u-boot.git/lib, branch v2024.07 Unnamed repository; edit this file 'description' to name the repository. Revert "Merge patch series "zlib: Address CVE-2016-9841"" 2024-07-01T01:03:14+00:00 Tom Rini trini@konsulko.com 2024-07-01T01:03:14+00:00 bbacdd3ef7762fbdeab43ceea5205d1fd0f25bbd This series brings our zlib code more up to date. However, it drops an important performance improvement that is required on some of our supported platforms in order to boot Linux before the watchdog resets the system. Furthermore, the "post increment" version of this performance loop was not tested, so while we can fix it, it would then require re-testing all platforms. At this point in time, we will revert updating zlib (which has had a potential security issue since 2016) and fix this in the v2024.10 release. This reverts commit 4914263c9a14315390d3ccc4816cf3a94cfd156d, reversing changes made to ef8ef5f77c9a998f76a48277a883af1645b54117. Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Tom Rini <trini@konsulko.com> 
This series brings our zlib code more up to date. However, it drops an
important performance improvement that is required on some of our
supported platforms in order to boot Linux before the watchdog resets
the system. Furthermore, the "post increment" version of this
performance loop was not tested, so while we can fix it, it would then
require re-testing all platforms. At this point in time, we will revert
updating zlib (which has had a potential security issue since 2016) and
fix this in the v2024.10 release.

This reverts commit 4914263c9a14315390d3ccc4816cf3a94cfd156d, reversing
changes made to ef8ef5f77c9a998f76a48277a883af1645b54117.

Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Tom Rini <trini@konsulko.com>
tpm: Avoid code bloat when not using EFI_TCG2_PROTOCOL 2024-06-28T19:54:52+00:00 Simon Glass sjg@chromium.org 2024-06-27T08:29:43+00:00 092b6ec65c604972d80ba0b3ac2ff44e00adb238 It does not make sense to enable all SHA algorithms unless they are needed. It bloats the code and in this case, causes chromebook_link to fail to build. That board does use the TPM, but not with measured boot, nor EFI. Since EFI_TCG2_PROTOCOL already selects these options, we just need to add them to MEASURED_BOOT as well. Note that the original commit combines refactoring and new features, which makes it hard to see what is going on. Fixes: 97707f12fda tpm: Support boot measurements Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
It does not make sense to enable all SHA algorithms unless they are
needed. It bloats the code and in this case, causes chromebook_link to
fail to build. That board does use the TPM, but not with measured boot,
nor EFI.

Since EFI_TCG2_PROTOCOL already selects these options, we just need to
add them to MEASURED_BOOT as well.

Note that the original commit combines refactoring and new features,
which makes it hard to see what is going on.

Fixes: 97707f12fda tpm: Support boot measurements
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
efi_loader: fix the return values on efi_tcg 2024-06-24T05:38:06+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-22T14:35:38+00:00 b73948c785d2bbccf0a76dec92cf50fe5b408c0e A while back we moved the core functions of the EFI TCG protocol to the TPM APIs in order for them to be used with bootm, booti etc. Some prototypes changed from returning efi_status_t to int, which is more appropriate for the non-EFI APIs. However, some of the EFI callsites never changed and we ended up assigning the int value to efi_status_t. This is unlikely to cause any problems, apart from returning invalid values on failures and violating the EFI spec. Let's fix them by looking at the new return code and map it to the proper EFI return code on failures. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
A while back we moved the core functions of the EFI TCG protocol to the
TPM APIs in order for them to be used with bootm, booti etc.
Some prototypes changed from returning efi_status_t to int, which is more
appropriate for the non-EFI APIs. However, some of the EFI callsites never
changed and we ended up assigning the int value to efi_status_t.

This is unlikely to cause any problems, apart from returning invalid
values on failures and violating the EFI spec. Let's fix them
by looking at the new return code and map it to the proper EFI return
code on failures.

Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: fix the return code, if the eventlog buffer is full 2024-06-24T05:37:56+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-22T14:35:37+00:00 27d496627ec4b72de33c7c4dd622586217e8c051 We currently return 'No space left on device' if the eventlong buffer we allocated is not enough. On a similar check later on that function during the call to tcg2_log_init() we return 'No buffer space available'. So switch both error codes to -ENOBUFS since we are always checking a buffer and not a device. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We currently return 'No space left on device' if the eventlong buffer
we allocated is not enough. On a similar check later on that function
during the call to tcg2_log_init() we return 'No buffer space
available'. So switch both error codes to -ENOBUFS since we are always
checking a buffer and not a device.

Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: measure DTB in PCR1 instead of PCR0 2024-06-16T07:45:57+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-14T12:09:50+00:00 d69759aec28ec195bc20e31b5558f99a32e3ab28 The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though. There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration. However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS. So let's switch over the DTB measurements to PCR1 which seems a better fit. [0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Eddie James <eajames@linux.ibm.com> 
The PC client spec [0], doesn't describe measurements for DTBs. It does
describe what do to for ACPI tables though.

There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS,
and Embedded Drivers and they explicitly mention ACPI in there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.

However, in Figure 6 --  PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.

So let's switch over the DTB measurements to PCR1 which seems a better
fit.

[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
efi_loader: Fix capsule_esl.dtsi.in comment style 2024-06-10T13:05:09+00:00 Michal Simek michal.simek@amd.com 2024-05-30T07:17:29+00:00 9a171f8976b9f3f76d955c4a7178832151da9509 Comment is not kernel-doc format that's why don't label it like that and also fix indentation to have proper multiline comment. Signed-off-by: Michal Simek <michal.simek@amd.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Comment is not kernel-doc format that's why don't label it like that and
also fix indentation to have proper multiline comment.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Fix EFI_VARIABLE_APPEND_WRITE hash check 2024-06-10T13:01:44+00:00 Weizhao Ouyang o451686892@gmail.com 2024-05-08T11:13:12+00:00 3b7d26eb2b88bf2be5a4a32ece1fca61b57e7721 According to UEFI v2.10 spec section 8.2.6, if a caller invokes the SetVariables() service, it will produce a digest from hash(VariableName, VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the firmware that implements the SetVariable() service will compare the digest with the result of applying the signer’s public key to the signature. For EFI variable append write, efitools sign-efi-sig-list has an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will drop this attribute in efi_set_variable_int(). So if a caller uses "sign-efi-sig-list -a" to create the authenticated variable, this append write will fail in the u-boot due to "hash check failed". This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure that the hash check is correct. And also update the "test_efi_secboot" test case to compliance with the change. Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> 
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".

This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.

Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
tpm-v2: add support for mapping algorithm names to algos 2024-05-27T06:00:07+00:00 Tim Harvey tharvey@gateworks.com 2024-05-25T20:00:48+00:00 954b95e77ef0a857a0b5272e3e6c0e5318dc1208 replace tpm2_supported_algorithms with an array of structures relating algorithm names, to TCG id's, digest length and mask values. While at it fix the tpm2_algorithm_to_mask to return the proper value. Cc: Eddie James <eajames@linux.ibm.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Fixes: 97707f12fdab ("tpm: Support boot measurements") Signed-off-by: Tim Harvey <tharvey@gateworks.com> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
replace tpm2_supported_algorithms with an array of structures
relating algorithm names, to TCG id's, digest length and mask values.

While at it fix the tpm2_algorithm_to_mask to return the proper value.

Cc: Eddie James <eajames@linux.ibm.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
rng: Introduce SPL_DM_RNG 2024-05-05T14:21:39+00:00 Marek Vasut marex@denx.de 2024-04-25T23:02:07+00:00 591257b05caba725eb57ceb174317ab4c7e460a7 Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de> 
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.

Signed-off-by: Marek Vasut <marex@denx.de>
efi_loader: pass GUID by address to efi_dp_from_lo 2024-05-01T06:40:42+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T14:13:08+00:00 8745f13fe102968f58a9e2e5f69ad153a675b59c We should not pass GUIDs by value as this requires copying. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We should not pass GUIDs by value as this requires copying.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>