u-boot.git/lib, branch v2022.04-rc2 Unnamed repository; edit this file 'description' to name the repository. efi_loader: fix dual signed image certification 2022-02-11T19:07:55+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2022-02-11T07:37:49+00:00 54cebe8a3ae8b56d784dbd0672cbd06102423eeb The EFI spec allows for images to carry multiple signatures. Currently we don't adhere to the verification process for such images. The spec says: "Multiple signatures are allowed to exist in the binary's certificate table (as per PE/COFF Section "Attribute Certificate Table"). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx." With our current implementation signing the image with two certificates and inserting both of them in db and one of them dbx doesn't always reject the image. The rejection depends on the order that the image was signed and the order the certificates are read (and checked) in db. While at it move the sha256 hash verification outside the signature checking loop, since it only needs to run once per image and get simplify the logic for authenticating an unsigned imahe using sha256 hashes. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.

The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."

With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image.  The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.

While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
acpi: Move MCFG implementation to common lib 2022-02-09T19:30:13+00:00 Moritz Fischer moritzf@google.com 2022-02-05T20:17:45+00:00 058fb9f5ffc422f987c33adb01f8fa6e4434eff8 MCFG tables are used on multiple arches. Move to common ACPI lib. Cc: Simon Glass <sjg@chromium.org> Signed-off-by: Moritz Fischer <moritzf@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Use sizeof(*mcfg) instead of sizeof(*header) Signed-off-by: Simon Glass <sjg@chromium.org> 
MCFG tables are used on multiple arches. Move to common ACPI lib.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use sizeof(*mcfg) instead of sizeof(*header)
Signed-off-by: Simon Glass <sjg@chromium.org>
efi: Drop unnecessary calls to blk_find_device() 2022-02-05T19:20:01+00:00 Simon Glass sjg@chromium.org 2022-01-29T21:58:39+00:00 e2bceb03312a8abfb4f423ac349ab5861feb3548 When we have the block descriptor we can simply access the device. Drop the unnecessary function call. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
When we have the block descriptor we can simply access the device. Drop
the unnecessary function call.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi: Use device_get_uclass_id() where appropriate 2022-02-05T19:20:01+00:00 Simon Glass sjg@chromium.org 2022-01-29T21:58:38+00:00 377d39d178570a3510a34aac61f008b43cca783f Use this function rather than following the pointers, since it is there for this purpose. Add the uclass name to the debug call at the end of dp_fill() since it is quite useful. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Use this function rather than following the pointers, since it is there
for this purpose.

Add the uclass name to the debug call at the end of dp_fill() since it is
quite useful.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: add handle for UART 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-02-04T19:47:09+00:00 3c95b323c7527dd2b312b061a82a4b65bb3feff2 When loading an EFI binary via the UART we assign a UART device path to it. But we lack a handle with that device path. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
When loading an EFI binary via the UART we assign a UART device path to it.
But we lack a handle with that device path.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: fix text output for Uart() DP nodes 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-02-04T15:36:49+00:00 915623c0d3f504dce8a2310c1ddf5dcc638e5d93 The UEFI specification concerning Uart() device path nodes has been clarified: Parity and stop bits can either both use keywords or both use numbers but numbers and keywords should not be mixed. Let's go for keywords as this is what EDK II does. For illegal values fall back to numbers. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The UEFI specification concerning Uart() device path nodes has been
clarified:

Parity and stop bits can either both use keywords or both use
numbers but numbers and keywords should not be mixed.

Let's go for keywords as this is what EDK II does. For illegal
values fall back to numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: use %zu to print efi_uintn_t in FMP driver 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-02-03T19:13:17+00:00 b1193fa9576c988ebbe04334f10bf38279cc72ec For printing an unsigned value we should use %u and not %d. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
For printing an unsigned value we should use %u and not %d.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: use %zu not %zd to print efi_uintn_t 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-02-03T21:21:51+00:00 e9df54968f53600a709575f001474695c312141a efi_uintnt_t is an unsigned type. We should avoid showing negative numbers. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
efi_uintnt_t is an unsigned type. We should avoid showing negative numbers.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: fix device path to text protocol 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-29T18:01:07+00:00 344f26a7664f0a3f1a4b302e08a408171bdc3ece The printing of a file path node must properly handle: * odd length of the device path node * UTF-16 character only partially contained in device path node * buffer overflow due to very long file path Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
The printing of a file path node must properly handle:

* odd length of the device path node
* UTF-16 character only partially contained in device path node
* buffer overflow due to very long file path

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lib: fix snprintf() for UTF-16 strings 2022-02-05T19:20:01+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-29T15:43:20+00:00 fe14f880500cd842eadd581b7261538bb9646b7f snprintf() must return the required buffer length. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
snprintf() must return the required buffer length.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>