u-boot.git/lib/efi_loader, branch v2022.01-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: fix BootOrder variable measurement handling 2021-11-10T19:57:54+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-11-09T09:44:54+00:00 c9c1cdbda3deea265838cf6c6bd6a1eb1569e15c UEFI specification does not require that BootOrder is defined. In current implementation, boot variable measurement fails and returns EFI_NOT_FOUND if BootOrder is not defined. This commit correcly handles this case, skip the boot variable measurement if BootOrder is not defined. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
UEFI specification does not require that BootOrder is defined.
In current implementation, boot variable measurement fails and
returns EFI_NOT_FOUND if BootOrder is not defined.

This commit correcly handles this case, skip the boot variable
measurement if BootOrder is not defined.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: Create a 64-bit app 2021-11-07T17:36:55+00:00 Simon Glass sjg@chromium.org 2021-11-04T03:09:07+00:00 e16c47fa3d2e051a0035191d473549589bd34fc4 Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app that runs under that. Add a (non-functional) build for this. Note that --whole-archive causes the gcc 9.2 linker to crash, so disable this for now. Once this is resolved, things should work. For now, avoid mentioning the documentation for the 64-bit app, since it does not work. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app
that runs under that. Add a (non-functional) build for this.

Note that --whole-archive causes the gcc 9.2 linker to crash, so disable
this for now. Once this is resolved, things should work.

For now, avoid mentioning the documentation for the 64-bit app, since it
does not work.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add EFI_TCG2_PROTOCOL.SubmitCommand 2021-11-07T17:36:55+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-11-04T13:59:16+00:00 7fc93cae4903c5332b8ae94e1517f7c79f250a4d This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand required in the TCG PC Client PFP spec. SubmitCommand enables to send the raw command to the TPM device. To implement this api, tpm2_submit_command() is added into tpm-v2.c. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand
required in the TCG PC Client PFP spec.
SubmitCommand enables to send the raw command to the TPM device.

To implement this api, tpm2_submit_command() is added
into tpm-v2.c.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: use byteshift unaligned access helper 2021-11-07T17:36:55+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-11-03T02:04:09+00:00 14cbb330fe8e2723871926a3806954393da83cce Calling unaligned/access-ok.h version of put_unaligned_le64() causes data abort in arm 32-bit QEMU. The similar issue also occurs in linux kernel, unaligned/access-ok.h is no longer used in linux kernel[1]. This commit uses the unaligned/be_byteshift.h and unaligned/le_byteshift.h helper instead of unaligned/access-ok.h. [1]https://lore.kernel.org/all/20210507220813.365382-8-arnd@kernel.org/ Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Calling unaligned/access-ok.h version of put_unaligned_le64()
causes data abort in arm 32-bit QEMU.

The similar issue also occurs in linux kernel,
unaligned/access-ok.h is no longer used in linux kernel[1].

This commit uses the unaligned/be_byteshift.h and
unaligned/le_byteshift.h helper instead of unaligned/access-ok.h.

[1]https://lore.kernel.org/all/20210507220813.365382-8-arnd@kernel.org/

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: capsule: drop __weak from efi_get_public_key_data() 2021-11-07T17:36:55+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2021-11-02T00:55:01+00:00 50b05eb6060a67d2cdf9b5114c4575e3f803551e As we discussed in ML, currently a device tree is the only place to store public keys for capsule authentication. So __weak is not necessary for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
As we discussed in ML, currently a device tree is the only place
to store public keys for capsule authentication. So __weak is not
necessary for now.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
efi_loader: add DeployedMode and AuditMode variable measurement 2021-10-26T19:33:19+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:27+00:00 65aa259aa723793f394abf81b7b0d639826e35b7 This commit adds the DeployedMode and AuditMode variable measurement required in TCG PC Client Platform Firmware Profile Specification. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
This commit adds the DeployedMode and AuditMode variable
measurement required in TCG PC Client Platform Firmware
Profile Specification.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: simplify tcg2_measure_secure_boot_variable() 2021-10-26T19:33:19+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:26+00:00 96485d2f3f30c1f482bd138752188cbbc64fb307 This commit simplifies tcg2_measure_secure_boot_variable() using secure_variables table. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
This commit simplifies tcg2_measure_secure_boot_variable()
using secure_variables table.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add UEFI GPT measurement 2021-10-26T19:32:46+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:25+00:00 ce3dbc5d080de8045dd5e2b512cad75434ba4cf5 This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client Platform Firmware Profile Specification Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client Platform Firmware
Profile Specification

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add SMBIOS table measurement 2021-10-26T15:58:14+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:24+00:00 3d49ee8510d38e7fd087c7250a3f4392a38bf0dd TCG PC Client Platform Firmware Profile Specification requires to measure the SMBIOS table that contains static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device- and environment-dependent information such as serial number is cleared to zero or space character for the measurement. Existing smbios_string() function returns pointer to the string with const qualifier, but exisintg use case is updating version string and const qualifier must be removed. This commit removes const qualifier from smbios_string() return value and reuses to clear the strings for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).

The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.

Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.

This commit also fixes the following compiler warning:

lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
  const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: simplify tcg2_measure_secure_boot_variable() 2021-10-25T19:13:07+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-09-09T06:50:01+00:00 a45dac1785564e1cbb876c44f3b56b05c974584e Don't duplicate GUIDs. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Don't duplicate GUIDs.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>