u-boot.git/lib/efi_loader, branch v2024.07 Unnamed repository; edit this file 'description' to name the repository. efi_loader: fix the return values on efi_tcg 2024-06-24T05:38:06+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-22T14:35:38+00:00 b73948c785d2bbccf0a76dec92cf50fe5b408c0e A while back we moved the core functions of the EFI TCG protocol to the TPM APIs in order for them to be used with bootm, booti etc. Some prototypes changed from returning efi_status_t to int, which is more appropriate for the non-EFI APIs. However, some of the EFI callsites never changed and we ended up assigning the int value to efi_status_t. This is unlikely to cause any problems, apart from returning invalid values on failures and violating the EFI spec. Let's fix them by looking at the new return code and map it to the proper EFI return code on failures. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
A while back we moved the core functions of the EFI TCG protocol to the
TPM APIs in order for them to be used with bootm, booti etc.
Some prototypes changed from returning efi_status_t to int, which is more
appropriate for the non-EFI APIs. However, some of the EFI callsites never
changed and we ended up assigning the int value to efi_status_t.

This is unlikely to cause any problems, apart from returning invalid
values on failures and violating the EFI spec. Let's fix them
by looking at the new return code and map it to the proper EFI return
code on failures.

Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: measure DTB in PCR1 instead of PCR0 2024-06-16T07:45:57+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-14T12:09:50+00:00 d69759aec28ec195bc20e31b5558f99a32e3ab28 The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though. There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration. However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS. So let's switch over the DTB measurements to PCR1 which seems a better fit. [0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Eddie James <eajames@linux.ibm.com> 
The PC client spec [0], doesn't describe measurements for DTBs. It does
describe what do to for ACPI tables though.

There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS,
and Embedded Drivers and they explicitly mention ACPI in there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.

However, in Figure 6 --  PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.

So let's switch over the DTB measurements to PCR1 which seems a better
fit.

[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
efi_loader: Fix capsule_esl.dtsi.in comment style 2024-06-10T13:05:09+00:00 Michal Simek michal.simek@amd.com 2024-05-30T07:17:29+00:00 9a171f8976b9f3f76d955c4a7178832151da9509 Comment is not kernel-doc format that's why don't label it like that and also fix indentation to have proper multiline comment. Signed-off-by: Michal Simek <michal.simek@amd.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Comment is not kernel-doc format that's why don't label it like that and
also fix indentation to have proper multiline comment.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Fix EFI_VARIABLE_APPEND_WRITE hash check 2024-06-10T13:01:44+00:00 Weizhao Ouyang o451686892@gmail.com 2024-05-08T11:13:12+00:00 3b7d26eb2b88bf2be5a4a32ece1fca61b57e7721 According to UEFI v2.10 spec section 8.2.6, if a caller invokes the SetVariables() service, it will produce a digest from hash(VariableName, VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the firmware that implements the SetVariable() service will compare the digest with the result of applying the signer’s public key to the signature. For EFI variable append write, efitools sign-efi-sig-list has an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will drop this attribute in efi_set_variable_int(). So if a caller uses "sign-efi-sig-list -a" to create the authenticated variable, this append write will fail in the u-boot due to "hash check failed". This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure that the hash check is correct. And also update the "test_efi_secboot" test case to compliance with the change. Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> 
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".

This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.

Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
tpm-v2: add support for mapping algorithm names to algos 2024-05-27T06:00:07+00:00 Tim Harvey tharvey@gateworks.com 2024-05-25T20:00:48+00:00 954b95e77ef0a857a0b5272e3e6c0e5318dc1208 replace tpm2_supported_algorithms with an array of structures relating algorithm names, to TCG id's, digest length and mask values. While at it fix the tpm2_algorithm_to_mask to return the proper value. Cc: Eddie James <eajames@linux.ibm.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Fixes: 97707f12fdab ("tpm: Support boot measurements") Signed-off-by: Tim Harvey <tharvey@gateworks.com> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
replace tpm2_supported_algorithms with an array of structures
relating algorithm names, to TCG id's, digest length and mask values.

While at it fix the tpm2_algorithm_to_mask to return the proper value.

Cc: Eddie James <eajames@linux.ibm.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: pass GUID by address to efi_dp_from_lo 2024-05-01T06:40:42+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T14:13:08+00:00 8745f13fe102968f58a9e2e5f69ad153a675b59c We should not pass GUIDs by value as this requires copying. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We should not pass GUIDs by value as this requires copying.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: fix description efi_dp_shorten 2024-05-01T06:39:52+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T10:09:38+00:00 b3193562388a36e0098501887adda9771cd43db6 Use Sphinx style for return value. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Use Sphinx style for return value.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: enable QueryVariableInfo at runtime for file backed variables 2024-05-01T05:40:05+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-04-25T05:18:19+00:00 9677192c145f2144592892f13de0e2069bcdf4ba Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT") we are enabling the last bits of missing runtime services. Add support for QueryVariableInfo which we already support at boottime and we just need to mark some fucntions available at runtime and move some checks around. It's worth noting that pointer checks for maxmimum and remaining variable storage aren't when we store variables on the RPMB, since the Secure World backend is already performing them. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Since commit c28d32f946f0 ("efi_loader: conditionally enable SetvariableRT")
we are enabling the last bits of missing runtime services.
Add support for QueryVariableInfo which we already support at boottime
and we just need to mark some fucntions available at runtime and move
some checks around.

It's worth noting that pointer checks for maxmimum and remaining
variable storage aren't when we store variables on the RPMB, since the
Secure World backend is already performing them.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: address coverity report 492766 for dead code 2024-05-01T05:39:27+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-04-23T05:38:06+00:00 5025d029a95ff3865875684160da08d2f40e5133 The check of the return code is already done a few lines above. Although it doesn't cause any functional issues, remove the superfluous checks Addresses-Coverity-ID: 492766 Control flow issues (DEADCODE) Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The check of the return code is already done a few lines above.
Although it doesn't cause any functional issues, remove the superfluous
checks

Addresses-Coverity-ID: 492766 Control flow issues  (DEADCODE)
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: do not install dtb if bootmgr fails 2024-05-01T05:39:00+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-22T09:03:10+00:00 2c4ca2d672f7a64e50dc543eb4e9f076666a417d If the UEFI boot manager fails there is no point in installing the device-tree as a configuration table. Unload image if device-tree cannot be installed. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
If the UEFI boot manager fails there is no point in installing the
device-tree as a configuration table.

Unload image if device-tree cannot be installed.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>