diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Kconfig | 21 | ||||
| -rw-r--r-- | lib/Makefile | 1 | ||||
| -rw-r--r-- | lib/addr_map.c | 2 | ||||
| -rw-r--r-- | lib/asm-offsets.c | 2 | ||||
| -rw-r--r-- | lib/efi_loader/Kconfig | 31 | ||||
| -rw-r--r-- | lib/efi_loader/Makefile | 2 | ||||
| -rw-r--r-- | lib/efi_loader/efi_bootmgr.c | 386 | ||||
| -rw-r--r-- | lib/efi_loader/efi_boottime.c | 7 | ||||
| -rw-r--r-- | lib/efi_loader/efi_disk.c | 18 | ||||
| -rw-r--r-- | lib/efi_loader/efi_gop.c | 12 | ||||
| -rw-r--r-- | lib/efi_loader/efi_setup.c | 7 | ||||
| -rw-r--r-- | lib/efi_loader/efi_smbios.c | 16 | ||||
| -rw-r--r-- | lib/efi_loader/efi_tcg2.c | 1054 | ||||
| -rw-r--r-- | lib/efi_loader/efi_var_file.c | 7 | ||||
| -rw-r--r-- | lib/efi_selftest/efi_selftest_bitblt.c | 83 | ||||
| -rw-r--r-- | lib/image-sparse.c | 4 | ||||
| -rw-r--r-- | lib/lmb.c | 37 | ||||
| -rw-r--r-- | lib/of_live.c | 141 | ||||
| -rw-r--r-- | lib/slre.c | 1 | ||||
| -rw-r--r-- | lib/tpm-v2.c | 814 |
20 files changed, 1613 insertions, 1033 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 79cf9ef0fa3..9ae846ea5f7 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -74,6 +74,13 @@ config HAVE_PRIVATE_LIBGCC config LIB_UUID bool +config RANDOM_UUID + bool "GPT Random UUID generation" + select LIB_UUID + help + Enable the generation of partitions with random UUIDs if none + are provided. + config SPL_LIB_UUID depends on SPL bool @@ -93,7 +100,7 @@ config SEMIHOSTING config SEMIHOSTING_FALLBACK bool "Recover gracefully when semihosting fails" - depends on SEMIHOSTING && (ARM64 || RISCV) + depends on SEMIHOSTING default y help Normally, if U-Boot makes a semihosting call and no debugger is @@ -116,7 +123,7 @@ config SPL_SEMIHOSTING config SPL_SEMIHOSTING_FALLBACK bool "Recover gracefully when semihosting fails in SPL" - depends on SPL_SEMIHOSTING && (ARM64 || RISCV) + depends on SPL_SEMIHOSTING select ARMV8_SPL_EXCEPTION_VECTORS if ARM64 default y help @@ -431,6 +438,10 @@ config TPM bool "Trusted Platform Module (TPM) Support" depends on DM imply DM_RNG + select SHA1 + select SHA256 + select SHA384 + select SHA512 help This enables support for TPMs which can be used to provide security features for your board. The TPM can be connected via LPC or I2C @@ -687,6 +698,12 @@ config SPL_CRC8 checksum with feedback to produce an 8-bit result. The code is small and it does not require a lookup table (unlike CRC32). +config SPL_CRC16 + bool "Support CRC16 in SPL" + depends on SPL + help + Enables CRC16 support in SPL. This is not normally required. + config CRC32 def_bool y help diff --git a/lib/Makefile b/lib/Makefile index 1c31ad9531e..2a76acf100d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -64,6 +64,7 @@ obj-$(CONFIG_TPM_V2) += tpm-v2.o endif obj-$(CONFIG_$(SPL_TPL_)CRC8) += crc8.o +obj-$(CONFIG_$(SPL_TPL_)CRC16) += crc16.o obj-y += crypto/ diff --git a/lib/addr_map.c b/lib/addr_map.c index 9b3e0a544e4..86e932e4b56 100644 --- a/lib/addr_map.c +++ b/lib/addr_map.c @@ -59,7 +59,7 @@ void *addrmap_phys_to_virt(phys_addr_t paddr) void addrmap_set_entry(unsigned long vaddr, phys_addr_t paddr, phys_size_t size, int idx) { - if (idx > CONFIG_SYS_NUM_ADDR_MAP) + if (idx >= CONFIG_SYS_NUM_ADDR_MAP) return; address_map[idx].vaddr = vaddr; diff --git a/lib/asm-offsets.c b/lib/asm-offsets.c index 0808cd4b0c1..216d9716d0d 100644 --- a/lib/asm-offsets.c +++ b/lib/asm-offsets.c @@ -32,7 +32,7 @@ int main(void) DEFINE(GD_FLAGS, offsetof(struct global_data, flags)); -#if CONFIG_VAL(SYS_MALLOC_F_LEN) +#if CONFIG_IS_ENABLED(SYS_MALLOC_F) DEFINE(GD_MALLOC_BASE, offsetof(struct global_data, malloc_base)); #endif diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index d20aaab6dba..ea807342f02 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -32,14 +32,14 @@ config EFI_LOADER if EFI_LOADER -config CMD_BOOTEFI_BOOTMGR +config BOOTEFI_BOOTMGR bool "UEFI Boot Manager" default y select BOOTMETH_GLOBAL if BOOTSTD help Select this option if you want to select the UEFI binary to be booted - via UEFI variables Boot####, BootOrder, and BootNext. This enables the - 'bootefi bootmgr' command. + via UEFI variables Boot####, BootOrder, and BootNext. You should also + normally enable CMD_BOOTEFI_BOOTMGR so that the command is available. choice prompt "Store for non-volatile UEFI variables" @@ -133,18 +133,20 @@ endif config EFI_VAR_BUF_SIZE int "Memory size of the UEFI variable store" - default 16384 if EFI_MM_COMM_TEE - default 65536 + default 131072 range 4096 2147483647 help This defines the size in bytes of the memory area reserved for keeping UEFI variables. - When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) this value should - match the value of PcdFlashNvStorageVariableSize used to compile the - StandAloneMM module. + When using StandAloneMM (CONFIG_EFI_MM_COMM_TEE=y) is used the + available size for storing variables is defined in + PcdFlashNvStorageVariableSize. + That value is probed at runtime from U-Boot. In that case, + EFI_VAR_BUF_SIZE represents the memory U-Boot reserves to present + runtime variables to the OS. - Minimum 4096, default 65536, or 16384 when using StandAloneMM. + Minimum 4096, default 131072 config EFI_GET_TIME bool "GetTime() runtime service" @@ -379,8 +381,6 @@ config EFI_TCG2_PROTOCOL bool "EFI_TCG2_PROTOCOL support" default y depends on TPM_V2 - # Sandbox TPM currently fails on GetCapabilities needed for TCG2 - depends on !SANDBOX select SHA1 select SHA256 select SHA384 @@ -479,4 +479,13 @@ config EFI_RISCV_BOOT_PROTOCOL replace the transfer via the device-tree. The latter is not possible on systems using ACPI. +config EFI_HTTP_BOOT + bool "EFI HTTP Boot support" + select CMD_DNS + select CMD_WGET + select BLKMAP + help + Enabling this option adds EFI HTTP Boot support. It allows to + directly boot from network. + endif diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8d31fc61c60..0a2cb6e3c47 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -42,7 +42,7 @@ targets += initrddump.o endif obj-$(CONFIG_CMD_BOOTEFI_HELLO) += helloworld_efi.o -obj-$(CONFIG_CMD_BOOTEFI_BOOTMGR) += efi_bootmgr.o +obj-$(CONFIG_BOOTEFI_BOOTMGR) += efi_bootmgr.o obj-y += efi_boottime.o obj-y += efi_helper.o obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c index a40762c74c8..48153bd5ffb 100644 --- a/lib/efi_loader/efi_bootmgr.c +++ b/lib/efi_loader/efi_bootmgr.c @@ -7,10 +7,14 @@ #define LOG_CATEGORY LOGC_EFI +#include <blk.h> +#include <blkmap.h> #include <common.h> #include <charset.h> +#include <dm.h> #include <log.h> #include <malloc.h> +#include <net.h> #include <efi_default_filename.h> #include <efi_loader.h> #include <efi_variable.h> @@ -19,6 +23,23 @@ static const struct efi_boot_services *bs; static const struct efi_runtime_services *rs; +/** + * struct uridp_context - uri device path resource + * + * @image_size: image size + * @image_addr: image address + * @loaded_dp: pointer to loaded device path + * @ramdisk_blk_dev: pointer to the ramdisk blk device + * @mem_handle: efi_handle to the loaded PE-COFF image + */ +struct uridp_context { + ulong image_size; + ulong image_addr; + struct efi_device_path *loaded_dp; + struct udevice *ramdisk_blk_dev; + efi_handle_t mem_handle; +}; + const efi_guid_t efi_guid_bootmenu_auto_generated = EFICONFIG_AUTO_GENERATED_ENTRY_GUID; @@ -169,6 +190,364 @@ out: } /** + * mount_image() - mount the image with blkmap + * + * @lo_label: u16 label string of load option + * @addr: image address + * @size: image size + * Return: pointer to the UCLASS_BLK udevice, NULL if failed + */ +static struct udevice *mount_image(u16 *lo_label, ulong addr, ulong size) +{ + int err; + struct blkmap *bm; + struct udevice *bm_dev; + char *label = NULL, *p; + + label = efi_alloc(utf16_utf8_strlen(lo_label) + 1); + if (!label) + return NULL; + + p = label; + utf16_utf8_strcpy(&p, lo_label); + err = blkmap_create_ramdisk(label, addr, size, &bm_dev); + if (err) { + efi_free_pool(label); + return NULL; + } + bm = dev_get_plat(bm_dev); + + efi_free_pool(label); + + return bm->blk; +} + +/** + * search_default_file() - search default file + * + * @dev: pointer to the UCLASS_BLK or UCLASS_PARTITION udevice + * @loaded_dp: pointer to default file device path + * Return: status code + */ +static efi_status_t search_default_file(struct udevice *dev, + struct efi_device_path **loaded_dp) +{ + efi_status_t ret; + efi_handle_t handle; + u16 *default_file_name = NULL; + struct efi_file_handle *root, *f; + struct efi_device_path *dp = NULL, *fp = NULL; + struct efi_simple_file_system_protocol *file_system; + struct efi_device_path *device_path, *full_path = NULL; + + if (dev_tag_get_ptr(dev, DM_TAG_EFI, (void **)&handle)) { + log_warning("DM_TAG_EFI not found\n"); + return EFI_INVALID_PARAMETER; + } + + ret = EFI_CALL(bs->open_protocol(handle, &efi_guid_device_path, + (void **)&device_path, efi_root, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL)); + if (ret != EFI_SUCCESS) + return ret; + + ret = EFI_CALL(bs->open_protocol(handle, &efi_simple_file_system_protocol_guid, + (void **)&file_system, efi_root, NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL)); + if (ret != EFI_SUCCESS) + return ret; + + ret = EFI_CALL(file_system->open_volume(file_system, &root)); + if (ret != EFI_SUCCESS) + return ret; + + full_path = expand_media_path(device_path); + ret = efi_dp_split_file_path(full_path, &dp, &fp); + if (ret != EFI_SUCCESS) + goto err; + + default_file_name = efi_dp_str(fp); + efi_free_pool(dp); + efi_free_pool(fp); + if (!default_file_name) { + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + ret = EFI_CALL(root->open(root, &f, default_file_name, + EFI_FILE_MODE_READ, 0)); + efi_free_pool(default_file_name); + if (ret != EFI_SUCCESS) + goto err; + + EFI_CALL(f->close(f)); + EFI_CALL(root->close(root)); + + *loaded_dp = full_path; + + return EFI_SUCCESS; + +err: + EFI_CALL(root->close(root)); + efi_free_pool(full_path); + + return ret; +} + +/** + * check_disk_has_default_file() - load the default file + * + * @blk: pointer to the UCLASS_BLK udevice + * @dp: pointer to default file device path + * Return: status code + */ +static efi_status_t check_disk_has_default_file(struct udevice *blk, + struct efi_device_path **dp) +{ + efi_status_t ret; + struct udevice *partition; + + /* image that has no partition table but a file system */ + ret = search_default_file(blk, dp); + if (ret == EFI_SUCCESS) + return ret; + + /* try the partitions */ + device_foreach_child(partition, blk) { + enum uclass_id id; + + id = device_get_uclass_id(partition); + if (id != UCLASS_PARTITION) + continue; + + ret = search_default_file(partition, dp); + if (ret == EFI_SUCCESS) + return ret; + } + + return EFI_NOT_FOUND; +} + +/** + * prepare_loaded_image() - prepare ramdisk for downloaded image + * + * @label: label of load option + * @addr: image address + * @size: image size + * @dp: pointer to default file device path + * @blk: pointer to created blk udevice + * Return: status code + */ +static efi_status_t prepare_loaded_image(u16 *label, ulong addr, ulong size, + struct efi_device_path **dp, + struct udevice **blk) +{ + efi_status_t ret; + struct udevice *ramdisk_blk; + + ramdisk_blk = mount_image(label, addr, size); + if (!ramdisk_blk) + return EFI_LOAD_ERROR; + + ret = check_disk_has_default_file(ramdisk_blk, dp); + if (ret != EFI_SUCCESS) { + log_info("Cannot boot from downloaded image\n"); + goto err; + } + + /* + * TODO: expose the ramdisk to OS. + * Need to pass the ramdisk information by the architecture-specific + * methods such as 'pmem' device-tree node. + */ + ret = efi_add_memory_map(addr, size, EFI_RESERVED_MEMORY_TYPE); + if (ret != EFI_SUCCESS) { + log_err("Memory reservation failed\n"); + goto err; + } + + *blk = ramdisk_blk; + + return EFI_SUCCESS; + +err: + if (blkmap_destroy(ramdisk_blk->parent)) + log_err("Destroying blkmap failed\n"); + + return ret; +} + +/** + * efi_bootmgr_release_uridp_resource() - cleanup uri device path resource + * + * @ctx: event context + * Return: status code + */ +efi_status_t efi_bootmgr_release_uridp_resource(struct uridp_context *ctx) +{ + efi_status_t ret = EFI_SUCCESS; + + if (!ctx) + return ret; + + /* cleanup for iso or img image */ + if (ctx->ramdisk_blk_dev) { + ret = efi_add_memory_map(ctx->image_addr, ctx->image_size, + EFI_CONVENTIONAL_MEMORY); + if (ret != EFI_SUCCESS) + log_err("Reclaiming memory failed\n"); + + if (blkmap_destroy(ctx->ramdisk_blk_dev->parent)) { + log_err("Destroying blkmap failed\n"); + ret = EFI_DEVICE_ERROR; + } + } + + /* cleanup for PE-COFF image */ + if (ctx->mem_handle) { + ret = efi_uninstall_multiple_protocol_interfaces( + ctx->mem_handle, &efi_guid_device_path, ctx->loaded_dp, + NULL); + if (ret != EFI_SUCCESS) + log_err("Uninstall device_path protocol failed\n"); + } + + efi_free_pool(ctx->loaded_dp); + free(ctx); + + return ret; +} + +/** + * efi_bootmgr_image_return_notify() - return to efibootmgr callback + * + * @event: the event for which this notification function is registered + * @context: event context + */ +static void EFIAPI efi_bootmgr_image_return_notify(struct efi_event *event, + void *context) +{ + efi_status_t ret; + + EFI_ENTRY("%p, %p", event, context); + ret = efi_bootmgr_release_uridp_resource(context); + EFI_EXIT(ret); +} + +/** + * try_load_from_uri_path() - Handle the URI device path + * + * @uridp: uri device path + * @lo_label: label of load option + * @handle: pointer to handle for newly installed image + * Return: status code + */ +static efi_status_t try_load_from_uri_path(struct efi_device_path_uri *uridp, + u16 *lo_label, + efi_handle_t *handle) +{ + char *s; + int err; + int uri_len; + efi_status_t ret; + void *source_buffer; + efi_uintn_t source_size; + struct uridp_context *ctx; + struct udevice *blk = NULL; + struct efi_event *event = NULL; + efi_handle_t mem_handle = NULL; + struct efi_device_path *loaded_dp; + static ulong image_size, image_addr; + + ctx = calloc(1, sizeof(struct uridp_context)); + if (!ctx) + return EFI_OUT_OF_RESOURCES; + + s = env_get("loadaddr"); + if (!s) { + log_err("Error: loadaddr is not set\n"); + ret = EFI_INVALID_PARAMETER; + goto err; + } + + image_addr = hextoul(s, NULL); + err = wget_with_dns(image_addr, uridp->uri); + if (err < 0) { + ret = EFI_INVALID_PARAMETER; + goto err; + } + + image_size = env_get_hex("filesize", 0); + if (!image_size) { + ret = EFI_INVALID_PARAMETER; + goto err; + } + + /* + * If the file extension is ".iso" or ".img", mount it and try to load + * the default file. + * If the file is PE-COFF image, load the downloaded file. + */ + uri_len = strlen(uridp->uri); + if (!strncmp(&uridp->uri[uri_len - 4], ".iso", 4) || + !strncmp(&uridp->uri[uri_len - 4], ".img", 4)) { + ret = prepare_loaded_image(lo_label, image_addr, image_size, + &loaded_dp, &blk); + if (ret != EFI_SUCCESS) + goto err; + + source_buffer = NULL; + source_size = 0; + } else if (efi_check_pe((void *)image_addr, image_size, NULL) == EFI_SUCCESS) { + /* + * loaded_dp must exist until efi application returns, + * will be freed in return_to_efibootmgr event callback. + */ + loaded_dp = efi_dp_from_mem(EFI_RESERVED_MEMORY_TYPE, + (uintptr_t)image_addr, image_size); + ret = efi_install_multiple_protocol_interfaces( + &mem_handle, &efi_guid_device_path, loaded_dp, NULL); + if (ret != EFI_SUCCESS) + goto err; + + source_buffer = (void *)image_addr; + source_size = image_size; + } else { + log_err("Error: file type is not supported\n"); + ret = EFI_UNSUPPORTED; + goto err; + } + + ctx->image_size = image_size; + ctx->image_addr = image_addr; + ctx->loaded_dp = loaded_dp; + ctx->ramdisk_blk_dev = blk; + ctx->mem_handle = mem_handle; + + ret = EFI_CALL(efi_load_image(false, efi_root, loaded_dp, source_buffer, + source_size, handle)); + if (ret != EFI_SUCCESS) + goto err; + + /* create event for cleanup when the image returns or error occurs */ + ret = efi_create_event(EVT_NOTIFY_SIGNAL, TPL_CALLBACK, + efi_bootmgr_image_return_notify, ctx, + &efi_guid_event_group_return_to_efibootmgr, + &event); + if (ret != EFI_SUCCESS) { + log_err("Creating event failed\n"); + goto err; + } + + return ret; + +err: + efi_bootmgr_release_uridp_resource(ctx); + + return ret; +} + +/** * try_load_entry() - try to load image for boot option * * Attempt to load load-option number 'n', returning device_path and file_path @@ -211,6 +590,13 @@ static efi_status_t try_load_entry(u16 n, efi_handle_t *handle, if (EFI_DP_TYPE(lo.file_path, MEDIA_DEVICE, FILE_PATH)) { /* file_path doesn't contain a device path */ ret = try_load_from_short_path(lo.file_path, handle); + } else if (EFI_DP_TYPE(lo.file_path, MESSAGING_DEVICE, MSG_URI)) { + if (IS_ENABLED(CONFIG_EFI_HTTP_BOOT)) + ret = try_load_from_uri_path( + (struct efi_device_path_uri *)lo.file_path, + lo.label, handle); + else + ret = EFI_LOAD_ERROR; } else { file_path = expand_media_path(lo.file_path); ret = EFI_CALL(efi_load_image(true, efi_root, file_path, diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 0b7579cb5af..3767fa2db42 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -90,6 +90,9 @@ const efi_guid_t efi_guid_event_group_ready_to_boot = /* event group ResetSystem() invoked (before ExitBootServices) */ const efi_guid_t efi_guid_event_group_reset_system = EFI_EVENT_GROUP_RESET_SYSTEM; +/* event group return to efibootmgr */ +const efi_guid_t efi_guid_event_group_return_to_efibootmgr = + EFI_EVENT_GROUP_RETURN_TO_EFIBOOTMGR; /* GUIDs of the Load File and Load File2 protocols */ const efi_guid_t efi_guid_load_file_protocol = EFI_LOAD_FILE_PROTOCOL_GUID; const efi_guid_t efi_guid_load_file2_protocol = EFI_LOAD_FILE2_PROTOCOL_GUID; @@ -712,7 +715,7 @@ efi_status_t efi_create_event(uint32_t type, efi_uintn_t notify_tpl, void (EFIAPI *notify_function) ( struct efi_event *event, void *context), - void *notify_context, efi_guid_t *group, + void *notify_context, const efi_guid_t *group, struct efi_event **event) { struct efi_event *evt; @@ -790,7 +793,7 @@ efi_status_t EFIAPI efi_create_event_ex(uint32_t type, efi_uintn_t notify_tpl, struct efi_event *event, void *context), void *notify_context, - efi_guid_t *event_group, + const efi_guid_t *event_group, struct efi_event **event) { efi_status_t ret; diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c index f0d76113b00..b808a7fe627 100644 --- a/lib/efi_loader/efi_disk.c +++ b/lib/efi_loader/efi_disk.c @@ -690,6 +690,13 @@ int efi_disk_probe(void *ctx, struct event *event) return -1; } + /* only do the boot option management when UEFI sub-system is initialized */ + if (IS_ENABLED(CONFIG_CMD_BOOTEFI_BOOTMGR) && efi_obj_list_initialized == EFI_SUCCESS) { + ret = efi_bootmgr_update_media_device_boot_option(); + if (ret != EFI_SUCCESS) + return -1; + } + return 0; } @@ -742,6 +749,17 @@ int efi_disk_remove(void *ctx, struct event *event) dev_tag_del(dev, DM_TAG_EFI); return 0; + + /* + * TODO A flag to distinguish below 2 different scenarios of this + * function call is needed: + * a) Unplugging of a removable media under U-Boot + * b) U-Boot exiting and booting an OS + * In case of scenario a), efi_bootmgr_update_media_device_boot_option() + * needs to be invoked here to update the boot options and remove the + * unnecessary ones. + */ + } /** diff --git a/lib/efi_loader/efi_gop.c b/lib/efi_loader/efi_gop.c index 778b693f983..a09db31eb46 100644 --- a/lib/efi_loader/efi_gop.c +++ b/lib/efi_loader/efi_gop.c @@ -10,6 +10,7 @@ #include <efi_loader.h> #include <log.h> #include <malloc.h> +#include <mapmem.h> #include <video.h> #include <asm/global_data.h> @@ -467,10 +468,10 @@ efi_status_t efi_gop_register(void) struct efi_gop_obj *gopobj; u32 bpix, format, col, row; u64 fb_base, fb_size; - void *fb; efi_status_t ret; struct udevice *vdev; struct video_priv *priv; + struct video_uc_plat *plat; /* We only support a single video output device for now */ if (uclass_first_device_err(UCLASS_VIDEO, &vdev)) { @@ -483,9 +484,10 @@ efi_status_t efi_gop_register(void) format = priv->format; col = video_get_xsize(vdev); row = video_get_ysize(vdev); - fb_base = (uintptr_t)priv->fb; - fb_size = priv->fb_size; - fb = priv->fb; + + plat = dev_get_uclass_plat(vdev); + fb_base = IS_ENABLED(CONFIG_VIDEO_COPY) ? plat->copy_base : plat->base; + fb_size = plat->size; switch (bpix) { case VIDEO_BPP16: @@ -547,7 +549,7 @@ efi_status_t efi_gop_register(void) } gopobj->info.pixels_per_scanline = col; gopobj->bpix = bpix; - gopobj->fb = fb; + gopobj->fb = map_sysmem(fb_base, fb_size); return EFI_SUCCESS; } diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index e6de685e879..37359a77bbc 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -245,6 +245,13 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; + if (IS_ENABLED(CONFIG_CMD_BOOTEFI_BOOTMGR)) { + /* update boot option after variable service initialized */ + ret = efi_bootmgr_update_media_device_boot_option(); + if (ret != EFI_SUCCESS) + goto out; + } + /* Define supported languages */ ret = efi_init_platform_lang(); if (ret != EFI_SUCCESS) diff --git a/lib/efi_loader/efi_smbios.c b/lib/efi_loader/efi_smbios.c index 48446f654d9..0fbf51b98d0 100644 --- a/lib/efi_loader/efi_smbios.c +++ b/lib/efi_loader/efi_smbios.c @@ -49,25 +49,27 @@ efi_status_t efi_smbios_register(void) static int install_smbios_table(void) { - ulong addr; - void *buf; + u64 addr; + efi_status_t ret; if (!IS_ENABLED(CONFIG_GENERATE_SMBIOS_TABLE) || IS_ENABLED(CONFIG_X86)) return 0; - /* Align the table to a 4KB boundary to keep EFI happy */ - buf = memalign(SZ_4K, TABLE_SIZE); - if (!buf) + addr = SZ_4G; + ret = efi_allocate_pages(EFI_ALLOCATE_MAX_ADDRESS, + EFI_RUNTIME_SERVICES_DATA, + efi_size_in_pages(TABLE_SIZE), &addr); + if (ret != EFI_SUCCESS) return log_msg_ret("mem", -ENOMEM); - addr = map_to_sysmem(buf); + addr = map_to_sysmem((void *)(uintptr_t)addr); if (!write_smbios_table(addr)) { log_err("Failed to write SMBIOS table\n"); return log_msg_ret("smbios", -EINVAL); } /* Make a note of where we put it */ - log_debug("SMBIOS tables written to %lx\n", addr); + log_debug("SMBIOS tables written to %llx\n", addr); gd->arch.smbios_start = addr; return 0; diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 7b7926a0d46..463ea4c1541 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -66,35 +66,6 @@ static bool tcg2_efi_app_invoked; static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID; static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID; -struct digest_info { - u16 hash_alg; - u32 hash_mask; - u16 hash_len; -}; - -static const struct digest_info hash_algo_list[] = { - { - TPM2_ALG_SHA1, - EFI_TCG2_BOOT_HASH_ALG_SHA1, - TPM2_SHA1_DIGEST_SIZE, - }, - { - TPM2_ALG_SHA256, - EFI_TCG2_BOOT_HASH_ALG_SHA256, - TPM2_SHA256_DIGEST_SIZE, - }, - { - TPM2_ALG_SHA384, - EFI_TCG2_BOOT_HASH_ALG_SHA384, - TPM2_SHA384_DIGEST_SIZE, - }, - { - TPM2_ALG_SHA512, - EFI_TCG2_BOOT_HASH_ALG_SHA512, - TPM2_SHA512_DIGEST_SIZE, - }, -}; - struct variable_info { const u16 *name; bool accept_empty; @@ -113,46 +84,6 @@ static struct variable_info secure_variables[] = { {u"AuditMode", false, 1}, }; -#define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list) - -/** - * alg_to_mask - Get a TCG hash mask for algorithms - * - * @hash_alg: TCG defined algorithm - * - * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported - */ -static u32 alg_to_mask(u16 hash_alg) -{ - size_t i; - - for (i = 0; i < MAX_HASH_COUNT; i++) { - if (hash_algo_list[i].hash_alg == hash_alg) - return hash_algo_list[i].hash_mask; - } - - return 0; -} - -/** - * alg_to_len - Get a TCG hash len for algorithms - * - * @hash_alg: TCG defined algorithm - * - * @Return: len of chosen algorithm, 0 if the algorithm is not supported - */ -static u16 alg_to_len(u16 hash_alg) -{ - size_t i; - - for (i = 0; i < MAX_HASH_COUNT; i++) { - if (hash_algo_list[i].hash_alg == hash_alg) - return hash_algo_list[i].hash_len; - } - - return 0; -} - static bool is_tcg2_protocol_installed(void) { struct efi_handler *handler; @@ -162,145 +93,6 @@ static bool is_tcg2_protocol_installed(void) return ret == EFI_SUCCESS; } -static u32 tcg_event_final_size(struct tpml_digest_values *digest_list) -{ - u32 len; - size_t i; - - len = offsetof(struct tcg_pcr_event2, digests); - len += offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; i++) { - u16 hash_alg = digest_list->digests[i].hash_alg; - - len += offsetof(struct tpmt_ha, digest); - len += alg_to_len(hash_alg); - } - len += sizeof(u32); /* tcg_pcr_event2 event_size*/ - - return len; -} - -/* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values - * - * @dev: device - * @digest_list: list of digest algorithms to extend - * - * @Return: status code - */ -static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - u32 rc; - size_t i; - - for (i = 0; i < digest_list->count; i++) { - u32 alg = digest_list->digests[i].hash_alg; - - rc = tpm2_pcr_extend(dev, pcr_index, alg, - (u8 *)&digest_list->digests[i].digest, - alg_to_len(alg)); - if (rc) { - EFI_PRINT("Failed to extend PCR\n"); - return EFI_DEVICE_ERROR; - } - } - - return EFI_SUCCESS; -} - -/* tcg2_pcr_read - Read PCRs for a TPM2 device for a given tpml_digest_values - * - * @dev: device - * @pcr_index: PCR index - * @digest_list: list of digest algorithms to extend - * - * @Return: status code - */ -static efi_status_t tcg2_pcr_read(struct udevice *dev, u32 pcr_index, - struct tpml_digest_values *digest_list) -{ - struct tpm_chip_priv *priv; - unsigned int updates, pcr_select_min; - u32 rc; - size_t i; - - priv = dev_get_uclass_priv(dev); - if (!priv) - return EFI_DEVICE_ERROR; - - pcr_select_min = priv->pcr_select_min; - - for (i = 0; i < digest_list->count; i++) { - u16 hash_alg = digest_list->digests[i].hash_alg; - u8 *digest = (u8 *)&digest_list->digests[i].digest; - - rc = tpm2_pcr_read(dev, pcr_index, pcr_select_min, - hash_alg, digest, alg_to_len(hash_alg), - &updates); - if (rc) { - EFI_PRINT("Failed to read PCR\n"); - return EFI_DEVICE_ERROR; - } - } - - return EFI_SUCCESS; -} - -/* put_event - Append an agile event to an eventlog - * - * @pcr_index: PCR index - * @event_type: type of event added - * @digest_list: list of digest algorithms to add - * @size: size of event - * @event: event to add - * @log: log buffer to append the event - * - */ -static void put_event(u32 pcr_index, u32 event_type, - struct tpml_digest_values *digest_list, u32 size, - u8 event[], void *log) -{ - size_t pos; - size_t i; - u32 event_size; - - /* - * size refers to the length of event[] only, we need to check against - * the final tcg_pcr_event2 size - */ - event_size = size + tcg_event_final_size(digest_list); - - put_unaligned_le32(pcr_index, log); - pos = offsetof(struct tcg_pcr_event2, event_type); - put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos)); - pos = offsetof(struct tcg_pcr_event2, digests); /* count */ - put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos)); - - pos += offsetof(struct tpml_digest_values, digests); - for (i = 0; i < digest_list->count; i++) { - u16 hash_alg = digest_list->digests[i].hash_alg; - u8 *digest = (u8 *)&digest_list->digests[i].digest; - - put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos)); - pos += offsetof(struct tpmt_ha, digest); - memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg)); - pos += alg_to_len(hash_alg); - } - - put_unaligned_le32(size, (void *)((uintptr_t)log + pos)); - pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ - memcpy((void *)((uintptr_t)log + pos), event, size); - pos += size; - - /* - * make sure the calculated buffer is what we checked against - * This check should never fail. It checks the code above is - * calculating the right length for the event we are adding - */ - if (pos != event_size) - log_err("Appending to the EventLog failed\n"); -} - /* tcg2_agile_log_append - Append an agile event to an eventlog * * @pcr_index: PCR index @@ -317,7 +109,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, u32 size, u8 event[]) { void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos); - u32 event_size = size + tcg_event_final_size(digest_list); + u32 event_size = size + tcg2_event_get_size(digest_list); struct efi_tcg2_final_events_table *final_event; efi_status_t ret = EFI_SUCCESS; @@ -328,7 +120,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, event_log.truncated = true; return EFI_VOLUME_FULL; } - put_event(pcr_index, event_type, digest_list, size, event, log); + tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); event_log.pos += event_size; event_log.last_event_size = event_size; } @@ -341,7 +133,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, return EFI_VOLUME_FULL; log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos); - put_event(pcr_index, event_type, digest_list, size, event, log); + tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); final_event = event_log.final_buffer; final_event->number_of_events++; @@ -351,66 +143,6 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, } /** - * platform_get_tpm_device() - retrieve TPM device - * - * This function retrieves the udevice implementing a TPM - * - * This function may be overridden if special initialization is needed. - * - * @dev: udevice - * Return: status code - */ -__weak efi_status_t platform_get_tpm2_device(struct udevice **dev) -{ - for_each_tpm_device(*dev) { - /* Only support TPMv2 devices */ - if (tpm_get_version(*dev) == TPM_V2) - return EFI_SUCCESS; - } - - return EFI_NOT_FOUND; -} - -/** - * platform_get_eventlog() - retrieve the eventlog address and size - * - * This function retrieves the eventlog address and size if the underlying - * firmware has done some measurements and passed them. - * - * This function may be overridden based on platform specific method of - * passing the eventlog address and size. - * - * @dev: udevice - * @addr: eventlog address - * @sz: eventlog size - * Return: status code - */ -__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, - u32 *sz) -{ - const u64 *basep; - const u32 *sizep; - - basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); - if (!basep) - return EFI_NOT_FOUND; - - *addr = be64_to_cpup((__force __be64 *)basep); - - sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); - if (!sizep) - return EFI_NOT_FOUND; - - *sz = be32_to_cpup((__force __be32 *)sizep); - if (*sz == 0) { - log_debug("event log empty\n"); - return EFI_NOT_FOUND; - } - - return EFI_SUCCESS; -} - -/** * tpm2_get_max_command_size() - get the supported max command size * * @dev: TPM device @@ -486,238 +218,6 @@ static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id) } /** - * tpm2_get_num_pcr() - get the number of PCRs - * - * @dev: TPM device - * @manufacturer_id: output buffer for the number - * - * Return: 0 on success, -1 on error - */ -static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr) -{ - u8 response[TPM2_RESPONSE_BUFFER_SIZE]; - u32 ret; - - memset(response, 0, sizeof(response)); - ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, - TPM2_PT_PCR_COUNT, response, 1); - if (ret) - return -1; - - *num_pcr = get_unaligned_be32(response + properties_offset); - if (*num_pcr > TPM2_MAX_PCRS) - return -1; - - return 0; -} - -/** - * is_active_pcr() - Check if a supported algorithm is active - * - * @dev: TPM device - * @selection: struct of PCR information - * - * Return: true if PCR is active - */ -static bool is_active_pcr(struct tpms_pcr_selection *selection) -{ - int i; - /* - * check the pcr_select. If at least one of the PCRs supports the - * algorithm add it on the active ones - */ - for (i = 0; i < selection->size_of_select; i++) { - if (selection->pcr_select[i]) - return true; - } - - return false; -} - -/** - * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks - * - * @dev: TPM device - * @supported_pcr: bitmask with the algorithms supported - * @active_pcr: bitmask with the active algorithms - * @pcr_banks: number of PCR banks - * - * Return: 0 on success, -1 on error - */ -static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, - u32 *active_pcr, u32 *pcr_banks) -{ - u8 response[TPM2_RESPONSE_BUFFER_SIZE]; - struct tpml_pcr_selection pcrs; - u32 ret, num_pcr; - size_t i; - int tpm_ret; - - *supported_pcr = 0; - *active_pcr = 0; - *pcr_banks = 0; - memset(response, 0, sizeof(response)); - ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); - if (ret) - goto out; - - pcrs.count = get_unaligned_be32(response); - /* - * We only support 5 algorithms for now so check against that - * instead of TPM2_NUM_PCR_BANKS - */ - if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1) - goto out; - - tpm_ret = tpm2_get_num_pcr(dev, &num_pcr); - if (tpm_ret) - goto out; - - for (i = 0; i < pcrs.count; i++) { - /* - * Definition of TPMS_PCR_SELECTION Structure - * hash: u16 - * size_of_select: u8 - * pcr_select: u8 array - * - * The offsets depend on the number of the device PCRs - * so we have to calculate them based on that - */ - u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) + - i * offsetof(struct tpms_pcr_selection, pcr_select) + - i * ((num_pcr + 7) / 8); - u32 size_select_offset = - hash_offset + offsetof(struct tpms_pcr_selection, - size_of_select); - u32 pcr_select_offset = - hash_offset + offsetof(struct tpms_pcr_selection, - pcr_select); - - pcrs.selection[i].hash = - get_unaligned_be16(response + hash_offset); - pcrs.selection[i].size_of_select = - __get_unaligned_be(response + size_select_offset); - if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) - goto out; - /* copy the array of pcr_select */ - memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset, - pcrs.selection[i].size_of_select); - } - - for (i = 0; i < pcrs.count; i++) { - u32 hash_mask = alg_to_mask(pcrs.selection[i].hash); - - if (hash_mask) { - *supported_pcr |= hash_mask; - if (is_active_pcr(&pcrs.selection[i])) - *active_pcr |= hash_mask; - } else { - EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash); - } - } - - *pcr_banks = pcrs.count; - - return 0; -out: - return -1; -} - -/** - * __get_active_pcr_banks() - returns the currently active PCR banks - * - * @active_pcr_banks: pointer for receiving the bitmap of currently - * active PCR banks - * - * Return: status code - */ -static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks) -{ - struct udevice *dev; - u32 active = 0, supported = 0, pcr_banks = 0; - efi_status_t ret; - int err; - - ret = platform_get_tpm2_device(&dev); - if (ret != EFI_SUCCESS) - goto out; - - err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); - if (err) { - ret = EFI_DEVICE_ERROR; - goto out; - } - - *active_pcr_banks = active; - -out: - return ret; -} - -/* tcg2_create_digest - create a list of digests of the supported PCR banks - * for a given memory range - * - * @input: input memory - * @length: length of buffer to calculate the digest - * @digest_list: list of digests to fill in - * - * Return: status code - */ -static efi_status_t tcg2_create_digest(const u8 *input, u32 length, - struct tpml_digest_values *digest_list) -{ - sha1_context ctx; - sha256_context ctx_256; - sha512_context ctx_512; - u8 final[TPM2_SHA512_DIGEST_SIZE]; - efi_status_t ret; - u32 active; - size_t i; - - ret = __get_active_pcr_banks(&active); - if (ret != EFI_SUCCESS) - return ret; - - digest_list->count = 0; - for (i = 0; i < MAX_HASH_COUNT; i++) { - u16 hash_alg = hash_algo_list[i].hash_alg; - - if (!(active & alg_to_mask(hash_alg))) - continue; - switch (hash_alg) { - case TPM2_ALG_SHA1: - sha1_starts(&ctx); - sha1_update(&ctx, input, length); - sha1_finish(&ctx, final); - break; - case TPM2_ALG_SHA256: - sha256_starts(&ctx_256); - sha256_update(&ctx_256, input, length); - sha256_finish(&ctx_256, final); - break; - case TPM2_ALG_SHA384: - sha384_starts(&ctx_512); - sha384_update(&ctx_512, input, length); - sha384_finish(&ctx_512, final); - break; - case TPM2_ALG_SHA512: - sha512_starts(&ctx_512); - sha512_update(&ctx_512, input, length); - sha512_finish(&ctx_512, final); - break; - default: - continue; - } - digest_list->digests[digest_list->count].hash_alg = hash_alg; - memcpy(&digest_list->digests[digest_list->count].digest, final, - (u32)alg_to_len(hash_alg)); - digest_list->count++; - } - - return EFI_SUCCESS; -} - -/** * efi_tcg2_get_capability() - protocol capability information and state information * * @this: TCG2 protocol instance @@ -758,7 +258,7 @@ efi_tcg2_get_capability(struct efi_tcg2_protocol *this, capability->protocol_version.major = 1; capability->protocol_version.minor = 1; - efi_ret = platform_get_tpm2_device(&dev); + efi_ret = tcg2_platform_get_tpm2(&dev); if (efi_ret != EFI_SUCCESS) { capability->supported_event_logs = 0; capability->hash_algorithm_bitmap = 0; @@ -854,7 +354,7 @@ efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this, goto out; } - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) { event_log_location = NULL; event_log_last_entry = NULL; @@ -889,6 +389,7 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, struct efi_image_regions *regs = NULL; void *new_efi = NULL; u8 hash[TPM2_SHA512_DIGEST_SIZE]; + struct udevice *dev; efi_status_t ret; u32 active; int i; @@ -904,16 +405,20 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, goto out; } - ret = __get_active_pcr_banks(&active); + ret = tcg2_platform_get_tpm2(&dev); + if (ret != EFI_SUCCESS) + goto out; + + ret = tcg2_get_active_pcr_banks(dev, &active); if (ret != EFI_SUCCESS) { goto out; } digest_list->count = 0; - for (i = 0; i < MAX_HASH_COUNT; i++) { - u16 hash_alg = hash_algo_list[i].hash_alg; + for (i = 0; i < ARRAY_SIZE(tpm2_supported_algorithms); i++) { + u16 hash_alg = tpm2_supported_algorithms[i]; - if (!(active & alg_to_mask(hash_alg))) + if (!(active & tpm2_algorithm_to_mask(hash_alg))) continue; switch (hash_alg) { case TPM2_ALG_SHA1: @@ -933,7 +438,7 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, } digest_list->digests[digest_list->count].hash_alg = hash_alg; memcpy(&digest_list->digests[digest_list->count].digest, hash, - (u32)alg_to_len(hash_alg)); + (u32)tpm2_algorithm_to_len(hash_alg)); digest_list->count++; } @@ -973,7 +478,7 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return EFI_SECURITY_VIOLATION; @@ -1082,7 +587,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, goto out; } - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) goto out; @@ -1117,7 +622,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash, data_to_hash_len, &digest_list); } else { - ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash, + ret = tcg2_create_digest(dev, (u8 *)(uintptr_t)data_to_hash, data_to_hash_len, &digest_list); } @@ -1180,7 +685,7 @@ efi_tcg2_submit_command(struct efi_tcg2_protocol *this, goto out; } - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) goto out; @@ -1209,15 +714,20 @@ static efi_status_t EFIAPI efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, u32 *active_pcr_banks) { + struct udevice *dev; efi_status_t ret; + EFI_ENTRY("%p, %p", this, active_pcr_banks); + if (!this || !active_pcr_banks) { ret = EFI_INVALID_PARAMETER; goto out; } + ret = tcg2_platform_get_tpm2(&dev); + if (ret != EFI_SUCCESS) + goto out; - EFI_ENTRY("%p, %p", this, active_pcr_banks); - ret = __get_active_pcr_banks(active_pcr_banks); + ret = tcg2_get_active_pcr_banks(dev, active_pcr_banks); out: return EFI_EXIT(ret); @@ -1269,397 +779,6 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { }; /** - * parse_event_log_header() - Parse and verify the event log header fields - * - * @buffer: Pointer to the start of the eventlog - * @size: Size of the eventlog - * @pos: Return offset of the next event in buffer right - * after the event header i.e specID - * - * Return: status code - */ -static efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) -{ - struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; - int i = 0; - - if (size < sizeof(*event_header)) - return EFI_COMPROMISED_DATA; - - if (get_unaligned_le32(&event_header->pcr_index) != 0 || - get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) - return EFI_COMPROMISED_DATA; - - for (i = 0; i < sizeof(event_header->digest); i++) { - if (event_header->digest[i]) - return EFI_COMPROMISED_DATA; - } - - *pos += sizeof(*event_header); - - return EFI_SUCCESS; -} - -/** - * parse_specid_event() - Parse and verify the specID Event in the eventlog - * - * @dev: udevice - * @buffer: Pointer to the start of the eventlog - * @log_size: Size of the eventlog - * @pos: [in] Offset of specID event in the eventlog buffer - * [out] Return offset of the next event in the buffer - * after the specID - * @digest_list: list of digests in the event - * - * Return: status code - * @pos Offset in the eventlog where the specID event ends - * @digest_list: list of digests in the event - */ -static efi_status_t parse_specid_event(struct udevice *dev, void *buffer, - u32 log_size, u32 *pos, - struct tpml_digest_values *digest_list) -{ - struct tcg_efi_spec_id_event *spec_event; - struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; - size_t spec_event_size; - u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; - u32 spec_active = 0; - u16 hash_alg; - u8 vendor_sz; - int err, i; - - if (*pos >= log_size || (*pos + sizeof(*spec_event)) > log_size) - return EFI_COMPROMISED_DATA; - - /* Check specID event data */ - spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); - /* Check for signature */ - if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { - log_err("specID Event: Signature mismatch\n"); - return EFI_COMPROMISED_DATA; - } - - if (spec_event->spec_version_minor != - TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || - spec_event->spec_version_major != - TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) - return EFI_COMPROMISED_DATA; - - if (spec_event->number_of_algorithms > MAX_HASH_COUNT || - spec_event->number_of_algorithms < 1) { - log_err("specID Event: Number of algorithms incorrect\n"); - return EFI_COMPROMISED_DATA; - } - - alg_count = spec_event->number_of_algorithms; - - err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); - if (err) - return EFI_DEVICE_ERROR; - - digest_list->count = 0; - /* - * We have to take care that the sequence of algorithms that we record - * in digest_list matches the sequence in eventlog. - */ - for (i = 0; i < alg_count; i++) { - hash_alg = - get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); - - if (!(supported & alg_to_mask(hash_alg))) { - log_err("specID Event: Unsupported algorithm\n"); - return EFI_COMPROMISED_DATA; - } - digest_list->digests[digest_list->count++].hash_alg = hash_alg; - - spec_active |= alg_to_mask(hash_alg); - } - - /* - * TCG specification expects the event log to have hashes for all - * active PCR's - */ - if (spec_active != active) { - /* - * Previous stage bootloader should know all the active PCR's - * and use them in the Eventlog. - */ - log_err("specID Event: All active hash alg not present\n"); - return EFI_COMPROMISED_DATA; - } - - /* - * the size of the spec event and placement of vendor_info_size - * depends on supported algoriths - */ - spec_event_size = - offsetof(struct tcg_efi_spec_id_event, digest_sizes) + - alg_count * sizeof(spec_event->digest_sizes[0]); - - if (*pos + spec_event_size >= log_size) - return EFI_COMPROMISED_DATA; - - vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); - - spec_event_size += sizeof(vendor_sz) + vendor_sz; - *pos += spec_event_size; - - if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { - log_err("specID event: header event size mismatch\n"); - /* Right way to handle this can be to call SetActive PCR's */ - return EFI_COMPROMISED_DATA; - } - - return EFI_SUCCESS; -} - -/** - * tcg2_parse_event() - Parse the event in the eventlog - * - * @dev: udevice - * @buffer: Pointer to the start of the eventlog - * @log_size: Size of the eventlog - * @offset: [in] Offset of the event in the eventlog buffer - * [out] Return offset of the next event in the buffer - * @digest_list: list of digests in the event - * @pcr Index of the PCR in the event - * - * Return: status code - */ -static efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, - u32 log_size, u32 *offset, - struct tpml_digest_values *digest_list, - u32 *pcr) -{ - struct tcg_pcr_event2 *event = NULL; - u32 count, size, event_size; - size_t pos; - - event_size = tcg_event_final_size(digest_list); - if (*offset >= log_size || *offset + event_size > log_size) { - log_err("Event exceeds log size\n"); - return EFI_COMPROMISED_DATA; - } - - event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); - *pcr = get_unaligned_le32(&event->pcr_index); - - /* get the count */ - count = get_unaligned_le32(&event->digests.count); - if (count != digest_list->count) - return EFI_COMPROMISED_DATA; - - pos = offsetof(struct tcg_pcr_event2, digests); - pos += offsetof(struct tpml_digest_values, digests); - - for (int i = 0; i < digest_list->count; i++) { - u16 alg; - u16 hash_alg = digest_list->digests[i].hash_alg; - u8 *digest = (u8 *)&digest_list->digests[i].digest; - - alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); - - if (alg != hash_alg) - return EFI_COMPROMISED_DATA; - - pos += offsetof(struct tpmt_ha, digest); - memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); - pos += alg_to_len(hash_alg); - } - - size = get_unaligned_le32((void *)((uintptr_t)event + pos)); - event_size += size; - pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ - pos += size; - - /* make sure the calculated buffer is what we checked against */ - if (pos != event_size) - return EFI_COMPROMISED_DATA; - - if (pos > log_size) - return EFI_COMPROMISED_DATA; - - *offset += pos; - - return EFI_SUCCESS; -} - -/** - * tcg2_get_fw_eventlog() - Get the eventlog address and size - * - * If the previous firmware has passed some eventlog, this function get it's - * location and check for it's validity. - * - * @dev: udevice - * @log_buffer: eventlog address - * @log_sz: eventlog size - * - * Return: status code - */ -static efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, - size_t *log_sz) -{ - struct tpml_digest_values digest_list; - void *buffer; - efi_status_t ret; - u32 pcr, pos; - u64 base; - u32 sz; - bool extend_pcr = false; - int i; - - ret = platform_get_eventlog(dev, &base, &sz); - if (ret != EFI_SUCCESS) - return ret; - - if (sz > TPM2_EVENT_LOG_SIZE) - return EFI_VOLUME_FULL; - - buffer = (void *)(uintptr_t)base; - pos = 0; - /* Parse the eventlog to check for its validity */ - ret = parse_event_log_header(buffer, sz, &pos); - if (ret) - return ret; - - ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); - if (ret) { - log_err("Error parsing SPEC ID Event\n"); - return ret; - } - - ret = tcg2_pcr_read(dev, 0, &digest_list); - if (ret) { - log_err("Error reading PCR 0\n"); - return ret; - } - - /* - * If PCR0 is 0, previous firmware didn't have the capability - * to extend the PCR. In this scenario, extend the PCR as - * the eventlog is parsed. - */ - for (i = 0; i < digest_list.count; i++) { - u8 hash_buf[TPM2_SHA512_DIGEST_SIZE] = { 0 }; - u16 hash_alg = digest_list.digests[i].hash_alg; - - if (!memcmp((u8 *)&digest_list.digests[i].digest, hash_buf, - alg_to_len(hash_alg))) - extend_pcr = true; - } - - while (pos < sz) { - ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list, - &pcr); - if (ret) { - log_err("Error parsing event\n"); - return ret; - } - if (extend_pcr) { - ret = tcg2_pcr_extend(dev, pcr, &digest_list); - if (ret != EFI_SUCCESS) { - log_err("Error in extending PCR\n"); - return ret; - } - - /* Clear the digest for next event */ - for (i = 0; i < digest_list.count; i++) { - u16 hash_alg = digest_list.digests[i].hash_alg; - u8 *digest = - (u8 *)&digest_list.digests[i].digest; - - memset(digest, 0, alg_to_len(hash_alg)); - } - } - } - - memcpy(log_buffer, buffer, sz); - *log_sz = sz; - - return ret; -} - -/** - * create_specid_event() - Create the first event in the eventlog - * - * @dev: tpm device - * @event_header: Pointer to the final event header - * @event_size: final spec event size - * - * Return: status code - */ -static efi_status_t create_specid_event(struct udevice *dev, void *buffer, - size_t *event_size) -{ - struct tcg_efi_spec_id_event *spec_event; - size_t spec_event_size; - efi_status_t ret = EFI_DEVICE_ERROR; - u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; - int err; - size_t i; - - /* - * Create Spec event. This needs to be the first event in the log - * according to the TCG EFI protocol spec - */ - - /* Setup specID event data */ - spec_event = (struct tcg_efi_spec_id_event *)buffer; - memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, - sizeof(spec_event->signature)); - put_unaligned_le32(0, &spec_event->platform_class); /* type client */ - spec_event->spec_version_minor = - TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; - spec_event->spec_version_major = - TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; - spec_event->spec_errata = - TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; - spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32); - - err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); - - if (err) - goto out; - - for (i = 0; i < pcr_count; i++) { - u16 hash_alg = hash_algo_list[i].hash_alg; - u16 hash_len = hash_algo_list[i].hash_len; - - if (active & alg_to_mask(hash_alg)) { - put_unaligned_le16(hash_alg, - &spec_event->digest_sizes[alg_count].algorithm_id); - put_unaligned_le16(hash_len, - &spec_event->digest_sizes[alg_count].digest_size); - alg_count++; - } - } - - spec_event->number_of_algorithms = alg_count; - if (spec_event->number_of_algorithms > MAX_HASH_COUNT || - spec_event->number_of_algorithms < 1) - goto out; - - /* - * the size of the spec event and placement of vendor_info_size - * depends on supported algoriths - */ - spec_event_size = - offsetof(struct tcg_efi_spec_id_event, digest_sizes) + - spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]); - /* no vendor info for us */ - memset(buffer + spec_event_size, 0, 1); - /* add a byte for vendor_info_size in the spec event */ - spec_event_size += 1; - *event_size = spec_event_size; - - return EFI_SUCCESS; - -out: - return ret; -} - -/** * tcg2_uninit - remove the final event table and free efi memory on failures */ void tcg2_uninit(void) @@ -1720,7 +839,7 @@ out: } /** - * tcg2_measure_event() - common function to add event log and extend PCR + * measure_event() - common function to add event log and extend PCR * * @dev: TPM device * @pcr_index: PCR index @@ -1730,14 +849,13 @@ out: * * Return: status code */ -static efi_status_t -tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type, - u32 size, u8 event[]) +static efi_status_t measure_event(struct udevice *dev, u32 pcr_index, + u32 event_type, u32 size, u8 event[]) { struct tpml_digest_values digest_list; efi_status_t ret; - ret = tcg2_create_digest(event, size, &digest_list); + ret = tcg2_create_digest(dev, event, size, &digest_list); if (ret != EFI_SUCCESS) goto out; @@ -1764,9 +882,8 @@ static efi_status_t efi_append_scrtm_version(struct udevice *dev) { efi_status_t ret; - ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION, - strlen(version_string) + 1, - (u8 *)version_string); + ret = measure_event(dev, 0, EV_S_CRTM_VERSION, + strlen(version_string) + 1, (u8 *)version_string); return ret; } @@ -1782,12 +899,11 @@ static efi_status_t efi_init_event_log(void) * vendor_info_size is currently set to 0, we need to change the length * and allocate the flexible array member if this changes */ - struct tcg_pcr_event *event_header = NULL; + struct tcg2_event_log elog; struct udevice *dev; - size_t spec_event_size; efi_status_t ret; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return ret; @@ -1806,7 +922,6 @@ static efi_status_t efi_init_event_log(void) * The log header is defined to be in SHA1 event log entry format. * Setup event header */ - event_header = (struct tcg_pcr_event *)event_log.buffer; event_log.pos = 0; event_log.last_event_size = 0; event_log.get_event_called = false; @@ -1817,35 +932,24 @@ static efi_status_t efi_init_event_log(void) * Check if earlier firmware have passed any eventlog. Different * platforms can use different ways to do so. */ - ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); + elog.log = event_log.buffer; + elog.log_size = TPM2_EVENT_LOG_SIZE; + ret = tcg2_log_prepare_buffer(dev, &elog, false); + if (ret != EFI_SUCCESS) + goto free_pool; + + event_log.pos = elog.log_position; + /* - * If earlier firmware hasn't passed any eventlog, go ahead and - * create the eventlog header. + * Add SCRTM version to the log if previous firmmware + * doesn't pass an eventlog. */ - if (ret == EFI_NOT_FOUND) { - put_unaligned_le32(0, &event_header->pcr_index); - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); - memset(&event_header->digest, 0, sizeof(event_header->digest)); - ret = create_specid_event(dev, - (void *)((uintptr_t)event_log.buffer + - sizeof(*event_header)), - &spec_event_size); + if (!elog.found) { + ret = efi_append_scrtm_version(dev); if (ret != EFI_SUCCESS) goto free_pool; - put_unaligned_le32(spec_event_size, &event_header->event_size); - event_log.pos = spec_event_size + sizeof(*event_header); - event_log.last_event_size = event_log.pos; - - /* - * Add SCRTM version to the log if previous firmmware - * doesn't pass an eventlog. - */ - ret = efi_append_scrtm_version(dev); } - if (ret != EFI_SUCCESS) - goto free_pool; - ret = create_final_event(); if (ret != EFI_SUCCESS) goto free_pool; @@ -1897,8 +1001,8 @@ static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index, memcpy((u16 *)event->unicode_name + event->unicode_name_length, data, data_size); } - ret = tcg2_measure_event(dev, pcr_index, event_type, event_size, - (u8 *)event); + ret = measure_event(dev, pcr_index, event_type, event_size, + (u8 *)event); free(event); return ret; } @@ -2009,8 +1113,8 @@ tcg2_measure_smbios(struct udevice *dev, smbios_prepare_measurement(entry, smbios_copy); - ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size, - (u8 *)event); + ret = measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size, + (u8 *)event); if (ret != EFI_SUCCESS) goto out; @@ -2161,7 +1265,7 @@ tcg2_measure_gpt_data(struct udevice *dev, gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry); } - ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event); + ret = measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event); out2: free(gpt_h); @@ -2215,7 +1319,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return EFI_SECURITY_VIOLATION; @@ -2240,7 +1344,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size); sha256_finish(&hash_ctx, blob->data + blob->blob_description_size); - ret = tcg2_measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob); + ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob); free(blob); return ret; @@ -2265,7 +1369,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha if (tcg2_efi_app_invoked) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return EFI_SECURITY_VIOLATION; @@ -2273,9 +1377,9 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha if (ret != EFI_SUCCESS) goto out; - ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION, - strlen(EFI_CALLING_EFI_APPLICATION), - (u8 *)EFI_CALLING_EFI_APPLICATION); + ret = measure_event(dev, 4, EV_EFI_ACTION, + strlen(EFI_CALLING_EFI_APPLICATION), + (u8 *)EFI_CALLING_EFI_APPLICATION); if (ret != EFI_SUCCESS) goto out; @@ -2291,8 +1395,8 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha goto out; for (pcr_index = 0; pcr_index <= 7; pcr_index++) { - ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR, - sizeof(event), (u8 *)&event); + ret = measure_event(dev, pcr_index, EV_SEPARATOR, + sizeof(event), (u8 *)&event); if (ret != EFI_SUCCESS) goto out; } @@ -2315,13 +1419,13 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return ret; - ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION, - strlen(EFI_RETURNING_FROM_EFI_APPLICATION), - (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION); + ret = measure_event(dev, 4, EV_EFI_ACTION, + strlen(EFI_RETURNING_FROM_EFI_APPLICATION), + (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION); return ret; } @@ -2346,19 +1450,19 @@ efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context) goto out; } - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) goto out; - ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION, - strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), - (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION); + ret = measure_event(dev, 5, EV_EFI_ACTION, + strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), + (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION); if (ret != EFI_SUCCESS) goto out; - ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION, - strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED), - (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED); + ret = measure_event(dev, 5, EV_EFI_ACTION, + strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED), + (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED); out: EFI_EXIT(ret); @@ -2378,19 +1482,19 @@ efi_status_t efi_tcg2_notify_exit_boot_services_failed(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) goto out; - ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION, - strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), - (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION); + ret = measure_event(dev, 5, EV_EFI_ACTION, + strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION), + (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION); if (ret != EFI_SUCCESS) goto out; - ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION, - strlen(EFI_EXIT_BOOT_SERVICES_FAILED), - (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED); + ret = measure_event(dev, 5, EV_EFI_ACTION, + strlen(EFI_EXIT_BOOT_SERVICES_FAILED), + (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED); out: return ret; @@ -2460,7 +1564,7 @@ efi_status_t efi_tcg2_do_initial_measurement(void) if (!is_tcg2_protocol_installed()) return EFI_SUCCESS; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) return EFI_SECURITY_VIOLATION; @@ -2486,7 +1590,7 @@ efi_status_t efi_tcg2_register(void) struct efi_event *event; u32 err; - ret = platform_get_tpm2_device(&dev); + ret = tcg2_platform_get_tpm2(&dev); if (ret != EFI_SUCCESS) { log_warning("Missing TPMv2 device for EFI_TCG_PROTOCOL\n"); return EFI_SUCCESS; diff --git a/lib/efi_loader/efi_var_file.c b/lib/efi_loader/efi_var_file.c index 62e071bd834..d7dba050710 100644 --- a/lib/efi_loader/efi_var_file.c +++ b/lib/efi_loader/efi_var_file.c @@ -204,8 +204,11 @@ efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe) * File ubootefi.var is read from the EFI system partitions and the variables * stored in the file are created. * - * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS - * is returned. + * On first boot the file ubootefi.var does not exist yet. This is why we must + * return EFI_SUCCESS in this case. + * + * If the variable file is corrupted, e.g. incorrect CRC32, we do not want to + * stop the boot process. We deliberately return EFI_SUCCESS in this case, too. * * Return: status code */ diff --git a/lib/efi_selftest/efi_selftest_bitblt.c b/lib/efi_selftest/efi_selftest_bitblt.c index 1def8435054..605078b722d 100644 --- a/lib/efi_selftest/efi_selftest_bitblt.c +++ b/lib/efi_selftest/efi_selftest_bitblt.c @@ -14,6 +14,12 @@ #define HEIGHT 120 #define DEPTH 60 +struct pos { + efi_uintn_t x; + efi_uintn_t y; + int redrawn; +}; + static const struct efi_gop_pixel BLACK = { 0, 0, 0, 0}; static const struct efi_gop_pixel RED = { 0, 0, 255, 0}; static const struct efi_gop_pixel ORANGE = { 0, 128, 255, 0}; @@ -27,7 +33,7 @@ static efi_guid_t efi_gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID; static struct efi_gop *gop; static struct efi_gop_pixel *bitmap; static struct efi_event *event; -static efi_uintn_t xpos; +static struct pos pos; static void ellipse(efi_uintn_t x, efi_uintn_t y, efi_uintn_t x0, efi_uintn_t y0, @@ -62,31 +68,33 @@ static void rectangle(efi_uintn_t x, efi_uintn_t y, */ static void EFIAPI notify(struct efi_event *event, void *context) { - efi_uintn_t *pos = context; + struct pos *pos = context; efi_uintn_t dx, sx, width; if (!pos) return; /* Increment position */ - *pos += 5; - if (*pos >= WIDTH + gop->mode->info->width) - *pos = 0; + pos->x += 5; + if (pos->x >= WIDTH + gop->mode->info->width) + pos->x = 0; width = WIDTH; - dx = *pos - WIDTH; + dx = pos->x - WIDTH; sx = 0; - if (*pos >= gop->mode->info->width) { - width = WIDTH + gop->mode->info->width - *pos; - } else if (*pos < WIDTH) { + if (pos->x >= gop->mode->info->width) { + width = WIDTH + gop->mode->info->width - pos->x; + } else if (pos->x < WIDTH) { dx = 0; - sx = WIDTH - *pos; - width = *pos; + sx = WIDTH - pos->x; + width = pos->x; } /* Copy image to video */ - gop->blt(gop, bitmap, EFI_BLT_BUFFER_TO_VIDEO, sx, 0, dx, DEPTH, + gop->blt(gop, bitmap, EFI_BLT_BUFFER_TO_VIDEO, sx, 0, dx, pos->y, width, HEIGHT, WIDTH * sizeof(struct efi_gop_pixel)); + + pos->redrawn = 1; } /* @@ -107,7 +115,7 @@ static int setup(const efi_handle_t handle, /* Create event */ ret = boottime->create_event(EVT_TIMER | EVT_NOTIFY_SIGNAL, - TPL_CALLBACK, notify, (void *)&xpos, + TPL_CALLBACK, notify, (void *)&pos, &event); if (ret != EFI_SUCCESS) { efi_st_error("could not create event\n"); @@ -247,6 +255,9 @@ static int execute(void) return EFI_ST_FAILURE; } + con_out->set_attribute(con_out, EFI_WHITE | EFI_BACKGROUND_BLUE); + con_out->clear_screen(con_out); + /* Fill background */ ret = gop->blt(gop, bitmap, EFI_BLT_VIDEO_FILL, 0, 0, 0, 0, info->width, info->height, 0); @@ -281,21 +292,53 @@ static int execute(void) return EFI_ST_FAILURE; } - /* Set 250ms timer */ - xpos = WIDTH; + /* Set 25ms timer */ + pos.x = WIDTH; + pos.y = DEPTH; ret = boottime->set_timer(event, EFI_TIMER_PERIODIC, 250000); if (ret != EFI_SUCCESS) { efi_st_error("Could not set timer\n"); return EFI_ST_FAILURE; } - con_out->set_cursor_position(con_out, 0, 0); - con_out->set_attribute(con_out, EFI_WHITE | EFI_BACKGROUND_BLUE); efi_st_printf("The submarine should have three yellow port holes.\n"); - efi_st_printf("Press any key to continue"); - efi_st_get_key(); + efi_st_printf("UP, DOWN to navigate, any other key to quit"); + for (;;) { + struct efi_input_key input_key; + + ret = boottime->check_event(con_in->wait_for_key); + if (ret == EFI_NOT_READY) + continue; + if (ret != EFI_SUCCESS) { + efi_st_error("CheckEvent failed %x\n", + (unsigned int)ret); + return EFI_ST_FAILURE; + } + ret = con_in->read_key_stroke(con_in, &input_key); + if (ret != EFI_SUCCESS) { + efi_st_error("Key not available %x\n", + (unsigned int)ret); + return EFI_ST_FAILURE; + } + switch (input_key.scan_code) { + case 0x01: /* UP */ + if (pos.redrawn && pos.y >= 5) { + pos.y -= 5; + pos.redrawn = 0; + } + continue; + case 0x02: /* DOWN */ + if (pos.redrawn && + pos.y + HEIGHT + 5 < gop->mode->info->height) { + pos.y += 5; + pos.redrawn = 0; + } + continue; + } + break; + } con_out->set_attribute(con_out, EFI_LIGHTGRAY); - efi_st_printf("\n"); + con_out->clear_screen(con_out); return EFI_ST_SUCCESS; } diff --git a/lib/image-sparse.c b/lib/image-sparse.c index 8f8a67e1580..323aad981c6 100644 --- a/lib/image-sparse.c +++ b/lib/image-sparse.c @@ -289,8 +289,8 @@ int write_sparse_image(struct sparse_storage *info, case CHUNK_TYPE_CRC32: if (chunk_header->total_sz != - sparse_header->chunk_hdr_sz) { - info->mssg("Bogus chunk size for chunk type Dont Care", + sparse_header->chunk_hdr_sz + sizeof(uint32_t)) { + info->mssg("Bogus chunk size for chunk type CRC32", response); return -1; } diff --git a/lib/lmb.c b/lib/lmb.c index b2c233edb64..da924c6789a 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -74,6 +74,16 @@ static long lmb_addrs_adjacent(phys_addr_t base1, phys_size_t size1, return 0; } +static long lmb_regions_overlap(struct lmb_region *rgn, unsigned long r1, + unsigned long r2) +{ + phys_addr_t base1 = rgn->region[r1].base; + phys_size_t size1 = rgn->region[r1].size; + phys_addr_t base2 = rgn->region[r2].base; + phys_size_t size2 = rgn->region[r2].size; + + return lmb_addrs_overlap(base1, size1, base2, size2); +} static long lmb_regions_adjacent(struct lmb_region *rgn, unsigned long r1, unsigned long r2) { @@ -81,7 +91,6 @@ static long lmb_regions_adjacent(struct lmb_region *rgn, unsigned long r1, phys_size_t size1 = rgn->region[r1].size; phys_addr_t base2 = rgn->region[r2].base; phys_size_t size2 = rgn->region[r2].size; - return lmb_addrs_adjacent(base1, size1, base2, size2); } @@ -105,6 +114,23 @@ static void lmb_coalesce_regions(struct lmb_region *rgn, unsigned long r1, lmb_remove_region(rgn, r2); } +/*Assumption : base addr of region 1 < base addr of region 2*/ +static void lmb_fix_over_lap_regions(struct lmb_region *rgn, unsigned long r1, + unsigned long r2) +{ + phys_addr_t base1 = rgn->region[r1].base; + phys_size_t size1 = rgn->region[r1].size; + phys_addr_t base2 = rgn->region[r2].base; + phys_size_t size2 = rgn->region[r2].size; + + if (base1 + size1 > base2 + size2) { + printf("This will not be a case any time\n"); + return; + } + rgn->region[r1].size = base2 + size2 - base1; + lmb_remove_region(rgn, r2); +} + void lmb_init(struct lmb *lmb) { #if IS_ENABLED(CONFIG_LMB_USE_MAX_REGIONS) @@ -249,7 +275,6 @@ static long lmb_add_region_flags(struct lmb_region *rgn, phys_addr_t base, phys_size_t rgnflags = rgn->region[i].flags; phys_addr_t end = base + size - 1; phys_addr_t rgnend = rgnbase + rgnsize - 1; - if (rgnbase <= base && end <= rgnend) { if (flags == rgnflags) /* Already have this region, so we're done */ @@ -278,10 +303,14 @@ static long lmb_add_region_flags(struct lmb_region *rgn, phys_addr_t base, } } - if ((i < rgn->cnt - 1) && lmb_regions_adjacent(rgn, i, i + 1)) { - if (rgn->region[i].flags == rgn->region[i + 1].flags) { + if (i < rgn->cnt - 1 && rgn->region[i].flags == rgn->region[i + 1].flags) { + if (lmb_regions_adjacent(rgn, i, i + 1)) { lmb_coalesce_regions(rgn, i, i + 1); coalesced++; + } else if (lmb_regions_overlap(rgn, i, i + 1)) { + /* fix overlapping area */ + lmb_fix_over_lap_regions(rgn, i, i + 1); + coalesced++; } } diff --git a/lib/of_live.c b/lib/of_live.c index 25f7af61061..812c488f606 100644 --- a/lib/of_live.c +++ b/lib/of_live.c @@ -8,13 +8,21 @@ * Copyright (c) 2017 Google, Inc */ +#define LOG_CATEGORY LOGC_DT + #include <common.h> +#include <abuf.h> #include <log.h> #include <linux/libfdt.h> #include <of_live.h> #include <malloc.h> #include <dm/of_access.h> #include <linux/err.h> +#include <linux/sizes.h> + +enum { + BUF_STEP = SZ_64K, +}; static void *unflatten_dt_alloc(void **mem, unsigned long size, unsigned long align) @@ -336,3 +344,136 @@ void of_live_free(struct device_node *root) /* the tree is stored as a contiguous block of memory */ free(root); } + +int of_live_create_empty(struct device_node **rootp) +{ + struct device_node *root; + + root = calloc(1, sizeof(struct device_node)); + if (!root) + return -ENOMEM; + root->name = strdup(""); + if (!root->name) { + free(root); + return -ENOMEM; + } + root->type = "<NULL>"; + root->full_name = ""; + *rootp = root; + + return 0; +} + +static int check_space(int ret, struct abuf *buf) +{ + if (ret == -FDT_ERR_NOSPACE) { + if (!abuf_realloc_inc(buf, BUF_STEP)) + return log_msg_ret("spc", -ENOMEM); + ret = fdt_resize(abuf_data(buf), abuf_data(buf), + abuf_size(buf)); + if (ret) + return log_msg_ret("res", -EFAULT); + + return -EAGAIN; + } + + return 0; +} + +/** + * flatten_node() - Write out the node and its properties into a flat tree + */ +static int flatten_node(struct abuf *buf, const struct device_node *node) +{ + const struct device_node *np; + const struct property *pp; + int ret; + + ret = fdt_begin_node(abuf_data(buf), node->name); + ret = check_space(ret, buf); + if (ret == -EAGAIN) { + ret = fdt_begin_node(abuf_data(buf), node->name); + if (ret) { + log_debug("Internal error a %d\n", ret); + return -EFAULT; + } + } + if (ret) + return log_msg_ret("beg", ret); + + /* First write out the properties */ + for (pp = node->properties; !ret && pp; pp = pp->next) { + ret = fdt_property(abuf_data(buf), pp->name, pp->value, + pp->length); + ret = check_space(ret, buf); + if (ret == -EAGAIN) { + ret = fdt_property(abuf_data(buf), pp->name, pp->value, + pp->length); + } + } + + /* Next write out the subnodes */ + for (np = node->child; np; np = np->sibling) { + ret = flatten_node(buf, np); + if (ret) + return log_msg_ret("sub", ret); + } + + ret = fdt_end_node(abuf_data(buf)); + ret = check_space(ret, buf); + if (ret == -EAGAIN) { + ret = fdt_end_node(abuf_data(buf)); + if (ret) { + log_debug("Internal error b %d\n", ret); + return -EFAULT; + } + } + if (ret) + return log_msg_ret("end", ret); + + return 0; +} + +int of_live_flatten(const struct device_node *root, struct abuf *buf) +{ + int ret; + + abuf_init(buf); + if (!abuf_realloc(buf, BUF_STEP)) + return log_msg_ret("ini", -ENOMEM); + + ret = fdt_create(abuf_data(buf), abuf_size(buf)); + if (!ret) + ret = fdt_finish_reservemap(abuf_data(buf)); + if (ret) { + log_debug("Failed to start FDT (err=%d)\n", ret); + return log_msg_ret("sta", -EINVAL); + } + + ret = flatten_node(buf, root); + if (ret) + return log_msg_ret("flt", ret); + + ret = fdt_finish(abuf_data(buf)); + ret = check_space(ret, buf); + if (ret == -EAGAIN) { + ret = fdt_finish(abuf_data(buf)); + if (ret) { + log_debug("Internal error c %d\n", ret); + return -EFAULT; + } + } + if (ret) + return log_msg_ret("fin", ret); + + ret = fdt_pack(abuf_data(buf)); + if (ret) { + log_debug("Failed to pack (err=%d)\n", ret); + return log_msg_ret("pac", -EFAULT); + } + + if (!abuf_realloc(buf, fdt_totalsize(abuf_data(buf)))) + return log_msg_ret("abu", -EFAULT); + + return 0; +} diff --git a/lib/slre.c b/lib/slre.c index e82a9e7635b..e1a50443e04 100644 --- a/lib/slre.c +++ b/lib/slre.c @@ -686,6 +686,7 @@ int main(int argc, char *argv[]) } if (!slre_compile(&slre, argv[1])) { + (void) fclose(fp); fprintf(stderr, "Error compiling slre: %s\n", slre.err_str); return 1; } diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 9ab5b46df17..bd0fb078dc3 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -1,16 +1,705 @@ // SPDX-License-Identifier: GPL-2.0+ /* + * Copyright (c) 2023 Linaro Limited * Copyright (c) 2018 Bootlin * Author: Miquel Raynal <miquel.raynal@bootlin.com> */ #include <common.h> #include <dm.h> +#include <dm/of_access.h> +#include <tpm_api.h> #include <tpm-common.h> #include <tpm-v2.h> +#include <u-boot/sha1.h> +#include <u-boot/sha256.h> +#include <u-boot/sha512.h> +#include <version_string.h> +#include <asm/io.h> #include <linux/bitops.h> +#include <linux/unaligned/be_byteshift.h> +#include <linux/unaligned/generic.h> +#include <linux/unaligned/le_byteshift.h> + #include "tpm-utils.h" +const enum tpm2_algorithms tpm2_supported_algorithms[4] = { + TPM2_ALG_SHA1, + TPM2_ALG_SHA256, + TPM2_ALG_SHA384, + TPM2_ALG_SHA512, +}; + +int tcg2_get_active_pcr_banks(struct udevice *dev, u32 *active_pcr_banks) +{ + u32 supported = 0; + u32 pcr_banks = 0; + u32 active = 0; + int rc; + + rc = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks); + if (rc) + return rc; + + *active_pcr_banks = active; + + return 0; +} + +u32 tcg2_event_get_size(struct tpml_digest_values *digest_list) +{ + u32 len; + size_t i; + + len = offsetof(struct tcg_pcr_event2, digests); + len += offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 l = tpm2_algorithm_to_len(digest_list->digests[i].hash_alg); + + if (!l) + continue; + + len += l + offsetof(struct tpmt_ha, digest); + } + len += sizeof(u32); + + return len; +} + +int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length, + struct tpml_digest_values *digest_list) +{ + u8 final[sizeof(union tpmu_ha)]; + sha256_context ctx_256; + sha512_context ctx_512; + sha1_context ctx; + u32 active; + size_t i; + u32 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list->count = 0; + for (i = 0; i < ARRAY_SIZE(tpm2_supported_algorithms); ++i) { + u32 mask = + tpm2_algorithm_to_mask(tpm2_supported_algorithms[i]); + + if (!(active & mask)) + continue; + + switch (tpm2_supported_algorithms[i]) { + case TPM2_ALG_SHA1: + sha1_starts(&ctx); + sha1_update(&ctx, input, length); + sha1_finish(&ctx, final); + len = TPM2_SHA1_DIGEST_SIZE; + break; + case TPM2_ALG_SHA256: + sha256_starts(&ctx_256); + sha256_update(&ctx_256, input, length); + sha256_finish(&ctx_256, final); + len = TPM2_SHA256_DIGEST_SIZE; + break; + case TPM2_ALG_SHA384: + sha384_starts(&ctx_512); + sha384_update(&ctx_512, input, length); + sha384_finish(&ctx_512, final); + len = TPM2_SHA384_DIGEST_SIZE; + break; + case TPM2_ALG_SHA512: + sha512_starts(&ctx_512); + sha512_update(&ctx_512, input, length); + sha512_finish(&ctx_512, final); + len = TPM2_SHA512_DIGEST_SIZE; + break; + default: + printf("%s: unsupported algorithm %x\n", __func__, + tpm2_supported_algorithms[i]); + continue; + } + + digest_list->digests[digest_list->count].hash_alg = + tpm2_supported_algorithms[i]; + memcpy(&digest_list->digests[digest_list->count].digest, final, + len); + digest_list->count++; + } + + return 0; +} + +void tcg2_log_append(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, u32 size, + const u8 *event, u8 *log) +{ + size_t len; + size_t pos; + u32 i; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + put_unaligned_le32(pcr_index, log); + pos = offsetof(struct tcg_pcr_event2, event_type); + put_unaligned_le32(event_type, log + pos); + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + put_unaligned_le32(digest_list->count, log + pos); + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < digest_list->count; ++i) { + u16 hash_alg = digest_list->digests[i].hash_alg; + + len = tpm2_algorithm_to_len(hash_alg); + if (!len) + continue; + + pos += offsetof(struct tpmt_ha, hash_alg); + put_unaligned_le16(hash_alg, log + pos); + pos += offsetof(struct tpmt_ha, digest); + memcpy(log + pos, (u8 *)&digest_list->digests[i].digest, len); + pos += len; + } + + put_unaligned_le32(size, log + pos); + pos += sizeof(u32); + memcpy(log + pos, event, size); +} + +static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index, + u32 event_type, + struct tpml_digest_values *digest_list, + u32 size, const u8 *event) +{ + u32 event_size; + u8 *log; + + event_size = size + tcg2_event_get_size(digest_list); + if (elog->log_position + event_size > elog->log_size) { + printf("%s: log too large: %u + %u > %u\n", __func__, + elog->log_position, event_size, elog->log_size); + return -ENOBUFS; + } + + log = elog->log + elog->log_position; + elog->log_position += event_size; + + tcg2_log_append(pcr_index, event_type, digest_list, size, event, log); + + return 0; +} + +static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tcg_efi_spec_id_event *ev; + struct tcg_pcr_event *log; + u32 event_size; + u32 count = 0; + u32 log_size; + u32 active; + u32 mask; + size_t i; + u16 len; + int rc; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + event_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes); + for (i = 0; i < ARRAY_SIZE(tpm2_supported_algorithms); ++i) { + mask = tpm2_algorithm_to_mask(tpm2_supported_algorithms[i]); + + if (!(active & mask)) + continue; + + switch (tpm2_supported_algorithms[i]) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + count++; + break; + default: + continue; + } + } + + event_size += 1 + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count); + log_size = offsetof(struct tcg_pcr_event, event) + event_size; + + if (log_size > elog->log_size) { + printf("%s: log too large: %u > %u\n", __func__, log_size, + elog->log_size); + return -ENOBUFS; + } + + log = (struct tcg_pcr_event *)elog->log; + put_unaligned_le32(0, &log->pcr_index); + put_unaligned_le32(EV_NO_ACTION, &log->event_type); + memset(&log->digest, 0, sizeof(log->digest)); + put_unaligned_le32(event_size, &log->event_size); + + ev = (struct tcg_efi_spec_id_event *)log->event; + strlcpy((char *)ev->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(ev->signature)); + put_unaligned_le32(0, &ev->platform_class); + ev->spec_version_minor = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2; + ev->spec_version_major = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2; + ev->spec_errata = TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2; + ev->uintn_size = sizeof(size_t) / sizeof(u32); + put_unaligned_le32(count, &ev->number_of_algorithms); + + count = 0; + for (i = 0; i < ARRAY_SIZE(tpm2_supported_algorithms); ++i) { + mask = tpm2_algorithm_to_mask(tpm2_supported_algorithms[i]); + + if (!(active & mask)) + continue; + + len = tpm2_algorithm_to_len(tpm2_supported_algorithms[i]); + if (!len) + continue; + + put_unaligned_le16(tpm2_supported_algorithms[i], + &ev->digest_sizes[count].algorithm_id); + put_unaligned_le16(len, &ev->digest_sizes[count].digest_size); + count++; + } + + *((u8 *)ev + (event_size - 1)) = 0; + elog->log_position = log_size; + + return 0; +} + +static int tcg2_replay_eventlog(struct tcg2_event_log *elog, + struct udevice *dev, + struct tpml_digest_values *digest_list, + u32 log_position) +{ + const u32 offset = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + u32 event_size; + u32 count; + u16 algo; + u32 pcr; + u32 pos; + u16 len; + u8 *log; + int rc; + u32 i; + + while (log_position + offset < elog->log_size) { + log = elog->log + log_position; + + pos = offsetof(struct tcg_pcr_event2, pcr_index); + pcr = get_unaligned_le32(log + pos); + pos = offsetof(struct tcg_pcr_event2, event_type); + if (!get_unaligned_le32(log + pos)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, count); + count = get_unaligned_le32(log + pos); + if (count > ARRAY_SIZE(tpm2_supported_algorithms) || + (digest_list->count && digest_list->count != count)) + return 0; + + pos = offsetof(struct tcg_pcr_event2, digests) + + offsetof(struct tpml_digest_values, digests); + for (i = 0; i < count; ++i) { + pos += offsetof(struct tpmt_ha, hash_alg); + if (log_position + pos + sizeof(u16) >= elog->log_size) + return 0; + + algo = get_unaligned_le16(log + pos); + pos += offsetof(struct tpmt_ha, digest); + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = tpm2_algorithm_to_len(algo); + break; + default: + return 0; + } + + if (digest_list->count) { + if (algo != digest_list->digests[i].hash_alg || + log_position + pos + len >= elog->log_size) + return 0; + + memcpy(digest_list->digests[i].digest.sha512, + log + pos, len); + } + + pos += len; + } + + if (log_position + pos + sizeof(u32) >= elog->log_size) + return 0; + + event_size = get_unaligned_le32(log + pos); + pos += event_size + sizeof(u32); + if (log_position + pos > elog->log_size) + return 0; + + if (digest_list->count) { + rc = tcg2_pcr_extend(dev, pcr, digest_list); + if (rc) + return rc; + } + + log_position += pos; + } + + elog->log_position = log_position; + elog->found = true; + return 0; +} + +static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) +{ + struct tpml_digest_values digest_list; + struct tcg_efi_spec_id_event *event; + struct tcg_pcr_event *log; + u32 log_active; + u32 calc_size; + u32 active; + u32 count; + u32 evsz; + u32 mask; + u16 algo; + u16 len; + int rc; + u32 i; + u16 j; + + if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) + return 0; + + log = (struct tcg_pcr_event *)elog->log; + if (get_unaligned_le32(&log->pcr_index) != 0 || + get_unaligned_le32(&log->event_type) != EV_NO_ACTION) + return 0; + + for (i = 0; i < sizeof(log->digest); i++) { + if (log->digest[i]) + return 0; + } + + evsz = get_unaligned_le32(&log->event_size); + if (evsz < offsetof(struct tcg_efi_spec_id_event, digest_sizes) || + evsz + offsetof(struct tcg_pcr_event, event) > elog->log_size) + return 0; + + event = (struct tcg_efi_spec_id_event *)log->event; + if (memcmp(event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) + return 0; + + if (event->spec_version_minor != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || + event->spec_version_major != TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) + return 0; + + count = get_unaligned_le32(&event->number_of_algorithms); + if (count > ARRAY_SIZE(tpm2_supported_algorithms)) + return 0; + + calc_size = offsetof(struct tcg_efi_spec_id_event, digest_sizes) + + (sizeof(struct tcg_efi_spec_id_event_algorithm_size) * count) + + 1; + if (evsz != calc_size) + return 0; + + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + + digest_list.count = 0; + log_active = 0; + + for (i = 0; i < count; ++i) { + algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); + mask = tpm2_algorithm_to_mask(algo); + + if (!(active & mask)) + return 0; + + switch (algo) { + case TPM2_ALG_SHA1: + case TPM2_ALG_SHA256: + case TPM2_ALG_SHA384: + case TPM2_ALG_SHA512: + len = get_unaligned_le16(&event->digest_sizes[i].digest_size); + if (tpm2_algorithm_to_len(algo) != len) + return 0; + digest_list.digests[digest_list.count++].hash_alg = algo; + break; + default: + return 0; + } + + log_active |= mask; + } + + /* Ensure the previous firmware extended all the PCRs. */ + if (log_active != active) + return 0; + + /* Read PCR0 to check if previous firmware extended the PCRs or not. */ + rc = tcg2_pcr_read(dev, 0, &digest_list); + if (rc) + return rc; + + for (i = 0; i < digest_list.count; ++i) { + len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); + for (j = 0; j < len; ++j) { + if (digest_list.digests[i].digest.sha512[j]) + break; + } + + /* PCR is non-zero; it has been extended, so skip extending. */ + if (j != len) { + digest_list.count = 0; + break; + } + } + + return tcg2_replay_eventlog(elog, dev, &digest_list, + offsetof(struct tcg_pcr_event, event) + + evsz); +} + +int tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + u32 rc; + u32 i; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + + rc = tpm2_pcr_extend(dev, pcr_index, alg, + (u8 *)&digest_list->digests[i].digest, + tpm2_algorithm_to_len(alg)); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_pcr_read(struct udevice *dev, u32 pcr_index, + struct tpml_digest_values *digest_list) +{ + struct tpm_chip_priv *priv; + u32 rc; + u32 i; + + priv = dev_get_uclass_priv(dev); + if (!priv) + return -ENODEV; + + for (i = 0; i < digest_list->count; i++) { + u32 alg = digest_list->digests[i].hash_alg; + u8 *digest = (u8 *)&digest_list->digests[i].digest; + + rc = tpm2_pcr_read(dev, pcr_index, priv->pcr_select_min, alg, + digest, tpm2_algorithm_to_len(alg), NULL); + if (rc) { + printf("%s: error pcr:%u alg:%08x\n", __func__, + pcr_index, alg); + return rc; + } + } + + return 0; +} + +int tcg2_measure_data(struct udevice *dev, struct tcg2_event_log *elog, + u32 pcr_index, u32 size, const u8 *data, u32 event_type, + u32 event_size, const u8 *event) +{ + struct tpml_digest_values digest_list; + int rc; + + if (data) + rc = tcg2_create_digest(dev, data, size, &digest_list); + else + rc = tcg2_create_digest(dev, event, event_size, &digest_list); + if (rc) + return rc; + + rc = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (rc) + return rc; + + return tcg2_log_append_check(elog, pcr_index, event_type, &digest_list, + event_size, event); +} + +int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + struct tcg2_event_log log; + int rc; + + elog->log_position = 0; + elog->found = false; + + rc = tcg2_platform_get_log(dev, (void **)&log.log, &log.log_size); + if (!rc) { + log.log_position = 0; + log.found = false; + + if (!ignore_existing_log) { + rc = tcg2_log_parse(dev, &log); + if (rc) + return rc; + } + + if (elog->log_size) { + if (log.found) { + if (elog->log_size < log.log_position) + return -ENOSPC; + + /* + * Copy the discovered log into the user buffer + * if there's enough space. + */ + memcpy(elog->log, log.log, log.log_position); + } + + unmap_physmem(log.log, MAP_NOCACHE); + } else { + elog->log = log.log; + elog->log_size = log.log_size; + } + + elog->log_position = log.log_position; + elog->found = log.found; + } + + /* + * Initialize the log buffer if no log was discovered and the buffer is + * valid. User's can pass in their own buffer as a fallback if no + * memory region is found. + */ + if (!elog->found && elog->log_size) + rc = tcg2_log_init(dev, elog); + + return rc; +} + +int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog, + bool ignore_existing_log) +{ + int rc; + + rc = tcg2_platform_get_tpm2(dev); + if (rc) + return rc; + + rc = tpm_auto_start(*dev); + if (rc) + return rc; + + rc = tcg2_log_prepare_buffer(*dev, elog, ignore_existing_log); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + rc = tcg2_measure_event(*dev, elog, 0, EV_S_CRTM_VERSION, + strlen(version_string) + 1, + (u8 *)version_string); + if (rc) { + tcg2_measurement_term(*dev, elog, true); + return rc; + } + + return 0; +} + +void tcg2_measurement_term(struct udevice *dev, struct tcg2_event_log *elog, + bool error) +{ + u32 event = error ? 0x1 : 0xffffffff; + int i; + + for (i = 0; i < 8; ++i) + tcg2_measure_event(dev, elog, i, EV_SEPARATOR, sizeof(event), + (const u8 *)&event); + + if (elog->log) + unmap_physmem(elog->log, MAP_NOCACHE); +} + +__weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size) +{ + const __be32 *addr_prop; + const __be32 *size_prop; + int asize; + int ssize; + + *addr = NULL; + *size = 0; + + addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize); + if (!addr_prop) + addr_prop = dev_read_prop(dev, "linux,sml-base", &asize); + + size_prop = dev_read_prop(dev, "tpm_event_log_size", &ssize); + if (!size_prop) + size_prop = dev_read_prop(dev, "linux,sml-size", &ssize); + + if (addr_prop && size_prop) { + u64 a = of_read_number(addr_prop, asize / sizeof(__be32)); + u64 s = of_read_number(size_prop, ssize / sizeof(__be32)); + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } else { + struct ofnode_phandle_args args; + phys_addr_t a; + fdt_size_t s; + + if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, + 0, &args)) + return -ENODEV; + + a = ofnode_get_addr_size(args.node, "reg", &s); + if (a == FDT_ADDR_T_NONE) + return -ENOMEM; + + *addr = map_physmem(a, s, MAP_NOCACHE); + *size = (u32)s; + } + + return 0; +} + +__weak int tcg2_platform_get_tpm2(struct udevice **dev) +{ + for_each_tpm_device(*dev) { + if (tpm_get_version(*dev) == TPM_V2) + return 0; + } + + return -ENODEV; +} + +__weak void tcg2_platform_startup_error(struct udevice *dev, int rc) {} + u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode) { const u8 command_v2[12] = { @@ -359,6 +1048,131 @@ u32 tpm2_get_capability(struct udevice *dev, u32 capability, u32 property, return 0; } +static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr) +{ + u8 response[(sizeof(struct tpms_capability_data) - + offsetof(struct tpms_capability_data, data))]; + u32 properties_offset = + offsetof(struct tpml_tagged_tpm_property, tpm_property) + + offsetof(struct tpms_tagged_property, value); + u32 ret; + + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES, + TPM2_PT_PCR_COUNT, response, 1); + if (ret) + return ret; + + *num_pcr = get_unaligned_be32(response + properties_offset); + if (*num_pcr > TPM2_MAX_PCRS) { + printf("%s: too many pcrs: %u\n", __func__, *num_pcr); + return -E2BIG; + } + + return 0; +} + +static bool tpm2_is_active_pcr(struct tpms_pcr_selection *selection) +{ + int i; + + /* + * check the pcr_select. If at least one of the PCRs supports the + * algorithm add it on the active ones + */ + for (i = 0; i < selection->size_of_select; i++) { + if (selection->pcr_select[i]) + return true; + } + + return false; +} + +int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u32 *active_pcr, + u32 *pcr_banks) +{ + u8 response[(sizeof(struct tpms_capability_data) - + offsetof(struct tpms_capability_data, data))]; + struct tpml_pcr_selection pcrs; + u32 num_pcr; + size_t i; + u32 ret; + + *supported_pcr = 0; + *active_pcr = 0; + *pcr_banks = 0; + memset(response, 0, sizeof(response)); + ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); + if (ret) + return ret; + + pcrs.count = get_unaligned_be32(response); + /* + * We only support 5 algorithms for now so check against that + * instead of TPM2_NUM_PCR_BANKS + */ + if (pcrs.count > ARRAY_SIZE(tpm2_supported_algorithms) || + pcrs.count < 1) { + printf("%s: too many pcrs: %u\n", __func__, pcrs.count); + return -EMSGSIZE; + } + + ret = tpm2_get_num_pcr(dev, &num_pcr); + if (ret) + return ret; + + for (i = 0; i < pcrs.count; i++) { + /* + * Definition of TPMS_PCR_SELECTION Structure + * hash: u16 + * size_of_select: u8 + * pcr_select: u8 array + * + * The offsets depend on the number of the device PCRs + * so we have to calculate them based on that + */ + u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) + + i * offsetof(struct tpms_pcr_selection, pcr_select) + + i * ((num_pcr + 7) / 8); + u32 size_select_offset = + hash_offset + offsetof(struct tpms_pcr_selection, + size_of_select); + u32 pcr_select_offset = + hash_offset + offsetof(struct tpms_pcr_selection, + pcr_select); + + pcrs.selection[i].hash = + get_unaligned_be16(response + hash_offset); + pcrs.selection[i].size_of_select = + __get_unaligned_be(response + size_select_offset); + if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX) { + printf("%s: pcrs selection too large: %u\n", __func__, + pcrs.selection[i].size_of_select); + return -ENOBUFS; + } + /* copy the array of pcr_select */ + memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset, + pcrs.selection[i].size_of_select); + } + + for (i = 0; i < pcrs.count; i++) { + u32 hash_mask = tpm2_algorithm_to_mask(pcrs.selection[i].hash); + + if (hash_mask) { + *supported_pcr |= hash_mask; + if (tpm2_is_active_pcr(&pcrs.selection[i])) + *active_pcr |= hash_mask; + } else { + printf("%s: unknown algorithm %x\n", __func__, + pcrs.selection[i].hash); + } + } + + *pcr_banks = pcrs.count; + + return 0; +} + u32 tpm2_dam_reset(struct udevice *dev, const char *pw, const ssize_t pw_sz) { u8 command_v2[COMMAND_BUFFER_SIZE] = { |