From 012c56ac76e1bdabc711a90898e81316e1d1a020 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 14 Jul 2020 08:04:49 +0200 Subject: efi_loader: restructure code for TEE variables When using secure boot functions needed both for file and TEE based UEFI variables have to be moved to the common code module efi_var_common.c. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include/efi_variable.h') diff --git a/include/efi_variable.h b/include/efi_variable.h index bc5985cfdb6..5eec407a2b6 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -195,4 +195,11 @@ efi_status_t efi_var_mem_ins(u16 *variable_name, */ u64 efi_var_mem_free(void); +/** + * efi_init_secure_state - initialize secure boot state + * + * Return: status code + */ +efi_status_t efi_init_secure_state(void); + #endif -- cgit v1.2.3 From 99bfab8b5832273d66d724f906be43fe5bd7c1ba Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 15 Jul 2020 12:40:35 +0200 Subject: efi_loader: identify PK, KEK, db, dbx correctly To determine if a varible is on the of the authentication variables PK, KEK, db, dbx we have to check both the name and the GUID. Provide a function converting the variable-name/guid pair to an enum and use it consistently. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'include/efi_variable.h') diff --git a/include/efi_variable.h b/include/efi_variable.h index 5eec407a2b6..021a74f309b 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -10,6 +10,16 @@ #define EFI_VARIABLE_READ_ONLY BIT(31) +enum efi_auth_var_type { + EFI_AUTH_VAR_NONE = 0, + EFI_AUTH_VAR_PK, + EFI_AUTH_VAR_KEK, + EFI_AUTH_VAR_DB, + EFI_AUTH_VAR_DBX, + EFI_AUTH_VAR_DBT, + EFI_AUTH_VAR_DBR, +}; + /** * efi_get_variable() - retrieve value of a UEFI variable * @@ -202,4 +212,13 @@ u64 efi_var_mem_free(void); */ efi_status_t efi_init_secure_state(void); +/** + * efi_auth_var_get_type() - convert variable name and guid to enum + * + * @name: name of UEFI variable + * @guid: guid of UEFI variable + * Return: identifier for authentication related variables + */ +enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid); + #endif -- cgit v1.2.3 From 7dda16343d2577a52116148540ad7d17c6f19e55 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 14 Jul 2020 21:25:28 +0200 Subject: efi_loader: pre-seed UEFI variables Include a file with the initial values for non-volatile UEFI variables into the U-Boot binary. If this variable is set, changes to variable PK will not be allowed. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include/efi_variable.h') diff --git a/include/efi_variable.h b/include/efi_variable.h index 021a74f309b..17f25ad7a4b 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -138,6 +138,14 @@ struct efi_var_file { */ efi_status_t efi_var_to_file(void); +/** + * efi_var_restore() - restore EFI variables from buffer + * + * @buf: buffer + * Return: status code + */ +efi_status_t efi_var_restore(struct efi_var_file *buf); + /** * efi_var_from_file() - read variables from file * -- cgit v1.2.3 From 627ab390d8ded26f4b8267c55fc4ce39145f24aa Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 16 Jul 2020 07:18:40 +0200 Subject: efi_loader: describe EFI_VAR_FILE_MAGIC Add documentation for EFI_VAR_FILE_MAGIC used in the file format for UEFI variables. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include/efi_variable.h') diff --git a/include/efi_variable.h b/include/efi_variable.h index 17f25ad7a4b..2c629e4dca9 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -93,6 +93,10 @@ efi_status_t efi_query_variable_info_int(u32 attributes, #define EFI_VAR_BUF_SIZE 0x4000 +/* + * This constant identifies the file format for storing UEFI variables in + * struct efi_var_file. + */ #define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */ /** @@ -116,7 +120,7 @@ struct efi_var_entry { * struct efi_var_file - file for storing UEFI variables * * @reserved: unused, may be overwritten by memory probing - * @magic: identifies file format + * @magic: identifies file format, takes value %EFI_VAR_FILE_MAGIC * @length: length including header * @crc32: CRC32 without header * @var: variables -- cgit v1.2.3