u-boot.git/lib/efi_loader, branch v2021.10-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: refactor efi_append_scrtm_version() 2021-08-14T18:54:41+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-08-13T07:12:42+00:00 61ee780352e054df587d8781f23b323c967b5d2a Refactor efi_append_scrtm_version() to use common function for adding eventlog and extending PCR. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add ExitBootServices() measurement 2021-08-14T18:54:41+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-08-13T07:12:41+00:00 fdff03e5b338772b9340b7b2965b9de71c323f24 TCG PC Client PFP spec requires to measure "Exit Boot Services Invocation" if ExitBootServices() is invoked. Depending upon the return code from the ExitBootServices() call, "Exit Boot Services Returned with Success" or "Exit Boot Services Returned with Failure" is also measured. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Swap two ifs in efi_exit_boot_services(). efi_tcg2_notify_exit_boot_services must have EFIAPI signature. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add boot variable measurement 2021-08-14T18:54:41+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-08-13T07:12:40+00:00 8fc4e0b4273adc741dfd1917970162ca224f98bf TCG PC Client PFP spec requires to measure "Boot####" and "BootOrder" variables, EV_SEPARATOR event prior to the Ready to Boot invocation. Since u-boot does not implement Ready to Boot event, these measurements are performed when efi_start_image() is called. TCG spec also requires to measure "Calling EFI Application from Boot Option" for each boot attempt, and "Returning from EFI Application from Boot Option" if a boot device returns control back to the Boot Manager. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.

TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add secure boot variable measurement 2021-08-14T18:54:41+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-08-13T07:12:39+00:00 cfbcf054a323b692e85e73fc2a57400ee92f6b63 TCG PC Client PFP spec requires to measure the secure boot policy before validating the UEFI image. This commit adds the secure boot variable measurement of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr". Note that this implementation assumes that secure boot variables are pre-configured and not be set/updated in runtime. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".

Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: Uri() device path node 2021-08-14T18:54:41+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-08-05T21:10:05+00:00 148ce20520760d17f1d9db23c0575ffeed60a287 iPXE used Uri() device path nodes. So we should support them in the device path to text protocol. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: typo cerificate 2021-08-02T06:21:12+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-08-02T06:21:12+00:00 78e6b871fdcf4bb86c6d7292a0e5d4a98e1435b6 %s/cerificate/certificate/ Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
%s/cerificate/certificate/

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: remove asm/setjmp.h from efi_api.h 2021-07-24T08:49:51+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2021-07-20T05:57:02+00:00 86a3d43bff414f30089b1b9a7b01234aca58763d In the commit c982874e930d ("efi_loader: refactor efi_setup_loaded_image()"), setjmp-related definitions were moved to efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer refererenced in efi_api.h. This also fixes some error when efi_api.h will be included in mkeficapsule.c. Fixes: c982874e930d ("efi_loader: refactor efi_setup_loaded_image()") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
In the commit c982874e930d ("efi_loader: refactor
efi_setup_loaded_image()"), setjmp-related definitions were moved to
efi_loaded_image_obj in efi_loader.h. So setjmp.h is no longer
refererenced in efi_api.h.

This also fixes some error when efi_api.h will be included in
mkeficapsule.c.

Fixes: c982874e930d ("efi_loader: refactor efi_setup_loaded_image()")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: capsule: remove authentication data 2021-07-24T08:49:51+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2021-07-20T05:52:05+00:00 c2cc60c1f93b9935c493fbe107ef8111e8baf200 If capsule authentication is disabled and yet a capsule file is signed, its signature must be removed from image data to flush. Otherwise, the firmware will be corrupted after update. Fixes: 04be98bd6bcf ("efi: capsule: Add support for uefi capsule authentication") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
If capsule authentication is disabled and yet a capsule file is signed,
its signature must be removed from image data to flush.
Otherwise, the firmware will be corrupted after update.

Fixes: 04be98bd6bcf ("efi: capsule: Add support for uefi capsule
	authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: capsule: remove unused guid 2021-07-24T08:49:51+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2021-07-20T05:53:11+00:00 ef890f6331f77911a911714bf289f9e290138d4b efi_guid_capsule_root_cert_guid is never used. Just remove it. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
efi_guid_capsule_root_cert_guid is never used.
Just remove it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
smbios: error handling for invalid addresses 2021-07-24T08:49:51+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2021-05-15T16:07:47+00:00 c193d9bd284565df4ddcdd1e9190d2ce718e9eb7 SMBIOS tables only support 32bit addresses. If we don't have memory here handle the error gracefully: * on x86_64 fail to start U-Boot * during UEFI booting ignore the missing table Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
SMBIOS tables only support 32bit addresses. If we don't have memory here
handle the error gracefully:

* on x86_64 fail to start U-Boot
* during UEFI booting ignore the missing table

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>