| Age | Commit message (Collapse) | Author |
|---|
|
%s/commun/common/
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
TPM1.2 and Atmel fixes
# gpg verification failed.
|
|
In case U-Boot enters relocation with GD_FLG_SKIP_RELOC, skip the
relocation. The code still has to set up new_gd pointer and new
stack pointer.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Tom Rini <[email protected]>
|
|
In case U-Boot starts with GD_FLG_SKIP_RELOC, the U-Boot code is
not relocated, however the stack and heap is at the end of DRAM
after relocation. Reserve a LMB area for the non-relocated U-Boot
code so it won't be overwritten.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Tom Rini <[email protected]>
|
|
ACRY is designed to accelerate ECC/RSA digital signature
generation and verification.
Signed-off-by: Chia-Wei Wang <[email protected]>
|
|
This command is not compiled by default and has not been updated alongside
changes to the tpmv1 API, such as passing the TPM udevice to the relevant
functions.
Signed-off-by: Mathew McBride <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-01-rc2-2
UEFI:
* fix measurement of BootOrder variable for TCG2 protocol
TPM:
* TIS mmio driver. This driver supports QEMU's emulated TPM.
|
|
Add an xtoa() function, similar to itoa() but for hex instead.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Artem Lapkin <[email protected]>
Tested-by: Artem Lapkin <[email protected]>
|
|
UEFI specification does not require that BootOrder is defined.
In current implementation, boot variable measurement fails and
returns EFI_NOT_FOUND if BootOrder is not defined.
This commit correcly handles this case, skip the boot variable
measurement if BootOrder is not defined.
Signed-off-by: Masahisa Kojima <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This commit adds the missing EFI_TCG2_PROTOCOL selftest
and Measured Boot selftest in lib/efi_selftest.
This selftest includes PE/COFF image measurement test, some PCR values are
different in each architecture. With that, this commit also adds pre-built
versions of lib/efi_selftest/efi_miniapp_file_image_exit.c for PE/COFF
image measurement test for 32-bit arm, arm64, ia32, x86_64, riscv32 and
riscv64. Prebuilding avoids the problem of reproducible builds.
Signed-off-by: Masahisa Kojima <[email protected]>
Make the test 'onrequest'.
Add code comments to the includes with the binaries.
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Add a function to return this information along with a stub for the
efi_info_get() function, since calling it otherwise hangs U-Boot.
Signed-off-by: Simon Glass <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This variable is already defined by the EFI code. Drop the duplicate
definition when building a 64-bit EFI app.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Most modern platforms use 64-bit EFI so it is useful to have a U-Boot app
that runs under that. Add a (non-functional) build for this.
Note that --whole-archive causes the gcc 9.2 linker to crash, so disable
this for now. Once this is resolved, things should work.
For now, avoid mentioning the documentation for the 64-bit app, since it
does not work.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Most EFI implementations use 64-bit but U-Boot only supports running as
a 32-bit app at present. While efi-x86_payload64 does boot from 64-bit
UEFI it immediately changes back to 32-bit before starting U-Boot.
In order to support a 64-bit U-Boot app, update the Kconfig to add an
option for 32/64 bit. Update the prompt for the existing option so it is
clear it relates to the stub. Move both up to just under the choice that
controls them, since this looks better and the menu.
Use CONFIG_EFI_APP in the Makefile instead of CONFIG_TARGET_EFI_APP,
since the latter is specific to a single target and we will have two.
Memory size is set to 32MB for now so that it can run on qemu without
increasing the default memory size. We may need to increase the default
later.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
This commit adds the EFI_TCG2_PROTOCOL.SubmitCommand
required in the TCG PC Client PFP spec.
SubmitCommand enables to send the raw command to the TPM device.
To implement this api, tpm2_submit_command() is added
into tpm-v2.c.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Calling unaligned/access-ok.h version of put_unaligned_le64()
causes data abort in arm 32-bit QEMU.
The similar issue also occurs in linux kernel,
unaligned/access-ok.h is no longer used in linux kernel[1].
This commit uses the unaligned/be_byteshift.h and
unaligned/le_byteshift.h helper instead of unaligned/access-ok.h.
[1]https://lore.kernel.org/all/[email protected]/
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
As we discussed in ML, currently a device tree is the only place
to store public keys for capsule authentication. So __weak is not
necessary for now.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
OF_HOSTFILE is used on sandbox configs only. Although it's pretty
unique and not causing any confusions, we are better of having simpler
config options for the DTB.
So let's replace that with the existing OF_BOARD. U-Boot would then
have only three config options for the DTB origin.
- OF_SEPARATE, build separately from U-Boot
- OF_BOARD, board specific way of providing the DTB
- OF_EMBED embedded in the u-boot binary(should not be used in production
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-01-rc1-2
doc:
Remove obsolete PPC4XX references
UEFI:
Implement missing TCG2 measurements
Code clean up
# gpg: Signature made Tue 26 Oct 2021 05:56:47 PM EDT
# gpg: using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4
# gpg: Good signature from "Heinrich Schuchardt <[email protected]>" [unknown]
# gpg: aka "[jpeg image of size 1389]" [unknown]
# Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7 6D33 C481 DBBC 2C05 1AC4
|
|
This commit adds the DeployedMode and AuditMode variable
measurement required in TCG PC Client Platform Firmware
Profile Specification.
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
This commit simplifies tcg2_measure_secure_boot_variable()
using secure_variables table.
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client Platform Firmware
Profile Specification
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
Correct the test on RNG device presence,when ret is equal to 0,
before to call dm_rng_read function.
Without this patch the RNG device is not used when present (when ret == 0)
or a data abort occurs in dm_rng_read when CONFIG_DM_RNG is activated but
the RNG device is not present in device tree (ret != 0 and devp = NULL).
Fixes: 92fdad28cfdf ("lib: uuid: use RNG device if present")
CC: Matthias Brugger <[email protected]>
CC: Torsten Duwe <[email protected]>
Signed-off-by: Patrick Delaunay <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This commit adds a check on the padding in the function rsa_verify_key
to avoid using a NULL pointer.
Signed-off-by: Philippe Reynes <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).
The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.
Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.
This commit also fixes the following compiler warning:
lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;
Signed-off-by: Masahisa Kojima <[email protected]>
|
|
Don't duplicate GUIDs.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Simplify efi_sigstore_parse_sigdb() by using existing functions.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
In multiple places we need the default GUID matching a variable name.
The patch provides a library function. For secure boot related variables
like 'PK', 'KEK', 'db' a lookup table is used. For all other variable
names EFI_GLOBAL_VARIABLE is returned.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
UEFI variable names are typically constants and hence should be defined as
const. Unfortunately some of our API functions do not define the parameters
for UEFI variable names as const. This requires unnecessary conversions.
Adjust parameters of several internal functions to tre UEFI variable names
as const.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
The commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
.rodata"") failed to revert the removal of efi_get_public_key_data().
Add back this function and move it under lib/efi_loader so that other
platforms can utilize it. It is now declared as a weak function so that
it can be replaced with a platform-specific implementation.
Fixes: 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
.rodata"")
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This commit fixes the following compilation warning
of boottime->install_configuration_table() function.
lib/efi_selftest/efi_selftest_tcg2.c:475:46:
warning: passing argument 1 of ‘boottime->install_configuration_table’
discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
ret = boottime->install_configuration_table(&smbios_guid, dmi);
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-01-rc1
Documentation:
Use Sphinx 3.43.
Move system reset documentation to HTML
UEFI:
Fix linking EFI apps with LLVM
Fix alignment of loaded image
Correct simple network protocol test
Code cleanup
|
|
The 'efidebug boot dump' command should not display the VenMedia() device
path node preceding the device path of the initial ram disk.
By letting efi_dp_from_lo() skip the VenMedia() device path node we can
simplify the coding.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Create the GUID as a global variable.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Parameter size is never used in function efi_dp_from_lo(). Remove it.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Instead of copying a GUID and then using a pointer to the copy for calling
guidcmp(), just pass the pointer to the orginal GUID.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
We are ignoring the alignment communicated via the PE/COFF header.
Starting 5.10 the Linux kernel will loudly complain about it. For more
details look at [1] (in linux kernel).
So add a function that can allocate aligned EFI memory and use it for our
relocated loaded image.
[1] c32ac11da3f83 ("efi/libstub: arm64: Double check image alignment at entry")
Signed-off-by: Ilias Apalodimas <[email protected]>
Tested-by: Vincent Stehlé <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When using a file to store UEFI variables we must make sure that secure
boot related variables are not loaded from this file. With commit
9ef82e29478c ("efi_loader: don't load signature database from file")
this has already been implemented for variables defined in the UEFI
specification. As most Linux distributions use Shim we should do the same
for Shim's MOK database.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
This code should never have been added as it builds a new feature on top
of legacy code. This has already been improved with the dependency on BLK.
Add a dependency on DM_ETH also, to avoid needing to deal with this old
code.
Boards which want EFI_LOADER should migrate to driver model first.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Repeatedly receive the packets until the receive buffer is empty.
If the buffer is empty, EFI_SIMPLE_NETWORK_PROTOCOL::Receive()
returns EFI_NOT_READY. We don't need to use the wait_for_event()
every time.
Signed-off-by: Masami Hiramatsu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Do not check EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT in packet
receiving loop. This depends on the implementation and not
related to whether the packet can be received or not.
Whether the received packets are available or not is ensured
by wait_for_packet, and that is already done in the loop.
Signed-off-by: Masami Hiramatsu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
According to the UEF specification v2.9, the main purpose of the
EFI_SIMPLE_NETWORK_PROTOCOL::GetStatus() is for checking the link
status via EFI_SIMPLE_NETWORK_MODE::MediaPresent.
So this uses net->get_status() for checking the link status before
running network test.
Signed-off-by: Masami Hiramatsu <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-imx
u-boot-imx-20211020
-------------------
First PR from u-boot-imx for 2022.01
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/9535
- new board: kontron-sl-mx8mm
- imx8m:
- fix secure boot
- imx ESDHC: fixes
- i.MX53: Support thum2, bmode and fixes for Menlo board
usbarmory switch to Ethernet driver model
- imx6 :
- DDR calibration for Toradex boards
- imx7:
- Fixes
- Updated gateworks boards (ventana / venice)
# gpg verification failed.
|
|
The previous patches removed OF_PRIOR_STAGE from the last consumers of the
Kconfig option. Cleanup any references to it in documentation, code and
configuration options.
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Reserved memory nodes can have additional flags. Support reading and
writing these flags to ensure that reserved memory nodes can be properly
parsed and emitted.
This converts support for the existing "no-map" flag to avoid extending
the argument list for fdtdec_add_reserved_memory() to excessive length.
Signed-off-by: Thierry Reding <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Warren <[email protected]>
|
|
The fdtdec_set_carveout() function's parameters are inconsistent with
the parameters passed to fdtdec_add_reserved_memory(). Fix up the order
to make it more consistent.
Signed-off-by: Thierry Reding <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Warren <[email protected]>
|
|
Reserved memory nodes can have a compatible string list to identify the
type of reserved memory that they represent. Support specifying an
optional compatible string list when creating these nodes.
Signed-off-by: Thierry Reding <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Warren <[email protected]>
|
|
When retrieving a given carveout for a device, allow callers to query
the name. This helps differentiating between carveouts when there are
more than one.
This is also useful when copying carveouts to help assign a meaningful
name that cannot always be guessed.
Signed-off-by: Thierry Reding <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Warren <[email protected]>
|
|
In order make it possible to use fdtdec_get_carveout() in loops, return
FDT_ERR_NOTFOUND when the passed-in index exceeds the number of phandles
present in the given property.
Signed-off-by: Thierry Reding <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Warren <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-video
- add 30bpp support (EFI, simplefb, vidconsole)
- fix video console name in CONSOLE_MUX Kconfig help
- move mxsfb driver config option to Kconfig
- remove unused mx3fb driver
# gpg verification failed.
|
