u-boot.git/lib/efi_loader/efi_variable.c, branch v2023.01 Unnamed repository; edit this file 'description' to name the repository. efi_loader: avoid adding variables twice 2022-12-29T09:51:50+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-12-29T08:13:22+00:00 77bb14758dcb1876c7bbfa4cead67c90f2d86a44 When the efi subsystem starts we restore variables that are both in a file or stored into the .efi_runtime section of U-Boot. However once a variable gets created or changed the preseeded entries will end up in the file. As a consequence on the next boot we will end up adding identical variable entries twice. Fix this by checking if the to be inserted variable already exists. Also swap the restoration order and start with the file instead of the builtin variables, so a user can replace the preseeded ones if needed. Tested-by: Leo Yan <leo.yan@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
When the efi subsystem starts we restore variables that are both in a
file or stored into the .efi_runtime section of U-Boot.  However once
a variable gets created or changed the preseeded entries will end up in
the file.  As a consequence on the next boot we will end up adding
identical variable entries twice.

Fix this by checking if the to be inserted variable already exists.
Also swap the restoration order and start with the file instead of the
builtin variables,  so a user can replace the preseeded ones if needed.

Tested-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: Use 16-bit unicode strings 2022-02-03T17:16:01+00:00 Simon Glass sjg@chromium.org 2022-01-23T19:55:12+00:00 156ccbc3c4581a1e6d29c51f4af4e120e30a2ef0 At present we use wide characters for unicode but this is not necessary. Change the code to use the 'u' literal instead. This helps to fix build warnings for sandbox on rpi. Signed-off-by: Simon Glass <sjg@chromium.org> Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
At present we use wide characters for unicode but this is not necessary.
Change the code to use the 'u' literal instead. This helps to fix build
warnings for sandbox on rpi.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: treat UEFI variable name as const 2021-10-25T19:13:06+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-09-09T05:12:14+00:00 d47671c631c3f3f3bbf0a33f6bf8afeebfe8c091 UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
UEFI variable names are typically constants and hence should be defined as
const. Unfortunately some of our API functions do not define the parameters
for UEFI variable names as const. This requires unnecessary conversions.

Adjust parameters of several internal functions to tre UEFI variable names
as const.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: efi_auth_var_type for AuditMode, DeployedMode 2021-09-04T10:03:57+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-08-26T02:30:24+00:00 b191aa429e509ba6bf9eb446ae27b1a4fcd83276 Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: don't load signature database from file 2021-09-04T10:03:57+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-08-25T17:13:24+00:00 9ef82e29478c76f17b536f8f289fd0406067ab01 The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: Make the pkcs7 header parsing function an extern 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:57:07+00:00 201b8068f35385c1c7794f24d0a3ac427210f241 The pkcs7 header parsing functionality is pretty generic, and can be used by other features like capsule authentication. Make the function an extern, also changing it's name to efi_parse_pkcs7_header Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
efi_loader: non-volatile variable not deleted from file 2020-11-09T16:28:17+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-11-02T18:32:24+00:00 ab02c3fec499e89e09b0f024ef263821e4b5d918 When deleting a non-volatile variable it was deleted from memory but the deletion was not persisted to the file system. SetVariable() may be called with attributes == 0 to delete a variable. To determine if the deletion shall be persisted we have to consider the non-volatile flag in the attributes of the deleted variable and not the value passed in the call parameter. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
When deleting a non-volatile variable it was deleted from memory but the
deletion was not persisted to the file system.

SetVariable() may be called with attributes == 0 to delete a variable. To
determine if the deletion shall be persisted we have to consider the
non-volatile flag in the attributes of the deleted variable and not the
value passed in the call parameter.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: variable: fix secure state initialization 2020-08-13T20:37:42+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-13T08:05:29+00:00 f68a6d583578799ec2011476ebd1e10590c6eb3c Under the new file-based variable implementation, the secure state is always and falsely set to 0 (hence, the secure boot gets disabled) after the reboot even if PK (and other signature database) has already been enrolled in the previous boot. This is because the secure state is set up *before* loading non-volatile variables' values from saved data. This patch fixes the order of variable initialization and secure state initialization. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: 5f7dcf079de8 ("efi_loader: UEFI variable persistence") 
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.

This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.

This patch fixes the order of variable initialization and secure state
initialization.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Fixes: 5f7dcf079de8 ("efi_loader: UEFI variable persistence")
efi_loader: signature: rework for intermediate certificates support 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-07-21T10:35:22+00:00 1115edd8462b047f83fcca4abcf89b68f2d87041 In this commit, efi_signature_verify(with_sigdb) will be re-implemented using pcks7_verify_one() in order to support certificates chain, where the signer's certificate will be signed by an intermediate CA (certificate authority) and the latter's certificate will also be signed by another CA and so on. What we need to do here is to search for certificates in a signature, build up a chain of certificates and verify one by one. pkcs7_verify_one() handles most of these steps except the last one. pkcs7_verify_one() returns, if succeeded, the last certificate to verify, which can be either a self-signed one or one that should be signed by one of certificates in "db". Re-worked efi_signature_verify() will take care of this step. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.

What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.

pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: variable: keep temporary buffer during the authentication 2020-08-13T20:37:36+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-08-12T00:37:50+00:00 0658bb29b026a6af434b9e0cdeced5d25bdd206f This is a bug fix; Setting an authenticated variable may fail due to a memory corruption in the authentication. A temporary buffer will, if needed, be allocated to parse a variable's authentication data, and some portion of buffer, specifically signer's certificates, will be referenced by efi_signature_verify(). So the buffer should be kept valid until the authentication process is finished. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.

A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().

So the buffer should be kept valid until the authentication process
is finished.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>