u-boot.git/lib/efi_loader, branch v2022.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: image_loader: add a missing digest verification for signed PE image 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:14+00:00 634f6b2fb1056021fba603ccb7488d1864787576 At the last step of PE image authentication, an image's hash value must be compared with a message digest stored as the content (of SpcPeImageData type) of pkcs7's contentInfo. Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.

Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: image_loader: replace EFI_PRINT with log macros 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:13+00:00 b72d09fa7df75d56d2b618ce029bc8b001ed276b Now We are migrating from EFI_PRINT() to log macro's. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
Now We are migrating from EFI_PRINT() to log macro's.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
efi_loader: signature: export efi_hash_regions() 2022-07-05T12:37:16+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2022-07-05T05:48:12+00:00 b330140659eab02c31236dd1925e1c573d503a03 This function is used to calculate a message digest as part of authentication process in a later patch. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This function is used to calculate a message digest as part of
authentication process in a later patch.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
EFI: Fix ReadBlocks API reading incorrect sector for UCLASS_PARTITION devices 2022-07-02T12:19:12+00:00 Paul Barbieri plb365@gmail.com 2022-06-30T11:02:04+00:00 7a85f32413a34b18a2f84c865d7b448790200b13 The requsted partition disk sector incorrectly has the parition start sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks() routine adds the diskobj->offset to the requested lba. When the device is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called which adds part-gpt_part_info.start. This causes I/O to the wrong sector. Takahiro Akashi suggested removing the offset field from the efi_disk_obj structure since disk-uclass.c handles the partition start biasing. Device types other than UCLASS_PARTITION set the diskobj->offset field to zero which makes the field unnecessary. This change removes the offset field from the structure and removes all references from the code which is isolated to the lib/efi_loader/efi_disk.c module. This change also adds a test for the EFI ReadBlocks() API in the EFI selftest code. There is already a test for reading a FAT file. The new test uses ReadBlocks() to read the same "disk" block and compare it to the data read from the file system API. Signed-Off-by: Paul Barbieri <plb365@gmail.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.

Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.

This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.

Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: initialize console size late 2022-06-19T13:53:09+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2022-06-14T06:02:03+00:00 68edbed454b863dbcd197e19e1ab26a0a05c7d85 If CONFIG_VIDEO_DM=n we query the display size from the serial console. Especially when using a remote console the response can be so late that it interferes with autoboot. Only query the console size when running an EFI binary. Add debug output showing the determined console size. Reported-by: Fabio Estevam <festevam@gmail.com> Fixes: a57ad20d07e8 ("efi_loader: split efi_init_obj_list() into two stages") Fixes: a9bf024b2933 ("efi_loader: disk: a helper function to create efi_disk objects from udevice") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tested-by: Fabio Estevam <festevam@denx.de> Tested-by: Heiko Thiery <heiko.thiery@gmail.com> 
If CONFIG_VIDEO_DM=n we query the display size from the serial console.
Especially when using a remote console the response can be so late that
it interferes with autoboot.

Only query the console size when running an EFI binary.

Add debug output showing the determined console size.

Reported-by: Fabio Estevam <festevam@gmail.com>
Fixes: a57ad20d07e8 ("efi_loader: split efi_init_obj_list() into two stages")
Fixes: a9bf024b2933 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Fabio Estevam <festevam@denx.de>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
efi_loader: create boot options without file path 2022-06-12T11:02:34+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2022-06-11T05:22:08+00:00 72fa9cd59edcf99cb32c05604d2a904018acd30a Allow the efidebug command to create boot options without file path, e.g. efidebug boot add -b 0001 'short dev only' host 0:1 '' efidebug boot add -B 0002 'long dev only' host 0:1 '' Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Allow the efidebug command to create boot options without file path, e.g.

    efidebug boot add -b 0001 'short dev only' host 0:1 ''
    efidebug boot add -B 0002 'long dev only' host 0:1 ''

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: allow booting from short dev only DP 2022-06-12T07:17:54+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2022-06-11T05:22:07+00:00 178667b34bf0aa5312727eba6612b3500adad4a3 Allow booting from a short form device-path without file path, e.g. /HD(1,GPT,5ef79931-a1aa-4c70-9d67-611e8f69eafd,0x800,0x1000) Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Allow booting from a short form device-path without file path, e.g.

    /HD(1,GPT,5ef79931-a1aa-4c70-9d67-611e8f69eafd,0x800,0x1000)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
EFI: FMP: Use a common GetImageInfo function for FIT and raw images 2022-06-12T07:17:54+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2022-06-01T18:00:41+00:00 556a12654a3350113edbd826cbcdde4c03cb7f20 The GetImageInfo function definitions for the FIT images and raw images are the same. Use a common function for the both the Firmware Management Protocol(FMP) instances for raw and FIT images. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The GetImageInfo function definitions for the FIT images and raw
images are the same. Use a common function for the both the Firmware
Management Protocol(FMP) instances for raw and FIT images.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
EFI: Do not consider OsIndications variable if CONFIG_EFI_IGNORE_OSINDICATIONS is enabled 2022-06-12T07:17:54+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2022-06-01T18:00:39+00:00 119fafdefb81677dc629b79263672e9457849c61 The EFI_IGNORE_OSINDICATIONS config symbol was introduced as a mechanism to have capsule updates work even on platforms where the SetVariable runtime service was not supported. The current logic requires the OsIndications variable to have been set to a 64 bit value even when the EFI_IGNORE_OSINDICATIONS config is enabled. Return an error code on not being able to read the variable only when EFI_IGNORE_OSINDICATIONS is not enabled. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The EFI_IGNORE_OSINDICATIONS config symbol was introduced as a
mechanism to have capsule updates work even on platforms where the
SetVariable runtime service was not supported. The current logic
requires the OsIndications variable to have been set to a 64 bit value
even when the EFI_IGNORE_OSINDICATIONS config is enabled. Return an
error code on not being able to read the variable only when
EFI_IGNORE_OSINDICATIONS is not enabled.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi: test/py: authenticate fit capsules 2022-06-04T06:43:55+00:00 Vincent Stehlé vincent.stehle@arm.com 2022-05-31T07:55:34+00:00 8645aefc8b699f900d97cbadd55b7f492099c61e Add support for the authentication of UEFI capsules containing FIT images. The authentication code is moved out of the function handling raw images into a new function efi_firmware_capsule_authenticate(). The special case for the FMP header coming from edk2 tools is preserved. There is no functional change for capsules containing raw images. The python test for signed capsules with raw images is renamed with no functional change and a new test is added for signed capsules containing FIT images. This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y. Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Add support for the authentication of UEFI capsules containing FIT images.

The authentication code is moved out of the function handling raw images
into a new function efi_firmware_capsule_authenticate(). The special case
for the FMP header coming from edk2 tools is preserved. There is no
functional change for capsules containing raw images.

The python test for signed capsules with raw images is renamed with no
functional change and a new test is added for signed capsules containing
FIT images.

This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig,
plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>