summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ecdsa/ecdsa-libcrypto.c176
-rw-r--r--lib/efi_loader/efi_boottime.c2
-rw-r--r--lib/efi_loader/efi_memory.c22
-rw-r--r--lib/lmb.c183
-rw-r--r--lib/mbedtls/external/mbedtls/library/ecp_curves_new.c46
-rw-r--r--lib/rsa/rsa-verify.c2
-rw-r--r--lib/trace.c4
-rw-r--r--lib/uuid.c162
8 files changed, 400 insertions, 197 deletions
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index f0095e9dbcf..7415d685ee1 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -34,6 +34,112 @@ struct signer {
void *signature; /* Pointer to output signature. Do not free()!*/
};
+struct ecdsa_public_key {
+ const char *curve_name;
+ const uint8_t *x;
+ const uint8_t *y;
+ int size_bits;
+};
+
+static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
+{
+ int x_len;
+ int y_len;
+
+ key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
+ if (!key->curve_name)
+ return -ENOMSG;
+
+ if (!strcmp(key->curve_name, "prime256v1"))
+ key->size_bits = 256;
+ else if (!strcmp(key->curve_name, "secp384r1"))
+ key->size_bits = 384;
+ else
+ return -EINVAL;
+
+ key->x = fdt_getprop(fdt, node, "ecdsa,x-point", &x_len);
+ key->y = fdt_getprop(fdt, node, "ecdsa,y-point", &y_len);
+
+ if (!key->x || !key->y)
+ return -EINVAL;
+
+ if (x_len != key->size_bits / 8 || y_len != key->size_bits / 8)
+ return -EINVAL;
+
+ return 0;
+}
+
+static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)
+{
+ struct ecdsa_public_key pubkey;
+ const EC_GROUP *group;
+ EC_POINT *point;
+ EC_KEY *ec_key;
+ int ret;
+ int nid;
+ int len;
+
+ ret = fdt_get_key(&pubkey, fdt, node);
+ if (ret) {
+ fprintf(stderr, "Failed to parse ECDSA key from FDT node %d (ret=%d)\n", node, ret);
+ return ret;
+ }
+
+ if (!strcmp(pubkey.curve_name, "prime256v1")) {
+ nid = NID_X9_62_prime256v1;
+ } else if (!strcmp(pubkey.curve_name, "secp384r1")) {
+ nid = NID_secp384r1;
+ } else {
+ fprintf(stderr, "Unsupported curve name: '%s'\n", pubkey.curve_name);
+ return -EINVAL;
+ }
+
+ fprintf(stderr, "Loading ECDSA key: curve=%s, bits=%d\n", pubkey.curve_name,
+ pubkey.size_bits);
+
+ ec_key = EC_KEY_new_by_curve_name(nid);
+ if (!ec_key) {
+ fprintf(stderr, "Failed to allocate EC_KEY for curve %s\n", pubkey.curve_name);
+ return -ENOMEM;
+ }
+
+ group = EC_KEY_get0_group(ec_key);
+ point = EC_POINT_new(group);
+ if (!point) {
+ fprintf(stderr, "Failed to allocate EC_POINT\n");
+ EC_KEY_free(ec_key);
+ return -ENOMEM;
+ }
+
+ len = pubkey.size_bits / 8;
+
+ uint8_t buf[1 + len * 2];
+
+ /* uncompressed */
+ buf[0] = 0x04;
+ memcpy(&buf[1], pubkey.x, len);
+ memcpy(&buf[1 + len], pubkey.y, len);
+ if (!EC_POINT_oct2point(group, point, buf, sizeof(buf), NULL)) {
+ fprintf(stderr, "Failed to convert (x,y) point to EC_POINT\n");
+ EC_POINT_free(point);
+ EC_KEY_free(ec_key);
+ return -EINVAL;
+ }
+
+ if (!EC_KEY_set_public_key(ec_key, point)) {
+ fprintf(stderr, "Failed to set EC_POINT as public key\n");
+ EC_POINT_free(point);
+ EC_KEY_free(ec_key);
+ return -EINVAL;
+ }
+
+ fprintf(stderr, "Successfully loaded ECDSA key from FDT node %d\n", node);
+ EC_POINT_free(point);
+ ctx->ecdsa_key = ec_key;
+
+ return 0;
+}
+
static int alloc_ctx(struct signer *ctx, const struct image_sign_info *info)
{
memset(ctx, 0, sizeof(*ctx));
@@ -153,6 +259,72 @@ static int read_key(struct signer *ctx, const char *key_name)
return (ctx->ecdsa_key) ? 0 : -EINVAL;
}
+static int load_key_from_fdt(struct signer *ctx, const struct image_sign_info *info)
+{
+ const void *fdt = info->fdt_blob;
+ char name[128];
+ int sig_node;
+ int key_node;
+ int key_len;
+ int ret;
+
+ if (!fdt)
+ return -EINVAL;
+
+ ret = alloc_ctx(ctx, info);
+ if (ret)
+ return ret;
+
+ sig_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME);
+ if (sig_node < 0) {
+ fprintf(stderr, "No /signature node found\n");
+ return -ENOENT;
+ }
+
+ /* Case 1: explicitly specified key node */
+ if (info->required_keynode >= 0) {
+ ret = read_key_from_fdt(ctx, fdt, info->required_keynode);
+ if (ret == 0)
+ goto check_key_len;
+
+ fprintf(stderr, "Failed to load required keynode %d\n", info->required_keynode);
+ return ret;
+ }
+
+ /* Case 2: use keyname hint */
+ if (info->keyname) {
+ snprintf(name, sizeof(name), "%s", info->keyname);
+ key_node = fdt_subnode_offset(fdt, sig_node, name);
+ if (key_node >= 0) {
+ ret = read_key_from_fdt(ctx, fdt, key_node);
+ if (ret == 0)
+ goto check_key_len;
+
+ fprintf(stderr, "Key hint '%s' found but failed to load\n", info->keyname);
+ }
+ }
+
+ /* Case 3: try all subnodes */
+ fdt_for_each_subnode(key_node, fdt, sig_node) {
+ ret = read_key_from_fdt(ctx, fdt, key_node);
+ if (ret == 0)
+ goto check_key_len;
+ }
+
+ fprintf(stderr, "Failed to load any usable ECDSA key from FDT\n");
+ return -EINVAL;
+
+check_key_len:
+ key_len = ecdsa_key_size_bytes(ctx->ecdsa_key);
+ if (key_len != info->crypto->key_len) {
+ fprintf(stderr, "Expected %u-bit key, got %u-bit key\n",
+ info->crypto->key_len * 8, key_len * 8);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
/* Prepare a 'signer' context that's ready to sign and verify. */
static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
{
@@ -161,7 +333,9 @@ static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
memset(ctx, 0, sizeof(*ctx));
- if (info->keyfile) {
+ if (info->fdt_blob) {
+ return load_key_from_fdt(ctx, info);
+ } else if (info->keyfile) {
snprintf(kname, sizeof(kname), "%s", info->keyfile);
} else if (info->keydir && info->keyname) {
snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 24b0e52a2a2..754bc6a6519 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -58,7 +58,7 @@ static efi_handle_t current_image;
* restriction so we need to manually swap its and our view of that register on
* EFI callback entry/exit.
*/
-static volatile gd_t *efi_gd, *app_gd;
+static gd_t *efi_gd, *app_gd;
#endif
efi_status_t efi_uninstall_protocol
diff --git a/lib/efi_loader/efi_memory.c b/lib/efi_loader/efi_memory.c
index 0abb1f6159a..0828a47da61 100644
--- a/lib/efi_loader/efi_memory.c
+++ b/lib/efi_loader/efi_memory.c
@@ -454,6 +454,7 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type,
enum efi_memory_type memory_type,
efi_uintn_t pages, uint64_t *memory)
{
+ int err;
u64 efi_addr, len;
uint flags;
efi_status_t ret;
@@ -475,17 +476,18 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type,
switch (type) {
case EFI_ALLOCATE_ANY_PAGES:
/* Any page */
- addr = (u64)lmb_alloc_base(len, EFI_PAGE_SIZE,
- LMB_ALLOC_ANYWHERE, flags);
- if (!addr)
+ err = lmb_alloc_mem(LMB_MEM_ALLOC_ANY, EFI_PAGE_SIZE, &addr,
+ len, flags);
+ if (err)
return EFI_OUT_OF_RESOURCES;
break;
case EFI_ALLOCATE_MAX_ADDRESS:
/* Max address */
addr = map_to_sysmem((void *)(uintptr_t)*memory);
- addr = (u64)lmb_alloc_base(len, EFI_PAGE_SIZE, addr,
- flags);
- if (!addr)
+
+ err = lmb_alloc_mem(LMB_MEM_ALLOC_MAX, EFI_PAGE_SIZE, &addr,
+ len, flags);
+ if (err)
return EFI_OUT_OF_RESOURCES;
break;
case EFI_ALLOCATE_ADDRESS:
@@ -493,7 +495,7 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type,
return EFI_NOT_FOUND;
addr = map_to_sysmem((void *)(uintptr_t)*memory);
- if (lmb_alloc_addr(addr, len, flags))
+ if (lmb_alloc_mem(LMB_MEM_ALLOC_ADDR, 0, &addr, len, flags))
return EFI_NOT_FOUND;
break;
default:
@@ -506,7 +508,7 @@ efi_status_t efi_allocate_pages(enum efi_allocate_type type,
ret = efi_update_memory_map(efi_addr, pages, memory_type, true, false);
if (ret != EFI_SUCCESS) {
/* Map would overlap, bail out */
- lmb_free_flags(addr, (u64)pages << EFI_PAGE_SHIFT, flags);
+ lmb_free(addr, (u64)pages << EFI_PAGE_SHIFT, flags);
unmap_sysmem((void *)(uintptr_t)efi_addr);
return EFI_OUT_OF_RESOURCES;
}
@@ -546,8 +548,8 @@ efi_status_t efi_free_pages(uint64_t memory, efi_uintn_t pages)
* been mapped with map_sysmem() from efi_allocate_pages(). Convert
* it back to an address LMB understands
*/
- status = lmb_free_flags(map_to_sysmem((void *)(uintptr_t)memory), len,
- LMB_NOOVERWRITE);
+ status = lmb_free(map_to_sysmem((void *)(uintptr_t)memory), len,
+ LMB_NOOVERWRITE);
if (status)
return EFI_NOT_FOUND;
diff --git a/lib/lmb.c b/lib/lmb.c
index bb6f232f6bc..45b26512a5b 100644
--- a/lib/lmb.c
+++ b/lib/lmb.c
@@ -317,8 +317,34 @@ static long _lmb_free(struct alist *lmb_rgn_lst, phys_addr_t base,
rgn[i].flags);
}
-static long lmb_overlaps_region(struct alist *lmb_rgn_lst, phys_addr_t base,
- phys_size_t size)
+/**
+ * lmb_overlap_checks() - perform checks to see if region can be allocated or reserved
+ * @lmb_rgn_lst: list of LMB regions
+ * @base: base address of region to be checked
+ * @size: size of region to be checked
+ * @flags: flag of the region to be checked (only for reservation requests)
+ * @alloc: if checks are to be done for allocation or reservation request
+ *
+ * Check if the region passed to the function overlaps with any one of
+ * the regions of the passed lmb region list.
+ *
+ * If the @alloc flag is set to true, this check stops as soon an
+ * overlapping region is found. The function can also be called to
+ * check if a reservation request can be satisfied, by setting
+ * @alloc to false. In that case, the function then iterates through
+ * all the regions in the list passed to ensure that the requested
+ * region does not overlap with any existing regions. An overlap is
+ * allowed only when the flag of the requested region and the existing
+ * region is LMB_NONE.
+ *
+ * Return: index of the overlapping region, -1 if no overlap is found
+ *
+ * When the function is called for a reservation request check, -1 will
+ * also be returned when there is an allowed overlap, i.e. requested
+ * region and existing regions have flags as LMB_NONE.
+ */
+static long lmb_overlap_checks(struct alist *lmb_rgn_lst, phys_addr_t base,
+ phys_size_t size, u32 flags, bool alloc)
{
unsigned long i;
struct lmb_region *rgn = lmb_rgn_lst->data;
@@ -326,9 +352,12 @@ static long lmb_overlaps_region(struct alist *lmb_rgn_lst, phys_addr_t base,
for (i = 0; i < lmb_rgn_lst->count; i++) {
phys_addr_t rgnbase = rgn[i].base;
phys_size_t rgnsize = rgn[i].size;
+ u32 rgnflags = rgn[i].flags;
- if (lmb_addrs_overlap(base, size, rgnbase, rgnsize))
- break;
+ if (lmb_addrs_overlap(base, size, rgnbase, rgnsize)) {
+ if (alloc || flags != LMB_NONE || flags != rgnflags)
+ break;
+ }
}
return (i < lmb_rgn_lst->count) ? i : -1;
@@ -390,7 +419,8 @@ phys_addr_t io_lmb_alloc(struct lmb *io_lmb, phys_size_t size, ulong align)
base = ALIGN_DOWN(lmbbase + lmbsize - size, align);
while (base && lmbbase <= base) {
- rgn = lmb_overlaps_region(&io_lmb->used_mem, base, size);
+ rgn = lmb_overlap_checks(&io_lmb->used_mem, base, size,
+ LMB_NOOVERWRITE, true);
if (rgn < 0) {
/* This area isn't reserved, take it */
if (lmb_add_region_flags(&io_lmb->used_mem, base,
@@ -488,6 +518,21 @@ void lmb_dump_all(void)
#endif
}
+static long lmb_reserve(phys_addr_t base, phys_size_t size, u32 flags)
+{
+ long ret = 0;
+ struct alist *lmb_rgn_lst = &lmb.used_mem;
+
+ if (lmb_overlap_checks(lmb_rgn_lst, base, size, flags, false) != -1)
+ return -EEXIST;
+
+ ret = lmb_add_region_flags(lmb_rgn_lst, base, size, flags);
+ if (ret)
+ return ret;
+
+ return lmb_map_update_notify(base, size, LMB_MAP_OP_RESERVE, flags);
+}
+
static void lmb_reserve_uboot_region(void)
{
int bank;
@@ -557,40 +602,7 @@ static __maybe_unused void lmb_reserve_common_spl(void)
}
}
-/**
- * lmb_can_reserve_region() - check if the region can be reserved
- * @base: base address of region to be reserved
- * @size: size of region to be reserved
- * @flags: flag of the region to be reserved
- *
- * Go through all the reserved regions and ensure that the requested
- * region does not overlap with any existing regions. An overlap is
- * allowed only when the flag of the request region and the existing
- * region is LMB_NONE.
- *
- * Return: true if region can be reserved, false otherwise
- */
-static bool lmb_can_reserve_region(phys_addr_t base, phys_size_t size,
- u32 flags)
-{
- uint i;
- struct lmb_region *lmb_reserved = lmb.used_mem.data;
-
- for (i = 0; i < lmb.used_mem.count; i++) {
- u32 rgnflags = lmb_reserved[i].flags;
- phys_addr_t rgnbase = lmb_reserved[i].base;
- phys_size_t rgnsize = lmb_reserved[i].size;
-
- if (lmb_addrs_overlap(base, size, rgnbase, rgnsize)) {
- if (flags != LMB_NONE || flags != rgnflags)
- return false;
- }
- }
-
- return true;
-}
-
-void lmb_add_memory(void)
+static void lmb_add_memory(void)
{
int i;
phys_addr_t bank_end;
@@ -640,8 +652,7 @@ long lmb_add(phys_addr_t base, phys_size_t size)
return lmb_map_update_notify(base, size, LMB_MAP_OP_ADD, LMB_NONE);
}
-long lmb_free_flags(phys_addr_t base, phys_size_t size,
- uint flags)
+long lmb_free(phys_addr_t base, phys_size_t size, u32 flags)
{
long ret;
@@ -652,36 +663,18 @@ long lmb_free_flags(phys_addr_t base, phys_size_t size,
return lmb_map_update_notify(base, size, LMB_MAP_OP_FREE, flags);
}
-long lmb_free(phys_addr_t base, phys_size_t size)
-{
- return lmb_free_flags(base, size, LMB_NONE);
-}
-
-long lmb_reserve(phys_addr_t base, phys_size_t size, u32 flags)
-{
- long ret = 0;
- struct alist *lmb_rgn_lst = &lmb.used_mem;
-
- if (!lmb_can_reserve_region(base, size, flags))
- return -EEXIST;
-
- ret = lmb_add_region_flags(lmb_rgn_lst, base, size, flags);
- if (ret)
- return ret;
-
- return lmb_map_update_notify(base, size, LMB_MAP_OP_RESERVE, flags);
-}
-
-static phys_addr_t _lmb_alloc_base(phys_size_t size, ulong align,
- phys_addr_t max_addr, u32 flags)
+static int _lmb_alloc_base(phys_size_t size, ulong align,
+ phys_addr_t *addr, u32 flags)
{
int ret;
long i, rgn;
+ phys_addr_t max_addr;
phys_addr_t base = 0;
phys_addr_t res_base;
struct lmb_region *lmb_used = lmb.used_mem.data;
struct lmb_region *lmb_memory = lmb.available_mem.data;
+ max_addr = *addr;
for (i = lmb.available_mem.count - 1; i >= 0; i--) {
phys_addr_t lmbbase = lmb_memory[i].base;
phys_size_t lmbsize = lmb_memory[i].size;
@@ -702,7 +695,8 @@ static phys_addr_t _lmb_alloc_base(phys_size_t size, ulong align,
}
while (base && lmbbase <= base) {
- rgn = lmb_overlaps_region(&lmb.used_mem, base, size);
+ rgn = lmb_overlap_checks(&lmb.used_mem, base, size,
+ LMB_NOOVERWRITE, true);
if (rgn < 0) {
/* This area isn't reserved, take it */
if (lmb_add_region_flags(&lmb.used_mem, base,
@@ -714,8 +708,8 @@ static phys_addr_t _lmb_alloc_base(phys_size_t size, ulong align,
flags);
if (ret)
return ret;
-
- return base;
+ *addr = base;
+ return 0;
}
res_base = lmb_used[rgn].base;
@@ -728,27 +722,17 @@ static phys_addr_t _lmb_alloc_base(phys_size_t size, ulong align,
log_debug("%s: Failed to allocate 0x%lx bytes below 0x%lx\n",
__func__, (ulong)size, (ulong)max_addr);
- return 0;
-}
-
-phys_addr_t lmb_alloc(phys_size_t size, ulong align)
-{
- return _lmb_alloc_base(size, align, LMB_ALLOC_ANYWHERE, LMB_NONE);
-}
-
-phys_addr_t lmb_alloc_base(phys_size_t size, ulong align, phys_addr_t max_addr,
- uint flags)
-{
- return _lmb_alloc_base(size, align, max_addr, flags);
+ return -1;
}
-int lmb_alloc_addr(phys_addr_t base, phys_size_t size, u32 flags)
+static int _lmb_alloc_addr(phys_addr_t base, phys_size_t size, u32 flags)
{
long rgn;
struct lmb_region *lmb_memory = lmb.available_mem.data;
/* Check if the requested address is in one of the memory regions */
- rgn = lmb_overlaps_region(&lmb.available_mem, base, size);
+ rgn = lmb_overlap_checks(&lmb.available_mem, base, size,
+ LMB_NOOVERWRITE, true);
if (rgn >= 0) {
/*
* Check if the requested end address is in the same memory
@@ -756,14 +740,40 @@ int lmb_alloc_addr(phys_addr_t base, phys_size_t size, u32 flags)
*/
if (lmb_addrs_overlap(lmb_memory[rgn].base,
lmb_memory[rgn].size,
- base + size - 1, 1)) {
+ base + size - 1, 1))
/* ok, reserve the memory */
- if (!lmb_reserve(base, size, flags))
- return 0;
- }
+ return lmb_reserve(base, size, flags);
}
- return -1;
+ return -EINVAL;
+}
+
+int lmb_alloc_mem(enum lmb_mem_type type, u64 align, phys_addr_t *addr,
+ phys_size_t size, u32 flags)
+{
+ int ret = -1;
+
+ if (!size)
+ return 0;
+
+ if (!addr)
+ return -EINVAL;
+
+ switch (type) {
+ case LMB_MEM_ALLOC_ANY:
+ *addr = LMB_ALLOC_ANYWHERE;
+ case LMB_MEM_ALLOC_MAX:
+ ret = _lmb_alloc_base(size, align, addr, flags);
+ break;
+ case LMB_MEM_ALLOC_ADDR:
+ ret = _lmb_alloc_addr(*addr, size, flags);
+ break;
+ default:
+ log_debug("%s: Invalid memory allocation type requested %d\n",
+ __func__, type);
+ }
+
+ return ret;
}
/* Return number of bytes from a given address that are free */
@@ -775,7 +785,8 @@ phys_size_t lmb_get_free_size(phys_addr_t addr)
struct lmb_region *lmb_memory = lmb.available_mem.data;
/* check if the requested address is in the memory regions */
- rgn = lmb_overlaps_region(&lmb.available_mem, addr, 1);
+ rgn = lmb_overlap_checks(&lmb.available_mem, addr, 1, LMB_NOOVERWRITE,
+ true);
if (rgn >= 0) {
for (i = 0; i < lmb.used_mem.count; i++) {
if (addr < lmb_used[i].base) {
diff --git a/lib/mbedtls/external/mbedtls/library/ecp_curves_new.c b/lib/mbedtls/external/mbedtls/library/ecp_curves_new.c
index 035b23a1b41..0275661887b 100644
--- a/lib/mbedtls/external/mbedtls/library/ecp_curves_new.c
+++ b/lib/mbedtls/external/mbedtls/library/ecp_curves_new.c
@@ -4644,17 +4644,17 @@ static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
/* P = 2^255 - 19 */
static const mbedtls_mpi_uint curve25519_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X7F)
+ MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F)
};
/* N = 2^252 + 27742317777372353535851937790883648493 */
static const mbedtls_mpi_uint curve25519_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0XED, 0XD3, 0XF5, 0X5C, 0X1A, 0X63, 0X12, 0X58),
- MBEDTLS_BYTES_TO_T_UINT_8(0XD6, 0X9C, 0XF7, 0XA2, 0XDE, 0XF9, 0XDE, 0X14),
- MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10)
};
@@ -4698,26 +4698,26 @@ static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
/* P = 2^448 - 2^224 - 1 */
static const mbedtls_mpi_uint curve448_p[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFE, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
};
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
static const mbedtls_mpi_uint curve448_n[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0XF3, 0X44, 0X58, 0XAB, 0X92, 0XC2, 0X78, 0X23),
- MBEDTLS_BYTES_TO_T_UINT_8(0X55, 0X8F, 0XC5, 0X8D, 0X72, 0XC2, 0X6C, 0X21),
- MBEDTLS_BYTES_TO_T_UINT_8(0X90, 0X36, 0XD6, 0XAE, 0X49, 0XDB, 0X4E, 0XC4),
- MBEDTLS_BYTES_TO_T_UINT_8(0XE9, 0X23, 0XCA, 0X7C, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
- MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X3F),
- MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
+ MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8F, 0xC5, 0x8D, 0x72, 0xC2, 0x6C, 0x21),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
};
/*
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 4a0418a75f1..b65fbe44007 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -570,7 +570,7 @@ int rsa_verify(struct image_sign_info *info,
uint8_t hash[info->crypto->key_len];
int ret;
-#ifdef USE_HOSTCC
+#if defined(USE_HOSTCC) && CONFIG_IS_ENABLED(LIBCRYPTO)
if (!info->fdt_blob)
return rsa_verify_openssl(info, region, region_count, sig, sig_len);
#endif
diff --git a/lib/trace.c b/lib/trace.c
index 1d5f7dec979..3d54dfaddc0 100644
--- a/lib/trace.c
+++ b/lib/trace.c
@@ -66,7 +66,7 @@ static inline uintptr_t __attribute__((no_instrument_function))
/**
* trace_gd - the value of the gd register
*/
-static volatile gd_t *trace_gd;
+static gd_t *trace_gd;
/**
* trace_save_gd() - save the value of the gd register
@@ -86,7 +86,7 @@ static void notrace trace_save_gd(void)
*/
static void notrace trace_swap_gd(void)
{
- volatile gd_t *temp_gd = trace_gd;
+ gd_t *temp_gd = trace_gd;
trace_gd = gd;
set_gd(temp_gd);
diff --git a/lib/uuid.c b/lib/uuid.c
index 6abbcf27b1f..a1c88b9a622 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c
@@ -62,184 +62,197 @@ int uuid_str_valid(const char *uuid)
return 1;
}
+/*
+ * Array of string (short and long) for known GUID of GPT partition type
+ * at least one string must be present, @type or @description
+ *
+ * @type : short name for the parameter 'type' of gpt command (max size UUID_STR_LEN = 36,
+ * no space), also used as fallback description when the next field is absent
+ * @description : long description associated to type GUID, used for %pUs
+ * @guid : known type GUID value
+ */
static const struct {
- const char *string;
+ const char *type;
+ const char *description;
efi_guid_t guid;
} list_guid[] = {
#ifndef USE_HOSTCC
-#if defined(CONFIG_PARTITION_TYPE_GUID) || defined(CONFIG_CMD_EFIDEBUG) || \
- defined(CONFIG_EFI)
- {"EFI System Partition", PARTITION_SYSTEM_GUID},
-#endif
-#ifdef CONFIG_PARTITION_TYPE_GUID
- {"mbr", LEGACY_MBR_PARTITION_GUID},
- {"msft", PARTITION_MSFT_RESERVED_GUID},
- {"data", PARTITION_BASIC_DATA_GUID},
- {"linux", PARTITION_LINUX_FILE_SYSTEM_DATA_GUID},
- {"raid", PARTITION_LINUX_RAID_GUID},
- {"swap", PARTITION_LINUX_SWAP_GUID},
- {"lvm", PARTITION_LINUX_LVM_GUID},
- {"u-boot-env", PARTITION_U_BOOT_ENVIRONMENT},
- {"cros-kern", PARTITION_CROS_KERNEL},
- {"cros-root", PARTITION_CROS_ROOT},
- {"cros-fw", PARTITION_CROS_FIRMWARE},
- {"cros-rsrv", PARTITION_CROS_RESERVED},
-#endif
+#if CONFIG_IS_ENABLED(EFI_PARTITION)
+ {"mbr", NULL, LEGACY_MBR_PARTITION_GUID},
+ {"msft", NULL, PARTITION_MSFT_RESERVED_GUID},
+ {"data", NULL, PARTITION_BASIC_DATA_GUID},
+ {"linux", NULL, PARTITION_LINUX_FILE_SYSTEM_DATA_GUID},
+ {"raid", NULL, PARTITION_LINUX_RAID_GUID},
+ {"swap", NULL, PARTITION_LINUX_SWAP_GUID},
+ {"lvm", NULL, PARTITION_LINUX_LVM_GUID},
+ {"u-boot-env", NULL, PARTITION_U_BOOT_ENVIRONMENT},
+ {"cros-kern", NULL, PARTITION_CROS_KERNEL},
+ {"cros-root", NULL, PARTITION_CROS_ROOT},
+ {"cros-fw", NULL, PARTITION_CROS_FIRMWARE},
+ {"cros-rsrv", NULL, PARTITION_CROS_RESERVED},
+ {
+ "system", "EFI System Partition",
+ PARTITION_SYSTEM_GUID,
+ },
#if defined(CONFIG_CMD_EFIDEBUG) || defined(CONFIG_EFI)
{
- "Device Path",
+ NULL, "Device Path",
+ PARTITION_SYSTEM_GUID,
+ },
+ {
+ NULL, "Device Path",
EFI_DEVICE_PATH_PROTOCOL_GUID,
},
{
- "Device Path To Text",
+ NULL, "Device Path To Text",
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL_GUID,
},
{
- "Device Path Utilities",
+ NULL, "Device Path Utilities",
EFI_DEVICE_PATH_UTILITIES_PROTOCOL_GUID,
},
{
- "Unicode Collation 2",
+ NULL, "Unicode Collation 2",
EFI_UNICODE_COLLATION_PROTOCOL2_GUID,
},
{
- "Driver Binding",
+ NULL, "Driver Binding",
EFI_DRIVER_BINDING_PROTOCOL_GUID,
},
{
- "Simple Text Input",
+ NULL, "Simple Text Input",
EFI_SIMPLE_TEXT_INPUT_PROTOCOL_GUID,
},
{
- "Simple Text Input Ex",
+ NULL, "Simple Text Input Ex",
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID,
},
{
- "Simple Text Output",
+ NULL, "Simple Text Output",
EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL_GUID,
},
{
- "Block IO",
+ NULL, "Block IO",
EFI_BLOCK_IO_PROTOCOL_GUID,
},
{
- "Disk IO",
+ NULL, "Disk IO",
EFI_DISK_IO_PROTOCOL_GUID,
},
{
- "Simple File System",
+ NULL, "Simple File System",
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID,
},
{
- "Loaded Image",
+ NULL, "Loaded Image",
EFI_LOADED_IMAGE_PROTOCOL_GUID,
},
{
- "Loaded Image Device Path",
+ NULL, "Loaded Image Device Path",
EFI_LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID,
},
{
- "Graphics Output",
+ NULL, "Graphics Output",
EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID,
},
{
- "HII String",
+ NULL, "HII String",
EFI_HII_STRING_PROTOCOL_GUID,
},
{
- "HII Database",
+ NULL, "HII Database",
EFI_HII_DATABASE_PROTOCOL_GUID,
},
{
- "HII Config Access",
+ NULL, "HII Config Access",
EFI_HII_CONFIG_ACCESS_PROTOCOL_GUID,
},
{
- "HII Config Routing",
+ NULL, "HII Config Routing",
EFI_HII_CONFIG_ROUTING_PROTOCOL_GUID,
},
{
- "Load File",
+ NULL, "Load File",
EFI_LOAD_FILE_PROTOCOL_GUID,
},
{
- "Load File2",
+ NULL, "Load File2",
EFI_LOAD_FILE2_PROTOCOL_GUID,
},
{
- "Random Number Generator",
+ NULL, "Random Number Generator",
EFI_RNG_PROTOCOL_GUID,
},
{
- "Simple Network",
+ NULL, "Simple Network",
EFI_SIMPLE_NETWORK_PROTOCOL_GUID,
},
{
- "PXE Base Code",
+ NULL, "PXE Base Code",
EFI_PXE_BASE_CODE_PROTOCOL_GUID,
},
{
- "Device-Tree Fixup",
+ NULL, "Device-Tree Fixup",
EFI_DT_FIXUP_PROTOCOL_GUID,
},
{
- "TCG2",
+ NULL, "TCG2",
EFI_TCG2_PROTOCOL_GUID,
},
{
- "Firmware Management",
+ NULL, "Firmware Management",
EFI_FIRMWARE_MANAGEMENT_PROTOCOL_GUID
},
#if IS_ENABLED(CONFIG_EFI_HTTP_PROTOCOL)
{
- "HTTP",
+ NULL, "HTTP",
EFI_HTTP_PROTOCOL_GUID,
},
{
- "HTTP Service Binding",
+ NULL, "HTTP Service Binding",
EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID,
},
{
- "IPv4 Config2",
+ NULL, "IPv4 Config2",
EFI_IP4_CONFIG2_PROTOCOL_GUID,
},
#endif
/* Configuration table GUIDs */
{
- "ACPI table",
+ NULL, "ACPI table",
EFI_ACPI_TABLE_GUID,
},
{
- "EFI System Resource Table",
+ NULL, "EFI System Resource Table",
EFI_SYSTEM_RESOURCE_TABLE_GUID,
},
{
- "device tree",
+ NULL, "device tree",
EFI_FDT_GUID,
},
{
- "SMBIOS table",
+ NULL, "SMBIOS table",
SMBIOS_TABLE_GUID,
},
{
- "SMBIOS3 table",
+ NULL, "SMBIOS3 table",
SMBIOS3_TABLE_GUID,
},
{
- "Runtime properties",
+ NULL, "Runtime properties",
EFI_RT_PROPERTIES_TABLE_GUID,
},
{
- "TCG2 Final Events Table",
+ NULL, "TCG2 Final Events Table",
EFI_TCG2_FINAL_EVENTS_TABLE_GUID,
},
{
- "EFI Conformance Profiles Table",
+ NULL, "EFI Conformance Profiles Table",
EFI_CONFORMANCE_PROFILES_TABLE_GUID,
},
#ifdef CONFIG_EFI_RISCV_BOOT_PROTOCOL
{
- "RISC-V Boot",
+ NULL, "RISC-V Boot",
RISCV_EFI_BOOT_PROTOCOL_GUID,
},
#endif
@@ -247,35 +260,36 @@ static const struct {
#ifdef CONFIG_CMD_NVEDIT_EFI
/* signature database */
{
- "EFI_GLOBAL_VARIABLE_GUID",
+ "EFI_GLOBAL_VARIABLE_GUID", NULL,
EFI_GLOBAL_VARIABLE_GUID,
},
{
- "EFI_IMAGE_SECURITY_DATABASE_GUID",
+ "EFI_IMAGE_SECURITY_DATABASE_GUID", NULL,
EFI_IMAGE_SECURITY_DATABASE_GUID,
},
/* certificate types */
{
- "EFI_CERT_SHA256_GUID",
+ "EFI_CERT_SHA256_GUID", NULL,
EFI_CERT_SHA256_GUID,
},
{
- "EFI_CERT_X509_GUID",
+ "EFI_CERT_X509_GUID", NULL,
EFI_CERT_X509_GUID,
},
{
- "EFI_CERT_TYPE_PKCS7_GUID",
+ "EFI_CERT_TYPE_PKCS7_GUID", NULL,
EFI_CERT_TYPE_PKCS7_GUID,
},
#endif
#if defined(CONFIG_CMD_EFIDEBUG) || defined(CONFIG_EFI)
- { "EFI_LZMA_COMPRESSED", EFI_LZMA_COMPRESSED },
- { "EFI_DXE_SERVICES", EFI_DXE_SERVICES },
- { "EFI_HOB_LIST", EFI_HOB_LIST },
- { "EFI_MEMORY_TYPE", EFI_MEMORY_TYPE },
- { "EFI_MEM_STATUS_CODE_REC", EFI_MEM_STATUS_CODE_REC },
- { "EFI_GUID_EFI_ACPI1", EFI_GUID_EFI_ACPI1 },
+ { "EFI_LZMA_COMPRESSED", NULL, EFI_LZMA_COMPRESSED },
+ { "EFI_DXE_SERVICES", NULL, EFI_DXE_SERVICES },
+ { "EFI_HOB_LIST", NULL, EFI_HOB_LIST },
+ { "EFI_MEMORY_TYPE", NULL, EFI_MEMORY_TYPE },
+ { "EFI_MEM_STATUS_CODE_REC", NULL, EFI_MEM_STATUS_CODE_REC },
+ { "EFI_GUID_EFI_ACPI1", NULL, EFI_GUID_EFI_ACPI1 },
#endif
+#endif /* EFI_PARTITION */
#endif /* !USE_HOSTCC */
};
@@ -284,7 +298,8 @@ int uuid_guid_get_bin(const char *guid_str, unsigned char *guid_bin)
int i;
for (i = 0; i < ARRAY_SIZE(list_guid); i++) {
- if (!strcmp(list_guid[i].string, guid_str)) {
+ if (list_guid[i].type &&
+ !strcmp(list_guid[i].type, guid_str)) {
memcpy(guid_bin, &list_guid[i].guid, 16);
return 0;
}
@@ -298,7 +313,9 @@ const char *uuid_guid_get_str(const unsigned char *guid_bin)
for (i = 0; i < ARRAY_SIZE(list_guid); i++) {
if (!memcmp(list_guid[i].guid.b, guid_bin, 16)) {
- return list_guid[i].string;
+ if (list_guid[i].description)
+ return list_guid[i].description;
+ return list_guid[i].type;
}
}
return NULL;
@@ -312,10 +329,9 @@ int uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin,
uint64_t tmp64;
if (!uuid_str_valid(uuid_str)) {
-#ifdef CONFIG_PARTITION_TYPE_GUID
- if (!uuid_guid_get_bin(uuid_str, uuid_bin))
+ if (IS_ENABLED(CONFIG_PARTITION_TYPE_GUID) &&
+ !uuid_guid_get_bin(uuid_str, uuid_bin))
return 0;
-#endif
return -EINVAL;
}
generated by cgit v1.2.3 (git 2.0.4) at 2025-08-05 17:27:31 +0000