u-boot.git/lib/efi_loader/efi_variable.c, branch v2020.07-rc1 Unnamed repository; edit this file 'description' to name the repository. efi_loader: variable: add VendorKeys variable 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:43+00:00 8353516f4a7e31ee655050033b65218c9733c65a The following variable is exported as UEFI specification defines: VendorKeys: whether the system is configured to use only vendor-provided keys or not The value will have to be modified if a platform has its own way of initializing signature database, in particular, PK. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
	    keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: variable: add secure boot state transition 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:42+00:00 434ffb642240132ab6ecc04c3e8804b8693ace75 UEFI specification defines several global variables which are related to the current secure boot state. In this commit, those values will be maintained according to operations. Currently, AuditMode and DeployedMode are defined but not implemented. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: variable: support variable authentication 2020-04-16T06:12:46+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-04-14T02:51:41+00:00 767f6eeb01d331a7570a1a5e89010b09e5499bfb With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is supported for authenticated variables and the system secure state will transfer between setup mode and user mode as UEFI specification section 32.3 describes. Internally, authentication data is stored as part of authenticated variable's value. It is nothing but a pkcs7 message (but we need some wrapper, see efi_variable_parse_signature()) and will be validated by efi_variable_authenticate(), hence efi_signature_verify_with_db(). Associated time value will be encoded in "{...,time=...}" along with other UEFI variable's attributes. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: definition of GetNextVariableName() 2020-03-22T17:38:02+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-22T17:28:20+00:00 7a4e717b9c0c255137a58f3ab90f002fc3aade2b 'vendor' is both an input and an output parameter. So it cannot be constant. Fixes: 0bda81bfdc5c ("efi_loader: use const efi_guid_t * for variable services") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
'vendor' is both an input and an output parameter. So it cannot be
constant.

Fixes: 0bda81bfdc5c ("efi_loader: use const efi_guid_t * for variable services")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: correct reported length in GetNextVariable() 2020-03-22T10:06:23+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-20T18:04:34+00:00 4d7f5af841c4622fb6c5d155e31c1072f3b052df The runtime service GetNextVariable() returns the length of the next variable including the closing 0x0000. This length should be in bytes. Comparing the output of EDK2 and U-Boot shows that this is currently not correctly implemented: EDK2: OsIndicationsSupported: 46 PlatformLang: 26 PlatformLangCodes: 36 U-Boot: OsIndicationsSupported: 23 PlatformLang: 13 PlatformLangCodes: 18 Provide correct length in GetNextVariable(). Fixes: d99a87f84b75 ("efi_loader: implement GetNextVariableName()") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The runtime service GetNextVariable() returns the length of the next
variable including the closing 0x0000. This length should be in bytes.

Comparing the output of EDK2 and U-Boot shows that this is currently not
correctly implemented:

EDK2:
OsIndicationsSupported: 46
PlatformLang: 26
PlatformLangCodes: 36

U-Boot:
OsIndicationsSupported: 23
PlatformLang: 13
PlatformLangCodes: 18

Provide correct length in GetNextVariable().

Fixes: d99a87f84b75 ("efi_loader: implement GetNextVariableName()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: description of efi_variable.c 2020-03-22T10:06:23+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-03-19T17:15:18+00:00 f0b0f7fe0eecde78a6e3e0f6760834ff12642375 Correct the file description. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Correct the file description.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
crc32: Use the crc.h header for crc functions 2019-12-02T23:23:08+00:00 Simon Glass sjg@chromium.org 2019-11-14T19:57:16+00:00 3db7110857524cf1b7d0a374c1ebcde8a2680de0 Drop inclusion of crc.h in common.h and use the correct header directly instead. With this we can drop the conflicting definition in fw_env.h and rely on the crc.h header, which is already included. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> 
Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
efi_loader: correct includes in efi_variable.c 2019-10-30T16:49:41+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2019-10-26T21:53:48+00:00 e731af4893f7741c66254161ad9b6f5280369895 'make tests' on an 32bit ARM system leads to In file included from ../lib/efi_loader/efi_variable.c:9: ../include/malloc.h:364:7: error: conflicting types for ‘memset’ void* memset(void*, int, size_t); ^~~~~~ In file included from ../include/compiler.h:126, from ../include/env.h:12, from ../lib/efi_loader/efi_variable.c:8: ../include/linux/string.h:103:15: note: previous declaration of ‘memset’ was here extern void * memset(void *,int,__kernel_size_t); ^~~~~~ In file included from ../lib/efi_loader/efi_variable.c:9: ../include/malloc.h:365:7: error: conflicting types for ‘memcpy’ void* memcpy(void*, const void*, size_t); ^~~~~~ In file included from ../include/compiler.h:126, from ../include/env.h:12, from ../lib/efi_loader/efi_variable.c:8: ../include/linux/string.h:106:15: note: previous declaration of ‘memcpy’ was here extern void * memcpy(void *,const void *,__kernel_size_t); ^~~~~~ Use common.h as first include as recommended by the U-Boot coding style guide. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
'make tests' on an 32bit ARM system leads to

In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:364:7: error: conflicting types for ‘memset’
 void* memset(void*, int, size_t);
       ^~~~~~
In file included from ../include/compiler.h:126,
                 from ../include/env.h:12,
                 from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:103:15:
note: previous declaration of ‘memset’ was here
 extern void * memset(void *,int,__kernel_size_t);
               ^~~~~~
In file included from ../lib/efi_loader/efi_variable.c:9:
../include/malloc.h:365:7: error: conflicting types for ‘memcpy’
 void* memcpy(void*, const void*, size_t);
       ^~~~~~
In file included from ../include/compiler.h:126,
                 from ../include/env.h:12,
                 from ../lib/efi_loader/efi_variable.c:8:
../include/linux/string.h:106:15:
note: previous declaration of ‘memcpy’ was here
 extern void * memcpy(void *,const void *,__kernel_size_t);
               ^~~~~~

Use common.h as first include as recommended by the U-Boot coding style
guide.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: appending to non-existent variable 2019-10-06T14:02:36+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2019-09-26T19:40:18+00:00 709292a63afc60bc840493315acf18c6c5e27eb4 Appending to a non-existent variable must result in an error of type EFI_NOT_FOUND. Fixes: 09c76b79a9db ("efi_loader: SetVariable() deleting variables") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Appending to a non-existent variable must result in an error of type
EFI_NOT_FOUND.

Fixes: 09c76b79a9db ("efi_loader: SetVariable() deleting variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: SetVariable() deleting variables 2019-09-23T20:53:25+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2019-09-23T20:38:53+00:00 3545c6614342e8d91055a0f907ca7441ba00b928 APPEND_WRITE with data length zero is allowable according to the UEFI specification. The EDK2 interpretation of no access attributes is attributes = 0. As the UEFI specification is vague in this respect let's stick to EDK2 here. Fixes: commit 6d2f27c5fd60 ("efi_loader: variable: support APPEND_WRITE") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
APPEND_WRITE with data length zero is allowable according to the UEFI
specification.

The EDK2 interpretation of no access attributes is attributes = 0. As
the UEFI specification is vague in this respect let's stick to EDK2 here.

Fixes: commit 6d2f27c5fd60 ("efi_loader: variable: support APPEND_WRITE")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>