u-boot.git/lib/efi_loader, branch v2021.10 Unnamed repository; edit this file 'description' to name the repository. efi_loader: Fix spec ID event creation 2021-09-25T10:31:08+00:00 Ruchika Gupta ruchika.gupta@linaro.org 2021-09-14T06:44:31+00:00 346cee3ac5782fefeaeda2b54914b029547adf52 TCG EFI Protocol Specification defines the number_of_algorithms field in spec ID event to be equal to the number of active algorithms supported by the TPM device. In current implementation, this field is populated with the count of all algorithms supported by the TPM which leads to incorrect spec ID event creation. Similarly, the algorithm array in spec ID event should be a variable length array with length being equal to the number_of_algorithms field. In current implementation this is defined as a fixed length array which has been fixed. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> CC: Masahisa Kojima <masahisa.kojima@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
TCG EFI Protocol Specification defines the number_of_algorithms
field in spec ID event to be equal to the number of active
algorithms supported by the TPM device. In current implementation,
this field is populated with the count of all algorithms supported
by the TPM which leads to incorrect spec ID event creation.

Similarly, the algorithm array in spec ID event should be a variable
length array with length being equal to the number_of_algorithms field.
In current implementation this is defined as a fixed length array
which has been fixed.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
CC: Masahisa Kojima <masahisa.kojima@linaro.org>
CC: Ilias Apalodimas <ilias.apalodimas@linaro.org>
CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Revert "efi_capsule: Move signature from DTB to .rodata" 2021-09-18T09:47:50+00:00 Simon Glass sjg@chromium.org 2021-08-02T14:44:31+00:00 47a25e81d35c8d801cae9089de90c9ffea083409 This was unfortunately applied despite much discussion about it beiong the wrong way to implement this feature. Revert it before too many other things are built on top of it. This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492. Signed-off-by: Simon Glass <sjg@chromium.org> 
This was unfortunately applied despite much discussion about it beiong
the wrong way to implement this feature.

Revert it before too many other things are built on top of it.

This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492.
Signed-off-by: Simon Glass <sjg@chromium.org>
Merge tag 'efi-2021-10-rc4-2' of https://source.denx.de/u-boot/custodians/u-boot-efi 2021-09-13T00:33:21+00:00 Tom Rini trini@konsulko.com 2021-09-13T00:33:21+00:00 56a85b831ffe30425645172395c4704caba38bf9 Pull request for efi-2021-10-rc4-2 Documentation: * improve documentation of U-Boot for /config DT node * integrate bloblist documentation UEFI: * correct usage of EFI_CALL() * code tidy up 
Pull request for efi-2021-10-rc4-2

Documentation:

* improve documentation of U-Boot for /config DT node
* integrate bloblist documentation

UEFI:

* correct usage of EFI_CALL()
* code tidy up
efi_loader: simplify efi_watchdog_timer_notify() 2021-09-11T09:02:02+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-09-09T05:47:05+00:00 aec7c0925c8e9dc8b1475f3dfec6b54573a8ab17 We can call do_reset() directly without invoking the UEFI API. This decreases the code size. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
We can call do_reset() directly without invoking the UEFI API.
This decreases the code size.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: Remove incorrect calls of EFI_CALL in TCG2 2021-09-11T09:02:02+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2021-09-08T21:30:49+00:00 0bf538ce0c6d7cdf68749425e6c9f7b729066367 There is two unneeded EFI_CALL references in tcg2_measure_pe_image(). The first one in efi_search_protocol() and the second on in the device path calculation. The second isn't even a function we should be calling, but a pointer assignment, which happens to work with the existing macro. While at it switch the malloc call to a calloc, remove the unnecessary cast and get rid of an unneeded if statement before copying the device path Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
There is two unneeded EFI_CALL references in tcg2_measure_pe_image().
The first one in efi_search_protocol() and the second on in the device path
calculation.  The second isn't even a function we should be calling, but a
pointer assignment, which happens to work with the existing macro.

While at it switch the malloc call to a calloc, remove the unnecessary cast
and get rid of an unneeded if statement before copying the device path

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: require CONFIG_BLK 2021-09-11T09:02:02+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-09-07T06:56:47+00:00 6919619f9cf441290286365c14ed557ad1776886 The move to driver model should by now be completed. To be able to remove pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI support. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
The move to driver model should by now be completed. To be able to remove
pre-driver model code from our block IO code require CONFIG_BLK=y for UEFI
support.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: boot_service_capability_min should be capitalized 2021-09-11T09:02:02+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-09-06T03:04:12+00:00 bad49da2bc4702dc3a12b6a4f07a87a70bf521b4 boot_service_capability_min is constant, it should be capitalized. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
boot_service_capability_min is constant, it should be capitalized.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Kconfig: Drop duplicate 'select SHA512' instances 2021-09-09T15:11:33+00:00 Tom Rini trini@konsulko.com 2021-09-09T14:57:34+00:00 465bff8b10b7548845b4ddc2b8b373d794e2eef9 When dropping SHA512_ALGO in general, we didn't catch some cases where an option was selecting both SHA512 and SHA512_ALGO and caused them to select SHA512 twice. Kconfig doesn't complain, but this is still wrong and should be corrected. Fixes: e60e44993120 ("lib: Drop SHA512_ALGO in lieu of SHA512") Reported-by: Andreas Schwab <schwab@suse.de> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> 
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting  both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice.  Kconfig doesn't complain, but this is still wrong
and should be corrected.

Fixes: e60e44993120 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
lib: Drop SHA512_ALGO in lieu of SHA512 2021-09-08T20:11:46+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-03T00:54:18+00:00 e60e449931201eaf9a1883dfddef1c5cb6bf161d SHA512_ALGO was used as a "either SHA512 or SHA384", although the implementations of these two algorithms share a majority of code. From a Kconfig interface perspective, it makes sense to present two distinct options. This requires #ifdefing out the SHA512 implementation from sha512.c. The latter doesn't make any sense. It's reasonable to say in Kconfig that SHA384 depends on SHA512, and seems to be the more polite way to handle the selection. Thus, automatically select SHA512 when SHA384 is enabled. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check 2021-09-04T10:03:57+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-09-03T01:55:52+00:00 538c0f2d3798261161a28a05e445d0c85af56276 TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>