u-boot.git/lib/efi_loader/efi_variable_tee.c, branch v2020.10 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Enable run-time variable support for tee based variables 2020-08-01T09:57:41+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-23T12:49:49+00:00 e01aed47d6a0e4d99e886d80b885fe0898850357 We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We recently added functions for storing/restoring variables
from a file to a memory backed buffer marked as __efi_runtime_data
commit f1f990a8c958 ("efi_loader: memory buffer for variables")
commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence")

Using the same idea we now can support GetVariable() and GetNextVariable()
on the OP-TEE based variables as well.

So let's re-arrange the code a bit and move the commmon code for
accessing variables out of efi_variable.c. Create common functions for
reading variables from memory that both implementations can use on
run-time. Then just use those functions in the run-time variants of the
OP-TEE based EFI variable implementation and initialize the memory
buffer on ExitBootServices()

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Trim output buffer size correctly for tee variables 2020-08-01T09:57:41+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-21T22:50:37+00:00 db94dfbd525943b1bf4ecda81477cedfe70fc50e The current code does not trim the output buffer correctly. In fact it doesn't trim the buffer at all, since it calculates a wrong value for it, which isn't even applied. So let's remove the unused temporary size variable and trim the buffer correctly. Since we are editing efi_get_next_variable_name_int(), fix an indentation error along the way. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Remove superfluous conversion to (u8 *) for memcpy argument. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The current code does not trim the output buffer correctly.
In fact it doesn't trim the buffer at all, since it calculates a wrong
value for it, which isn't even applied.
So let's remove the unused temporary size variable and trim the buffer
correctly.
Since we are editing efi_get_next_variable_name_int(), fix an indentation
error along the way.

Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Remove superfluous conversion to (u8 *) for memcpy argument.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Check for the native OP-TEE result on mm_communicate calls 2020-07-22T10:32:41+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-22T07:32:22+00:00 9b87d4429c145ebb66895c7e053e8d53192180e2 Currently we only check for the return value of tee_invoke_func(). Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll eventually return an error, the correct thing to do is check for the OP_TEE return code as well. So let's check for that and move tee_shm_free() and tee_close_session() before exiting with an error to make sure we always clear the registered memory. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Use EFI_DEVICE_ERROR for TEE communication problems. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.

Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Rename and correct values for ARM_SMC_MM_* 2020-07-22T10:32:41+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-17T04:55:03+00:00 5d1f79ba438dc372c9bddb729d630abbc6e1068b Instead of adding the definition for the specific MM SVC used in StandAloneMM we added the one used in the standard SMC calls. So change the value from -4 to -5 to match the correct one defined in EDK2 and rename them to avoid future confusion Fixes 23a397d2e2fb: ("efi_loader: Add headers for EDK2 StandAloneMM communication") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion

Fixes 23a397d2e2fb: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: update secure state 2020-07-16T10:37:02+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-07-14T06:14:08+00:00 1a7b0f6e4ec908da1f93ea77a251429892ef0c8a Update the UEFI secure state when variable 'PK' is updated in the TEE variables implementation. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Update the UEFI secure state when variable 'PK' is updated in the TEE
variables implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: display RO attribute with TEE-backed variables 2020-07-16T10:37:02+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-09T20:00:40+00:00 f96744b2509622302dbc6bd6f2f669fc406c24d3 A previous commit adds support for displaying variables RO flag. Let's add it on the TEE backed variable storage as well. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
A previous commit adds support for displaying variables RO flag.
Let's add it on the TEE backed variable storage as well.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: separate UEFI variable API from implemementation 2020-07-11T21:14:16+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-06-26T15:57:48+00:00 01df8cf33634a36566281af475cc520c3febad4d Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: prepare for read only OP-TEE variables 2020-07-11T21:14:16+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-06-22T16:10:27+00:00 f2d2b3a11ce18663ea95c29eb2c609efd77b7999 We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We currently have two implementations of UEFI variables:

* variables provided via an OP-TEE module
* variables stored in the U-Boot environment

Read only variables are up to now only implemented in the U-Boot
environment implementation.

Provide a common interface for both implementations that allows handling
read-only variables.

As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: cleanup for tee backed variables 2020-07-11T21:14:16+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-07-01T13:41:25+00:00 ecb833a0c623172cf72e1c6dda9e6362c30d5a86 There's 2 variables in efi_get_next_variable_name() checking the size of the variable name. Let's get rid of the reduntant definition and simplitfy the code a bit. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Implement EFI variable handling via OP-TEE 2020-05-17T19:59:53+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2020-05-17T19:25:44+00:00 f042e47e8fb433a7a1f8a25d997ba0fe74e2db53 In OP-TEE we can run EDK2's StandAloneMM on a secure partition. StandAloneMM is responsible for the UEFI variable support. In combination with OP-TEE and it's U-Boot supplicant, variables are authenticated/validated in secure world and stored on an RPMB partition. So let's add a new config option in U-Boot implementing the necessary calls to OP-TEE for the variable management. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.

So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>