffer contains a PE-COFF image. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Carve out a function to check that a buffer contains a PE-COFF image.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: error message if image not authenticated 2020-09-06T19:21:41+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-08-27T15:51:32+00:00 0f7878b853bdc363a930381c42b709b7d24066b5 Currently if the bootefi command fails due to missing authentication, the user gets no feedback. Write a log message 'Image not authenticated' if LoadImage() fails due to missing authentication. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.

Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>