u-boot.git/lib, branch v2024.07-rc5 Unnamed repository; edit this file 'description' to name the repository. efi_loader: fix the return values on efi_tcg 2024-06-24T05:38:06+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-22T14:35:38+00:00 b73948c785d2bbccf0a76dec92cf50fe5b408c0e A while back we moved the core functions of the EFI TCG protocol to the TPM APIs in order for them to be used with bootm, booti etc. Some prototypes changed from returning efi_status_t to int, which is more appropriate for the non-EFI APIs. However, some of the EFI callsites never changed and we ended up assigning the int value to efi_status_t. This is unlikely to cause any problems, apart from returning invalid values on failures and violating the EFI spec. Let's fix them by looking at the new return code and map it to the proper EFI return code on failures. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
A while back we moved the core functions of the EFI TCG protocol to the
TPM APIs in order for them to be used with bootm, booti etc.
Some prototypes changed from returning efi_status_t to int, which is more
appropriate for the non-EFI APIs. However, some of the EFI callsites never
changed and we ended up assigning the int value to efi_status_t.

This is unlikely to cause any problems, apart from returning invalid
values on failures and violating the EFI spec. Let's fix them
by looking at the new return code and map it to the proper EFI return
code on failures.

Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Fixes: commit d6b55a420cfc ("efi_loader: startup the tpm device when installing the protocol")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: fix the return code, if the eventlog buffer is full 2024-06-24T05:37:56+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-22T14:35:37+00:00 27d496627ec4b72de33c7c4dd622586217e8c051 We currently return 'No space left on device' if the eventlong buffer we allocated is not enough. On a similar check later on that function during the call to tcg2_log_init() we return 'No buffer space available'. So switch both error codes to -ENOBUFS since we are always checking a buffer and not a device. Fixes: commit 97707f12fdab ("tpm: Support boot measurements") Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We currently return 'No space left on device' if the eventlong buffer
we allocated is not enough. On a similar check later on that function
during the call to tcg2_log_init() we return 'No buffer space
available'. So switch both error codes to -ENOBUFS since we are always
checking a buffer and not a device.

Fixes: commit 97707f12fdab ("tpm: Support boot measurements")
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: measure DTB in PCR1 instead of PCR0 2024-06-16T07:45:57+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-14T12:09:50+00:00 d69759aec28ec195bc20e31b5558f99a32e3ab28 The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though. There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration. However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS. So let's switch over the DTB measurements to PCR1 which seems a better fit. [0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Eddie James <eajames@linux.ibm.com> 
The PC client spec [0], doesn't describe measurements for DTBs. It does
describe what do to for ACPI tables though.

There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS,
and Embedded Drivers and they explicitly mention ACPI in there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.

However, in Figure 6 --  PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.

So let's switch over the DTB measurements to PCR1 which seems a better
fit.

[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
efi_loader: Fix capsule_esl.dtsi.in comment style 2024-06-10T13:05:09+00:00 Michal Simek michal.simek@amd.com 2024-05-30T07:17:29+00:00 9a171f8976b9f3f76d955c4a7178832151da9509 Comment is not kernel-doc format that's why don't label it like that and also fix indentation to have proper multiline comment. Signed-off-by: Michal Simek <michal.simek@amd.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Comment is not kernel-doc format that's why don't label it like that and
also fix indentation to have proper multiline comment.

Signed-off-by: Michal Simek <michal.simek@amd.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Fix EFI_VARIABLE_APPEND_WRITE hash check 2024-06-10T13:01:44+00:00 Weizhao Ouyang o451686892@gmail.com 2024-05-08T11:13:12+00:00 3b7d26eb2b88bf2be5a4a32ece1fca61b57e7721 According to UEFI v2.10 spec section 8.2.6, if a caller invokes the SetVariables() service, it will produce a digest from hash(VariableName, VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the firmware that implements the SetVariable() service will compare the digest with the result of applying the signer’s public key to the signature. For EFI variable append write, efitools sign-efi-sig-list has an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will drop this attribute in efi_set_variable_int(). So if a caller uses "sign-efi-sig-list -a" to create the authenticated variable, this append write will fail in the u-boot due to "hash check failed". This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure that the hash check is correct. And also update the "test_efi_secboot" test case to compliance with the change. Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> 
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".

This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.

Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
tpm-v2: add support for mapping algorithm names to algos 2024-05-27T06:00:07+00:00 Tim Harvey tharvey@gateworks.com 2024-05-25T20:00:48+00:00 954b95e77ef0a857a0b5272e3e6c0e5318dc1208 replace tpm2_supported_algorithms with an array of structures relating algorithm names, to TCG id's, digest length and mask values. While at it fix the tpm2_algorithm_to_mask to return the proper value. Cc: Eddie James <eajames@linux.ibm.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Fixes: 97707f12fdab ("tpm: Support boot measurements") Signed-off-by: Tim Harvey <tharvey@gateworks.com> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
replace tpm2_supported_algorithms with an array of structures
relating algorithm names, to TCG id's, digest length and mask values.

While at it fix the tpm2_algorithm_to_mask to return the proper value.

Cc: Eddie James <eajames@linux.ibm.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: 97707f12fdab ("tpm: Support boot measurements")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
rng: Introduce SPL_DM_RNG 2024-05-05T14:21:39+00:00 Marek Vasut marex@denx.de 2024-04-25T23:02:07+00:00 591257b05caba725eb57ceb174317ab4c7e460a7 Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de> 
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.

Signed-off-by: Marek Vasut <marex@denx.de>
efi_loader: pass GUID by address to efi_dp_from_lo 2024-05-01T06:40:42+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T14:13:08+00:00 8745f13fe102968f58a9e2e5f69ad153a675b59c We should not pass GUIDs by value as this requires copying. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
We should not pass GUIDs by value as this requires copying.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: fix description efi_dp_shorten 2024-05-01T06:39:52+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-26T10:09:38+00:00 b3193562388a36e0098501887adda9771cd43db6 Use Sphinx style for return value. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Use Sphinx style for return value.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_selftest: add tests for QueryVariableInfo at boottime 2024-05-01T06:39:18+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-04-25T05:18:21+00:00 7b8fad51715ea77785b772ae6a62e08ac5c0027e Previous patches added QueryVariableInfo at runtime tests and split a common function that can be used at boottime. Weire it up and run a similar set of tets. While at it move a test which is checiking for 0 available storage in the common code Add tests for - Test QueryVariableInfo returns EFI_SUCCESS - Test null pointers for the function arguments - Test invalid combination of attributes Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Previous patches added QueryVariableInfo at runtime tests and
split a common function that can be used at boottime. Weire it
up and run a similar set of tets. While at it move a test which is
checiking for 0 available storage in the common code

Add tests for
- Test QueryVariableInfo returns EFI_SUCCESS
- Test null pointers for the function arguments
- Test invalid combination of attributes

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>