u-boot.git/test, branch v2024.07 Unnamed repository; edit this file 'description' to name the repository. doc/sphinx, test/py: Update requests module to 2.32.2 2024-06-10T13:05:30+00:00 Tom Rini trini@konsulko.com 2024-06-06T16:44:25+00:00 f3b6228ef4ee6918a9e1ec1db399ede057308a13 The issue described in https://github.com/psf/requests/pull/6655 has been assigned as a security issue. While unlikely to be exploited in our usage, update to the current release to fix it. Furthermore, upstream has now moved on to v2.23.2 as the release to use which has all of the issues resolved. Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com> 
The issue described in https://github.com/psf/requests/pull/6655 has
been assigned as a security issue. While unlikely to be exploited in our
usage, update to the current release to fix it. Furthermore, upstream
has now moved on to v2.23.2 as the release to use which has all of the
issues resolved.

Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <trini@konsulko.com>
efi_loader: Fix EFI_VARIABLE_APPEND_WRITE hash check 2024-06-10T13:01:44+00:00 Weizhao Ouyang o451686892@gmail.com 2024-05-08T11:13:12+00:00 3b7d26eb2b88bf2be5a4a32ece1fca61b57e7721 According to UEFI v2.10 spec section 8.2.6, if a caller invokes the SetVariables() service, it will produce a digest from hash(VariableName, VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the firmware that implements the SetVariable() service will compare the digest with the result of applying the signer’s public key to the signature. For EFI variable append write, efitools sign-efi-sig-list has an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will drop this attribute in efi_set_variable_int(). So if a caller uses "sign-efi-sig-list -a" to create the authenticated variable, this append write will fail in the u-boot due to "hash check failed". This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure that the hash check is correct. And also update the "test_efi_secboot" test case to compliance with the change. Signed-off-by: Weizhao Ouyang <o451686892@gmail.com> 
According to UEFI v2.10 spec section 8.2.6, if a caller invokes the
SetVariables() service, it will produce a digest from hash(VariableName,
VendorGuid, Attributes, TimeStamp, DataNew_variable_content), then the
firmware that implements the SetVariable() service will compare the
digest with the result of applying the signer’s public key to the
signature. For EFI variable append write, efitools sign-efi-sig-list has
an option "-a" to add EFI_VARIABLE_APPEND_WRITE attr, and u-boot will
drop this attribute in efi_set_variable_int(). So if a caller uses
"sign-efi-sig-list -a" to create the authenticated variable, this append
write will fail in the u-boot due to "hash check failed".

This patch resumes writing the EFI_VARIABLE_APPEND_WRITE attr to ensure
that the hash check is correct. And also update the "test_efi_secboot"
test case to compliance with the change.

Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
tpm-v2: allow algorithm name to be configured for pcr_read and pcr_extend 2024-05-27T06:00:27+00:00 Tim Harvey tharvey@gateworks.com 2024-05-25T20:00:49+00:00 89aa8463cdf3919ca4f04fc24ec8b154ff56d97e For pcr_read and pcr_extend commands allow the digest algorithm to be specified by an additional argument. If not specified it will default to SHA256 for backwards compatibility. Additionally update test_tpm2.py for the changes in output in pcr_read which now shows the algo and algo length in the output. A follow-on to this could be to extend all PCR banks with the detected algo when the <digest_algo> argument is 'auto'. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
For pcr_read and pcr_extend commands allow the digest algorithm to be
specified by an additional argument. If not specified it will default to
SHA256 for backwards compatibility.

Additionally update test_tpm2.py for the changes in output in pcr_read
which now shows the algo and algo length in the output.

A follow-on to this could be to extend all PCR banks with the detected
algo when the <digest_algo> argument is 'auto'.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"" 2024-05-19T14:16:36+00:00 Tom Rini trini@konsulko.com 2024-05-19T02:20:43+00:00 d678a59d2d719da9e807495b4b021501f2836ca5 When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"' I failed to notice that b4 noticed it was based on next and so took that as the base commit and merged that part of next to master. This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com> 
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.

This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.

Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
test/py: Make the number of SPL banners seen a variable 2024-05-08T17:50:06+00:00 Tom Rini trini@konsulko.com 2024-04-24T22:45:37+00:00 645f75f6884a22905b0e3790ca9254fa1a13216e Currently we have the option to tell the console code that we should ignore the SPL banner. We also have an option to say that we can see it a second time, and ignore it. However, some platforms such as TI AM64x will have us see the SPL banner three times. Rather than add an "spl3_skipped" option, rework the code. By default we expect to see the banner once, but boards can specify seeing it as many times as they expect to. Signed-off-by: Tom Rini <trini@konsulko.com> 
Currently we have the option to tell the console code that we should
ignore the SPL banner. We also have an option to say that we can see it
a second time, and ignore it. However, some platforms such as TI AM64x
will have us see the SPL banner three times. Rather than add an
"spl3_skipped" option, rework the code. By default we expect to see the
banner once, but boards can specify seeing it as many times as they
expect to.

Signed-off-by: Tom Rini <trini@konsulko.com>
test: Remove <common.h> and add needed includes 2024-05-06T21:05:04+00:00 Tom Rini trini@konsulko.com 2024-04-27T14:10:58+00:00 752ed0867522a68f21392a6b9d78589129248572 Remove <common.h> from all "test/" files and when needed add missing include files directly. Signed-off-by: Tom Rini <trini@konsulko.com> 
Remove <common.h> from all "test/" files and when needed add
missing include files directly.

Signed-off-by: Tom Rini <trini@konsulko.com>
rng: Introduce SPL_DM_RNG 2024-05-05T14:21:39+00:00 Marek Vasut marex@denx.de 2024-04-25T23:02:07+00:00 591257b05caba725eb57ceb174317ab4c7e460a7 Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de> 
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.

Signed-off-by: Marek Vasut <marex@denx.de>
efi_loader: improve error handling in try_load_entry() 2024-05-01T05:38:29+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-22T08:41:00+00:00 566f067349a8f6136cf62d907019efdf1e250ce5 The image is not unloaded if a security violation occurs. If efi_set_load_options() fails, we do not free the memory allocated for the optional data. We do not unload the image. * Unload the image if a security violation occurs. * Free load_options if efi_set_load_options() fails. * Unload the image if efi_set_load_options() fails. Fixes: 53f6a5aa8626 ("efi_loader: Replace config option for initrd loading") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The image is not unloaded if a security violation occurs.

If efi_set_load_options() fails, we do not free the memory allocated for
the optional data. We do not unload the image.

* Unload the image if a security violation occurs.
* Free load_options if efi_set_load_options() fails.
* Unload the image if efi_set_load_options() fails.

Fixes: 53f6a5aa8626 ("efi_loader: Replace config option for initrd loading")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
test: py: add optee_rpmb tests 2024-04-18T13:04:48+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2024-04-04T13:19:50+00:00 f5d14bea8faac0ded5f366b437801a229b165bb6 Add read/write tests for optee_rpmb cmd. Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add read/write tests for optee_rpmb cmd.

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
test: typo curren 2024-04-17T23:05:57+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-09T07:55:49+00:00 28a766ebf16e1f702dd0a9dc74ad71fd81e57e0f Fix typos in test_eficonfig.py: %s/curren/current/ Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
Fix typos in test_eficonfig.py: %s/curren/current/

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>