u-boot.git/lib/efi_loader/efi_image_loader.c, branch v2025.01 Unnamed repository; edit this file 'description' to name the repository. lib: Remove duplicate newlines 2024-07-15T18:12:18+00:00 Marek Vasut marek.vasut+renesas@mailbox.org 2024-07-13T13:19:22+00:00 2f8c004a5ae51b9b88479f3a728c564c021f50c5 Drop all duplicate newlines. No functional change. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> 
Drop all duplicate newlines. No functional change.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
efi_loader: avoid duplicate weak invalidate_icache_all() 2024-06-19T19:10:23+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-06-16T17:31:05+00:00 19d41f495a24f112ed62c041d18e53334e1b791d If multiple weak implementations of a weak function exist, it is unclear which one the linker should chose. cmd/cache.c already defines a weak invalidate_icache_all(). We don't need a call to invalidate_icache_all() on x86. ARM, RISC-V, and Sandbox provide an implementation. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
If multiple weak implementations of a weak function exist, it is unclear
which one the linker should chose. cmd/cache.c already defines a weak
invalidate_icache_all().

We don't need a call to invalidate_icache_all() on x86.
ARM, RISC-V, and Sandbox provide an implementation.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Remove <common.h> 2023-12-21T13:54:37+00:00 Tom Rini trini@konsulko.com 2023-12-14T18:16:55+00:00 c38cb227d39f8ce9983df8051f31dcc8466f311e We largely do not need <common.h> in these files, so drop it. The only exception here is that efi_freestanding.c needs <linux/types.h> and had been getting that via <common.h>. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
We largely do not need <common.h> in these files, so drop it. The only
exception here is that efi_freestanding.c needs <linux/types.h> and had
been getting that via <common.h>.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
efi_loader: Fix memory corruption on 32bit systems 2023-08-03T07:21:02+00:00 Dan Carpenter dan.carpenter@linaro.org 2023-07-26T06:54:52+00:00 829445382c196301309b7f12630c1e04a4986eba It's pretty unlikely that anyone is going to be using EFI authentication on a 32bit system. However, if you did, the efi_prepare_aligned_image() function would write 8 bytes of data to the &efi_size variable and it can only hold 4 bytes so that corrupts memory. Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
It's pretty unlikely that anyone is going to be using EFI authentication
on a 32bit system.  However, if you did, the efi_prepare_aligned_image()
function would write 8 bytes of data to the &efi_size variable and it
can only hold 4 bytes so that corrupts memory.

Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct SPL use of EFI_TCG2_PROTOCOL 2023-02-09T21:32:26+00:00 Simon Glass sjg@chromium.org 2023-02-05T22:39:46+00:00 07754cb0aece3e8d37637d77185f685f1cdfb404 This converts 1 usage of this option to the non-SPL form, since there is no SPL_EFI_TCG2_PROTOCOL defined in Kconfig Signed-off-by: Simon Glass <sjg@chromium.org> 
This converts 1 usage of this option to the non-SPL form, since there is
no SPL_EFI_TCG2_PROTOCOL defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: image_loader: add a missing digest verification for signed PE image 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:14+00:00 634f6b2fb1056021fba603ccb7488d1864787576 At the last step of PE image authentication, an image's hash value must be compared with a message digest stored as the content (of SpcPeImageData type) of pkcs7's contentInfo. Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.

Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: image_loader: replace EFI_PRINT with log macros 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:13+00:00 b72d09fa7df75d56d2b618ce029bc8b001ed276b Now We are migrating from EFI_PRINT() to log macro's. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Now We are migrating from EFI_PRINT() to log macro's.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: copy GUID in InstallProtocolInterface() 2022-03-12T11:27:07+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-03-09T18:56:23+00:00 66028930dac08f7116b5e3cdba35c3e65676c0cd InstallProtocolInterface() is called with a pointer to the protocol GUID. There is not guarantee that the memory used by the caller for the protocol GUID stays allocated. To play it safe the GUID should be copied to U-Boot's internal structures. Reported-by: Joerie de Gram <j.de.gram@gmail.com> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
InstallProtocolInterface() is called with a pointer to the protocol GUID.
There is not guarantee that the memory used by the caller for the protocol
GUID stays allocated. To play it safe the GUID should be copied to U-Boot's
internal structures.

Reported-by: Joerie de Gram <j.de.gram@gmail.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: fix dual signed image certification 2022-02-11T19:07:55+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-02-11T07:37:49+00:00 54cebe8a3ae8b56d784dbd0672cbd06102423eeb The EFI spec allows for images to carry multiple signatures. Currently we don't adhere to the verification process for such images. The spec says: "Multiple signatures are allowed to exist in the binary's certificate table (as per PE/COFF Section "Attribute Certificate Table"). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx." With our current implementation signing the image with two certificates and inserting both of them in db and one of them dbx doesn't always reject the image. The rejection depends on the order that the image was signed and the order the certificates are read (and checked) in db. While at it move the sha256 hash verification outside the signature checking loop, since it only needs to run once per image and get simplify the logic for authenticating an unsigned imahe using sha256 hashes. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi: Use 16-bit unicode strings 2022-02-03T17:16:01+00:00 Simon Glass sjg@chromium.org 2022-01-23T19:55:12+00:00 156ccbc3c4581a1e6d29c51f4af4e120e30a2ef0 At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>