diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Kconfig | 8 | ||||
| -rw-r--r-- | lib/Makefile | 4 | ||||
| -rw-r--r-- | lib/efi_loader/efi_bootbin.c | 3 | ||||
| -rw-r--r-- | lib/efi_loader/efi_boottime.c | 32 | ||||
| -rw-r--r-- | lib/efi_loader/efi_device_path.c | 26 | ||||
| -rw-r--r-- | lib/efi_loader/efi_http.c | 6 | ||||
| -rw-r--r-- | lib/efi_loader/efi_ipconfig.c | 4 | ||||
| -rw-r--r-- | lib/efi_loader/efi_net.c | 579 | ||||
| -rw-r--r-- | lib/efi_loader/efi_setup.c | 27 | ||||
| -rw-r--r-- | lib/efi_selftest/efi_selftest_snp.c | 1 | ||||
| -rw-r--r-- | lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c | 9 | ||||
| -rw-r--r-- | lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h | 6 | ||||
| -rw-r--r-- | lib/mbedtls/Kconfig | 784 | ||||
| -rw-r--r-- | lib/mbedtls/Makefile | 44 | ||||
| -rw-r--r-- | lib/mbedtls/mbedtls_def_config.h | 37 | ||||
| -rw-r--r-- | lib/mbedtls/port/mbedtls_options.h | 23 |
16 files changed, 1175 insertions, 418 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 1a683dea670..a21b3378fa7 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -1008,14 +1008,14 @@ config OF_LIBFDT_OVERLAY This enables the FDT library (libfdt) overlay support. config SYS_FDT_PAD - hex "Maximum size of the FDT memory area passeed to the OS" + hex "Free space added to device-tree before booting" depends on OF_LIBFDT default 0x13000 if FMAN_ENET || QE || U_QE default 0x3000 help - During OS boot, we allocate a region of memory within the bootmap - for the FDT. This is the size that we will expand the FDT that we - are using will be extended to be, in bytes. + The operating system may need a free area at the end of the device- + tree for fix-ups. This setting defines by how many bytes U-Boot + extends the device-tree before booting. config SPL_OF_LIBFDT bool "Enable the FDT library for SPL" diff --git a/lib/Makefile b/lib/Makefile index a7bc2f3134a..a30ce1595d5 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -28,11 +28,7 @@ obj-y += charset.o endif endif -ifdef CONFIG_USB_TTY -obj-y += circbuf.o -else obj-$(CONFIG_CIRCBUF) += circbuf.o -endif obj-y += crc8.o obj-$(CONFIG_ERRNO_STR) += errno_str.o diff --git a/lib/efi_loader/efi_bootbin.c b/lib/efi_loader/efi_bootbin.c index 10ec5e9ada3..deafb2ce1c2 100644 --- a/lib/efi_loader/efi_bootbin.c +++ b/lib/efi_loader/efi_bootbin.c @@ -16,6 +16,7 @@ #include <log.h> #include <malloc.h> #include <mapmem.h> +#include <net.h> static struct efi_device_path *bootefi_image_path; static struct efi_device_path *bootefi_device_path; @@ -67,7 +68,7 @@ static efi_status_t calculate_paths(const char *dev, const char *devnr, #if IS_ENABLED(CONFIG_NETDEVICES) if (!strcmp(dev, "Net") || !strcmp(dev, "Http")) { - ret = efi_net_set_dp(dev, devnr); + ret = efi_net_new_dp(dev, devnr, eth_get_dev()); if (ret != EFI_SUCCESS) return ret; } diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 5164cb15986..c8d9a6037f7 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -21,7 +21,6 @@ #include <usb.h> #include <watchdog.h> #include <asm/global_data.h> -#include <asm/setjmp.h> #include <linux/libfdt_env.h> DECLARE_GLOBAL_DATA_PTR; @@ -60,9 +59,9 @@ static efi_handle_t current_image; static volatile gd_t *efi_gd, *app_gd; #endif -static efi_status_t efi_uninstall_protocol - (efi_handle_t handle, const efi_guid_t *protocol, - void *protocol_interface, bool preserve); +efi_status_t efi_uninstall_protocol + (efi_handle_t handle, const efi_guid_t *protocol, + void *protocol_interface, bool preserve); /* 1 if inside U-Boot code, 0 if inside EFI payload code */ static int entry_count = 1; @@ -100,12 +99,11 @@ const efi_guid_t efi_guid_load_file2_protocol = EFI_LOAD_FILE2_PROTOCOL_GUID; /* GUID of the SMBIOS table */ const efi_guid_t smbios_guid = SMBIOS_TABLE_GUID; -static efi_status_t EFIAPI efi_disconnect_controller( +efi_status_t EFIAPI efi_disconnect_controller( efi_handle_t controller_handle, efi_handle_t driver_image_handle, efi_handle_t child_handle); -static efi_status_t EFIAPI efi_connect_controller(efi_handle_t controller_handle, efi_handle_t *driver_image_handle, struct efi_device_path *remain_device_path, @@ -1039,7 +1037,7 @@ static efi_status_t EFIAPI efi_signal_event_ext(struct efi_event *event) * * Return: status code */ -static efi_status_t EFIAPI efi_close_event(struct efi_event *event) +efi_status_t EFIAPI efi_close_event(struct efi_event *event) { struct efi_register_notify_event *item, *next; @@ -1380,9 +1378,9 @@ static efi_status_t efi_disconnect_all_drivers * * Return: status code */ -static efi_status_t efi_uninstall_protocol - (efi_handle_t handle, const efi_guid_t *protocol, - void *protocol_interface, bool preserve) +efi_status_t efi_uninstall_protocol + (efi_handle_t handle, const efi_guid_t *protocol, + void *protocol_interface, bool preserve) { struct efi_handler *handler; struct efi_open_protocol_info_item *item; @@ -2233,8 +2231,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, if (!efi_st_keep_devices) { bootm_disable_interrupts(); - if (IS_ENABLED(CONFIG_USB_DEVICE)) - udc_disconnect(); board_quiesce_devices(); dm_remove_devices_active(); } @@ -3199,7 +3195,7 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, void *info; efi_handle_t parent_image = current_image; efi_status_t exit_status; - struct jmp_buf_data exit_jmp; + jmp_buf exit_jmp; EFI_ENTRY("%p, %p, %p", image_handle, exit_data_size, exit_data); @@ -3238,7 +3234,7 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, } /* call the image! */ - if (setjmp(&exit_jmp)) { + if (setjmp(exit_jmp)) { /* * We called the entry point of the child image with EFI_CALL * in the lines below. The child image called the Exit() boot @@ -3444,7 +3440,7 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, struct efi_loaded_image *loaded_image_protocol; struct efi_loaded_image_obj *image_obj = (struct efi_loaded_image_obj *)image_handle; - struct jmp_buf_data *exit_jmp; + jmp_buf *exit_jmp; EFI_ENTRY("%p, %ld, %zu, %p", image_handle, exit_status, exit_data_size, exit_data); @@ -3511,7 +3507,7 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, */ efi_restore_gd(); - longjmp(exit_jmp, 1); + longjmp(*exit_jmp, 1); panic("EFI application exited"); out: @@ -3665,7 +3661,7 @@ static efi_status_t efi_connect_single_controller( * * Return: status code */ -static efi_status_t EFIAPI efi_connect_controller( +efi_status_t EFIAPI efi_connect_controller( efi_handle_t controller_handle, efi_handle_t *driver_image_handle, struct efi_device_path *remain_device_path, @@ -3844,7 +3840,7 @@ static efi_status_t efi_get_child_controllers( * * Return: status code */ -static efi_status_t EFIAPI efi_disconnect_controller( +efi_status_t EFIAPI efi_disconnect_controller( efi_handle_t controller_handle, efi_handle_t driver_image_handle, efi_handle_t child_handle) diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index c0633a736b6..c9bf2726fe2 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -954,20 +954,20 @@ struct efi_device_path *efi_dp_from_uart(void) return buf; } -struct efi_device_path __maybe_unused *efi_dp_from_eth(void) +struct efi_device_path __maybe_unused *efi_dp_from_eth(struct udevice *dev) { void *buf, *start; unsigned dpsize = 0; - assert(eth_get_dev()); + assert(dev); - dpsize += dp_size(eth_get_dev()); + dpsize += dp_size(dev); start = buf = efi_alloc(dpsize + sizeof(END)); if (!buf) return NULL; - buf = dp_fill(buf, eth_get_dev()); + buf = dp_fill(buf, dev); *((struct efi_device_path *)buf) = END; @@ -984,11 +984,13 @@ struct efi_device_path __maybe_unused *efi_dp_from_eth(void) * @ip: IPv4 local address * @mask: network mask * @srv: IPv4 remote/server address + * @dev: net udevice * Return: pointer to device path, NULL on error */ static struct efi_device_path *efi_dp_from_ipv4(struct efi_ipv4_address *ip, struct efi_ipv4_address *mask, - struct efi_ipv4_address *srv) + struct efi_ipv4_address *srv, + struct udevice *dev) { struct efi_device_path *dp1, *dp2, *pos; struct { @@ -1010,7 +1012,7 @@ static struct efi_device_path *efi_dp_from_ipv4(struct efi_ipv4_address *ip, pos = &dp.end; memcpy(pos, &END, sizeof(END)); - dp1 = efi_dp_from_eth(); + dp1 = efi_dp_from_eth(dev); if (!dp1) return NULL; @@ -1029,9 +1031,10 @@ static struct efi_device_path *efi_dp_from_ipv4(struct efi_ipv4_address *ip, * and an END node. * * @server: URI of remote server + * @dev: net udevice * Return: pointer to HTTP device path, NULL on error */ -struct efi_device_path *efi_dp_from_http(const char *server) +struct efi_device_path *efi_dp_from_http(const char *server, struct udevice *dev) { struct efi_device_path *dp1, *dp2; struct efi_device_path_uri *uridp; @@ -1045,12 +1048,13 @@ struct efi_device_path *efi_dp_from_http(const char *server) (!server && IS_ENABLED(CONFIG_NET_LWIP))) return NULL; - efi_net_get_addr(&ip, &mask, NULL); + efi_net_get_addr(&ip, &mask, NULL, dev); - dp1 = efi_dp_from_ipv4(&ip, &mask, NULL); + dp1 = efi_dp_from_ipv4(&ip, &mask, NULL, dev); if (!dp1) return NULL; + strcpy(tmp, "http://"); if (server) { @@ -1185,8 +1189,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, dp = efi_dp_from_mem(EFI_RESERVED_MEMORY_TYPE, (uintptr_t)image_addr, image_size); } else if (IS_ENABLED(CONFIG_NETDEVICES) && - (!strcmp(dev, "Net") || !strcmp(dev, "Http"))) { - efi_net_get_dp(&dp); + (!strcmp(dev, "Net") || !strcmp(dev, "Http"))) { + efi_net_dp_from_dev(&dp, eth_get_dev(), false); } else if (!strcmp(dev, "Uart")) { dp = efi_dp_from_uart(); } else { diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c index 88816256b03..189317fe2d2 100644 --- a/lib/efi_loader/efi_http.c +++ b/lib/efi_loader/efi_http.c @@ -36,6 +36,7 @@ static const efi_guid_t efi_http_guid = EFI_HTTP_PROTOCOL_GUID; struct efi_http_instance { struct efi_http_protocol http; efi_handle_t handle; + struct efi_service_binding_protocol *parent; bool configured; void *http_load_addr; ulong file_size; @@ -188,7 +189,7 @@ static efi_status_t EFIAPI efi_http_configure(struct efi_http_protocol *this, if (!ipv4_node->use_default_address) { efi_net_set_addr((struct efi_ipv4_address *)&ipv4_node->local_address, - (struct efi_ipv4_address *)&ipv4_node->local_subnet, NULL); + (struct efi_ipv4_address *)&ipv4_node->local_subnet, NULL, NULL); } http_instance->current_offset = 0; @@ -243,7 +244,7 @@ static efi_status_t EFIAPI efi_http_request(struct efi_http_protocol *this, ret = efi_net_do_request(url_8, current_method, &http_instance->http_load_addr, &http_instance->status_code, &http_instance->file_size, - http_instance->headers_buffer); + http_instance->headers_buffer, http_instance->parent); if (ret != EFI_SUCCESS) goto out; @@ -408,6 +409,7 @@ static efi_status_t EFIAPI efi_http_service_binding_create_child( goto failure_to_add_protocol; } + new_instance->parent = this; efi_add_handle(new_instance->handle); *child_handle = new_instance->handle; diff --git a/lib/efi_loader/efi_ipconfig.c b/lib/efi_loader/efi_ipconfig.c index f1c092daafd..9f51f77fa9a 100644 --- a/lib/efi_loader/efi_ipconfig.c +++ b/lib/efi_loader/efi_ipconfig.c @@ -60,7 +60,7 @@ static efi_status_t EFIAPI efi_ip4_config2_set_data(struct efi_ip4_config2_proto memcpy((void *)¤t_http_ip, data, sizeof(struct efi_ip4_config2_manual_address)); efi_net_set_addr(¤t_http_ip.address, - ¤t_http_ip.subnet_mask, NULL); + ¤t_http_ip.subnet_mask, NULL, NULL); return EFI_EXIT(EFI_SUCCESS); } return EFI_EXIT(EFI_BAD_BUFFER_SIZE); @@ -133,7 +133,7 @@ static efi_status_t EFIAPI efi_ip4_config2_get_data(struct efi_ip4_config2_proto return EFI_EXIT(EFI_BUFFER_TOO_SMALL); } - efi_net_get_addr(¤t_http_ip.address, ¤t_http_ip.subnet_mask, NULL); + efi_net_get_addr(¤t_http_ip.address, ¤t_http_ip.subnet_mask, NULL, NULL); memcpy(data, (void *)¤t_http_ip, sizeof(struct efi_ip4_config2_manual_address)); diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c index ce9272fa240..b3291b4f1d5 100644 --- a/lib/efi_loader/efi_net.c +++ b/lib/efi_loader/efi_net.c @@ -24,54 +24,70 @@ #include <vsprintf.h> #include <net.h> -static const efi_guid_t efi_net_guid = EFI_SIMPLE_NETWORK_PROTOCOL_GUID; +#define MAX_EFI_NET_OBJS 10 +#define MAX_NUM_DHCP_ENTRIES 10 +#define MAX_NUM_DP_ENTRIES 10 + +const efi_guid_t efi_net_guid = EFI_SIMPLE_NETWORK_PROTOCOL_GUID; static const efi_guid_t efi_pxe_base_code_protocol_guid = EFI_PXE_BASE_CODE_PROTOCOL_GUID; -static struct efi_pxe_packet *dhcp_ack; -static void *new_tx_packet; -static void *transmit_buffer; -static uchar **receive_buffer; -static size_t *receive_lengths; -static int rx_packet_idx; -static int rx_packet_num; -static struct efi_net_obj *netobj; + +struct dp_entry { + struct efi_device_path *net_dp; + struct udevice *dev; + bool is_valid; +}; /* - * The current network device path. This device path is updated when a new - * bootfile is downloaded from the network. If then the bootfile is loaded - * as an efi image, net_dp is passed as the device path of the loaded image. + * The network device path cache. An entry is added when a new bootfile + * is downloaded from the network. If the bootfile is then loaded as an + * efi image, the most recent entry corresponding to the device is passed + * as the device path of the loaded image. */ -static struct efi_device_path *net_dp; +static struct dp_entry dp_cache[MAX_NUM_DP_ENTRIES]; +static int next_dp_entry; +#if IS_ENABLED(CONFIG_EFI_HTTP_PROTOCOL) static struct wget_http_info efi_wget_info = { .set_bootdev = false, .check_buffer_size = true, }; +#endif -/* - * The notification function of this event is called in every timer cycle - * to check if a new network packet has been received. - */ -static struct efi_event *network_timer_event; -/* - * This event is signaled when a packet has been received. - */ -static struct efi_event *wait_for_packet; +struct dhcp_entry { + struct efi_pxe_packet *dhcp_ack; + struct udevice *dev; + bool is_valid; +}; + +static struct dhcp_entry dhcp_cache[MAX_NUM_DHCP_ENTRIES]; +static int next_dhcp_entry; /** * struct efi_net_obj - EFI object representing a network interface * * @header: EFI object header + * @dev: net udevice * @net: simple network protocol interface * @net_mode: status of the network interface * @pxe: PXE base code protocol interface * @pxe_mode: status of the PXE base code protocol * @ip4_config2: IP4 Config2 protocol interface * @http_service_binding: Http service binding protocol interface + * @new_tx_packet: new transmit packet + * @transmit_buffer: transmit buffer + * @receive_buffer: array of receive buffers + * @receive_lengths: array of lengths for received packets + * @rx_packet_idx: index of the current receive packet + * @rx_packet_num: number of received packets + * @wait_for_packet: signaled when a packet has been received + * @network_timer_event: event to check for new network packets. + * @efi_seq_num: sequence number of the EFI net object. */ struct efi_net_obj { struct efi_object header; + struct udevice *dev; struct efi_simple_network net; struct efi_simple_network_mode net_mode; struct efi_pxe_base_code_protocol pxe; @@ -82,8 +98,54 @@ struct efi_net_obj { #if IS_ENABLED(CONFIG_EFI_HTTP_PROTOCOL) struct efi_service_binding_protocol http_service_binding; #endif + void *new_tx_packet; + void *transmit_buffer; + uchar **receive_buffer; + size_t *receive_lengths; + int rx_packet_idx; + int rx_packet_num; + struct efi_event *wait_for_packet; + struct efi_event *network_timer_event; + int efi_seq_num; }; +static int curr_efi_net_obj; +static struct efi_net_obj *net_objs[MAX_EFI_NET_OBJS]; + +/** + * efi_netobj_is_active() - checks if a netobj is active in the efi subsystem + * + * @netobj: pointer to efi_net_obj + * Return: true if active + */ +static bool efi_netobj_is_active(struct efi_net_obj *netobj) +{ + if (!netobj || !efi_search_obj(&netobj->header)) + return false; + + return true; +} + +/* + * efi_netobj_from_snp() - get efi_net_obj from simple network protocol + * + * + * @snp: pointer to the simple network protocol + * Return: pointer to efi_net_obj, NULL on error + */ +static struct efi_net_obj *efi_netobj_from_snp(struct efi_simple_network *snp) +{ + int i; + + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && &net_objs[i]->net == snp) { + // Do not register duplicate devices + return net_objs[i]; + } + } + return NULL; +} + /* * efi_net_start() - start the network interface * @@ -97,20 +159,22 @@ struct efi_net_obj { static efi_status_t EFIAPI efi_net_start(struct efi_simple_network *this) { efi_status_t ret = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p", this); - /* Check parameters */ if (!this) { ret = EFI_INVALID_PARAMETER; goto out; } + nt = efi_netobj_from_snp(this); + if (this->mode->state != EFI_NETWORK_STOPPED) { ret = EFI_ALREADY_STARTED; } else { this->int_status = 0; - wait_for_packet->is_signaled = false; + nt->wait_for_packet->is_signaled = false; this->mode->state = EFI_NETWORK_STARTED; } out: @@ -130,6 +194,7 @@ out: static efi_status_t EFIAPI efi_net_stop(struct efi_simple_network *this) { efi_status_t ret = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p", this); @@ -139,13 +204,17 @@ static efi_status_t EFIAPI efi_net_stop(struct efi_simple_network *this) goto out; } + nt = efi_netobj_from_snp(this); + if (this->mode->state == EFI_NETWORK_STOPPED) { ret = EFI_NOT_STARTED; } else { /* Disable hardware and put it into the reset state */ + eth_set_dev(nt->dev); + env_set("ethact", eth_get_name()); eth_halt(); /* Clear cache of packets */ - rx_packet_num = 0; + nt->rx_packet_num = 0; this->mode->state = EFI_NETWORK_STOPPED; } out: @@ -169,6 +238,7 @@ static efi_status_t EFIAPI efi_net_initialize(struct efi_simple_network *this, { int ret; efi_status_t r = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p, %lx, %lx", this, extra_rx, extra_tx); @@ -177,6 +247,7 @@ static efi_status_t EFIAPI efi_net_initialize(struct efi_simple_network *this, r = EFI_INVALID_PARAMETER; goto out; } + nt = efi_netobj_from_snp(this); switch (this->mode->state) { case EFI_NETWORK_INITIALIZED: @@ -189,14 +260,13 @@ static efi_status_t EFIAPI efi_net_initialize(struct efi_simple_network *this, /* Setup packet buffers */ net_init(); - /* Disable hardware and put it into the reset state */ - eth_halt(); /* Clear cache of packets */ - rx_packet_num = 0; - /* Set current device according to environment variables */ - eth_set_current(); + nt->rx_packet_num = 0; + /* Set the net device corresponding to the efi net object */ + eth_set_dev(nt->dev); + env_set("ethact", eth_get_name()); /* Get hardware ready for send and receive operations */ - ret = eth_init(); + ret = eth_start_udev(nt->dev); if (ret < 0) { eth_halt(); this->mode->state = EFI_NETWORK_STOPPED; @@ -204,7 +274,7 @@ static efi_status_t EFIAPI efi_net_initialize(struct efi_simple_network *this, goto out; } else { this->int_status = 0; - wait_for_packet->is_signaled = false; + nt->wait_for_packet->is_signaled = false; this->mode->state = EFI_NETWORK_INITIALIZED; } out: @@ -265,6 +335,7 @@ out: static efi_status_t EFIAPI efi_net_shutdown(struct efi_simple_network *this) { efi_status_t ret = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p", this); @@ -273,6 +344,7 @@ static efi_status_t EFIAPI efi_net_shutdown(struct efi_simple_network *this) ret = EFI_INVALID_PARAMETER; goto out; } + nt = efi_netobj_from_snp(this); switch (this->mode->state) { case EFI_NETWORK_INITIALIZED: @@ -285,9 +357,12 @@ static efi_status_t EFIAPI efi_net_shutdown(struct efi_simple_network *this) goto out; } + eth_set_dev(nt->dev); + env_set("ethact", eth_get_name()); eth_halt(); + this->int_status = 0; - wait_for_packet->is_signaled = false; + nt->wait_for_packet->is_signaled = false; this->mode->state = EFI_NETWORK_STARTED; out: @@ -463,6 +538,7 @@ static efi_status_t EFIAPI efi_net_get_status(struct efi_simple_network *this, u32 *int_status, void **txbuf) { efi_status_t ret = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p, %p, %p", this, int_status, txbuf); @@ -474,6 +550,8 @@ static efi_status_t EFIAPI efi_net_get_status(struct efi_simple_network *this, goto out; } + nt = efi_netobj_from_snp(this); + switch (this->mode->state) { case EFI_NETWORK_STOPPED: ret = EFI_NOT_STARTED; @@ -490,9 +568,9 @@ static efi_status_t EFIAPI efi_net_get_status(struct efi_simple_network *this, this->int_status = 0; } if (txbuf) - *txbuf = new_tx_packet; + *txbuf = nt->new_tx_packet; - new_tx_packet = NULL; + nt->new_tx_packet = NULL; out: return EFI_EXIT(ret); } @@ -519,6 +597,7 @@ static efi_status_t EFIAPI efi_net_transmit struct efi_mac_address *dest_addr, u16 *protocol) { efi_status_t ret = EFI_SUCCESS; + struct efi_net_obj *nt; EFI_ENTRY("%p, %lu, %lu, %p, %p, %p, %p", this, (unsigned long)header_size, (unsigned long)buffer_size, @@ -532,6 +611,8 @@ static efi_status_t EFIAPI efi_net_transmit goto out; } + nt = efi_netobj_from_snp(this); + /* We do not support jumbo packets */ if (buffer_size > PKTSIZE_ALIGN) { ret = EFI_INVALID_PARAMETER; @@ -576,11 +657,14 @@ static efi_status_t EFIAPI efi_net_transmit break; } + eth_set_dev(nt->dev); + env_set("ethact", eth_get_name()); + /* Ethernet packets always fit, just bounce */ - memcpy(transmit_buffer, buffer, buffer_size); - net_send_packet(transmit_buffer, buffer_size); + memcpy(nt->transmit_buffer, buffer, buffer_size); + net_send_packet(nt->transmit_buffer, buffer_size); - new_tx_packet = buffer; + nt->new_tx_packet = buffer; this->int_status |= EFI_SIMPLE_NETWORK_TRANSMIT_INTERRUPT; out: return EFI_EXIT(ret); @@ -611,6 +695,7 @@ static efi_status_t EFIAPI efi_net_receive struct ethernet_hdr *eth_hdr; size_t hdr_size = sizeof(struct ethernet_hdr); u16 protlen; + struct efi_net_obj *nt; EFI_ENTRY("%p, %p, %p, %p, %p, %p, %p", this, header_size, buffer_size, buffer, src_addr, dest_addr, protocol); @@ -624,6 +709,8 @@ static efi_status_t EFIAPI efi_net_receive goto out; } + nt = efi_netobj_from_snp(this); + switch (this->mode->state) { case EFI_NETWORK_STOPPED: ret = EFI_NOT_STARTED; @@ -635,16 +722,16 @@ static efi_status_t EFIAPI efi_net_receive break; } - if (!rx_packet_num) { + if (!nt->rx_packet_num) { ret = EFI_NOT_READY; goto out; } /* Fill export parameters */ - eth_hdr = (struct ethernet_hdr *)receive_buffer[rx_packet_idx]; + eth_hdr = (struct ethernet_hdr *)nt->receive_buffer[nt->rx_packet_idx]; protlen = ntohs(eth_hdr->et_protlen); if (protlen == 0x8100) { hdr_size += 4; - protlen = ntohs(*(u16 *)&receive_buffer[rx_packet_idx][hdr_size - 2]); + protlen = ntohs(*(u16 *)&nt->receive_buffer[nt->rx_packet_idx][hdr_size - 2]); } if (header_size) *header_size = hdr_size; @@ -654,20 +741,20 @@ static efi_status_t EFIAPI efi_net_receive memcpy(src_addr, eth_hdr->et_src, ARP_HLEN); if (protocol) *protocol = protlen; - if (*buffer_size < receive_lengths[rx_packet_idx]) { + if (*buffer_size < nt->receive_lengths[nt->rx_packet_idx]) { /* Packet doesn't fit, try again with bigger buffer */ - *buffer_size = receive_lengths[rx_packet_idx]; + *buffer_size = nt->receive_lengths[nt->rx_packet_idx]; ret = EFI_BUFFER_TOO_SMALL; goto out; } /* Copy packet */ - memcpy(buffer, receive_buffer[rx_packet_idx], - receive_lengths[rx_packet_idx]); - *buffer_size = receive_lengths[rx_packet_idx]; - rx_packet_idx = (rx_packet_idx + 1) % ETH_PACKETS_BATCH_RECV; - rx_packet_num--; - if (rx_packet_num) - wait_for_packet->is_signaled = true; + memcpy(buffer, nt->receive_buffer[nt->rx_packet_idx], + nt->receive_lengths[nt->rx_packet_idx]); + *buffer_size = nt->receive_lengths[nt->rx_packet_idx]; + nt->rx_packet_idx = (nt->rx_packet_idx + 1) % ETH_PACKETS_BATCH_RECV; + nt->rx_packet_num--; + if (nt->rx_packet_num) + nt->wait_for_packet->is_signaled = true; else this->int_status &= ~EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; out: @@ -684,18 +771,35 @@ out: */ void efi_net_set_dhcp_ack(void *pkt, int len) { - int maxsize = sizeof(*dhcp_ack); + struct efi_pxe_packet **dhcp_ack; + struct udevice *dev; + int i; + + dhcp_ack = &dhcp_cache[next_dhcp_entry].dhcp_ack; + + /* For now this function gets called only by the current device */ + dev = eth_get_dev(); - if (!dhcp_ack) { - dhcp_ack = malloc(maxsize); - if (!dhcp_ack) + int maxsize = sizeof(**dhcp_ack); + + if (!*dhcp_ack) { + *dhcp_ack = malloc(maxsize); + if (!*dhcp_ack) return; } - memset(dhcp_ack, 0, maxsize); - memcpy(dhcp_ack, pkt, min(len, maxsize)); + memset(*dhcp_ack, 0, maxsize); + memcpy(*dhcp_ack, pkt, min(len, maxsize)); + + dhcp_cache[next_dhcp_entry].is_valid = true; + dhcp_cache[next_dhcp_entry].dev = dev; + next_dhcp_entry++; + next_dhcp_entry %= MAX_NUM_DHCP_ENTRIES; - if (netobj) - netobj->pxe_mode.dhcp_ack = *dhcp_ack; + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && net_objs[i]->dev == dev) { + net_objs[i]->pxe_mode.dhcp_ack = **dhcp_ack; + } + } } /** @@ -709,6 +813,11 @@ void efi_net_set_dhcp_ack(void *pkt, int len) static void efi_net_push(void *pkt, int len) { int rx_packet_next; + struct efi_net_obj *nt; + + nt = net_objs[curr_efi_net_obj]; + if (!nt) + return; /* Check that we at least received an Ethernet header */ if (len < sizeof(struct ethernet_hdr)) @@ -719,15 +828,15 @@ static void efi_net_push(void *pkt, int len) return; /* Can't store more than pre-alloced buffer */ - if (rx_packet_num >= ETH_PACKETS_BATCH_RECV) + if (nt->rx_packet_num >= ETH_PACKETS_BATCH_RECV) return; - rx_packet_next = (rx_packet_idx + rx_packet_num) % + rx_packet_next = (nt->rx_packet_idx + nt->rx_packet_num) % ETH_PACKETS_BATCH_RECV; - memcpy(receive_buffer[rx_packet_next], pkt, len); - receive_lengths[rx_packet_next] = len; + memcpy(nt->receive_buffer[rx_packet_next], pkt, len); + nt->receive_lengths[rx_packet_next] = len; - rx_packet_num++; + nt->rx_packet_num++; } /** @@ -742,6 +851,7 @@ static void EFIAPI efi_network_timer_notify(struct efi_event *event, void *context) { struct efi_simple_network *this = (struct efi_simple_network *)context; + struct efi_net_obj *nt; EFI_ENTRY("%p, %p", event, context); @@ -752,14 +862,19 @@ static void EFIAPI efi_network_timer_notify(struct efi_event *event, if (!this || this->mode->state != EFI_NETWORK_INITIALIZED) goto out; - if (!rx_packet_num) { + nt = efi_netobj_from_snp(this); + curr_efi_net_obj = nt->efi_seq_num; + + if (!nt->rx_packet_num) { + eth_set_dev(nt->dev); + env_set("ethact", eth_get_name()); push_packet = efi_net_push; eth_rx(); push_packet = NULL; - if (rx_packet_num) { + if (nt->rx_packet_num) { this->int_status |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; - wait_for_packet->is_signaled = true; + nt->wait_for_packet->is_signaled = true; } } out: @@ -879,30 +994,179 @@ static efi_status_t EFIAPI efi_pxe_base_code_set_packets( } /** + * efi_netobj_set_dp() - set device path of a netobj + * + * @netobj: pointer to efi_net_obj + * @dp: device path to set, allocated by caller + * Return: status code + */ +efi_status_t efi_netobj_set_dp(struct efi_net_obj *netobj, struct efi_device_path *dp) +{ + efi_status_t ret; + struct efi_handler *phandler; + struct efi_device_path *new_net_dp; + + if (!efi_netobj_is_active(netobj)) + return EFI_SUCCESS; + + // Create a device path for the netobj + new_net_dp = dp; + if (!new_net_dp) + return EFI_OUT_OF_RESOURCES; + + phandler = NULL; + efi_search_protocol(&netobj->header, &efi_guid_device_path, &phandler); + + // If the device path protocol is not yet installed, install it + if (!phandler) + goto add; + + // If it is already installed, try to update it + ret = efi_reinstall_protocol_interface(&netobj->header, &efi_guid_device_path, + phandler->protocol_interface, new_net_dp); + if (ret != EFI_SUCCESS) + return ret; + + return EFI_SUCCESS; +add: + ret = efi_add_protocol(&netobj->header, &efi_guid_device_path, + new_net_dp); + if (ret != EFI_SUCCESS) + return ret; + + return EFI_SUCCESS; +} + +/** + * efi_netobj_get_dp() - get device path of a netobj + * + * @netobj: pointer to efi_net_obj + * Return: device path, NULL on error + */ +static struct efi_device_path *efi_netobj_get_dp(struct efi_net_obj *netobj) +{ + struct efi_handler *phandler; + + if (!efi_netobj_is_active(netobj)) + return NULL; + + phandler = NULL; + efi_search_protocol(&netobj->header, &efi_guid_device_path, &phandler); + + if (phandler && phandler->protocol_interface) + return efi_dp_dup(phandler->protocol_interface); + + return NULL; +} + +/** + * efi_net_do_start() - start the efi network stack + * + * This gets called from do_bootefi_exec() each time a payload gets executed. + * + * @dev: net udevice + * Return: status code + */ +efi_status_t efi_net_do_start(struct udevice *dev) +{ + efi_status_t r = EFI_SUCCESS; + struct efi_net_obj *netobj; + struct efi_device_path *net_dp; + int i; + + netobj = NULL; + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && net_objs[i]->dev == dev) { + netobj = net_objs[i]; + break; + } + } + + if (!efi_netobj_is_active(netobj)) + return r; + + efi_net_dp_from_dev(&net_dp, netobj->dev, true); + // If no dp cache entry applies and there already + // is a device path installed, continue + if (!net_dp) { + if (efi_netobj_get_dp(netobj)) + goto set_addr; + else + net_dp = efi_dp_from_eth(netobj->dev); + + } + + if (!net_dp) + return EFI_OUT_OF_RESOURCES; + + r = efi_netobj_set_dp(netobj, net_dp); + if (r != EFI_SUCCESS) + return r; +set_addr: +#ifdef CONFIG_EFI_HTTP_PROTOCOL + /* + * No harm on doing the following. If the PXE handle is present, the client could + * find it and try to get its IP address from it. In here the PXE handle is present + * but the PXE protocol is not yet implmenented, so we add this in the meantime. + */ + efi_net_get_addr((struct efi_ipv4_address *)&netobj->pxe_mode.station_ip, + (struct efi_ipv4_address *)&netobj->pxe_mode.subnet_mask, NULL, dev); +#endif + + return r; +} + +/** * efi_net_register() - register the simple network protocol * * This gets called from do_bootefi_exec(). + * @dev: net udevice */ -efi_status_t efi_net_register(void) +efi_status_t efi_net_register(struct udevice *dev) { efi_status_t r; - int i; - - if (!eth_get_dev()) { + int seq_num; + struct efi_net_obj *netobj; + void *transmit_buffer = NULL; + uchar **receive_buffer = NULL; + size_t *receive_lengths; + int i, j; + + if (!dev) { /* No network device active, don't expose any */ return EFI_SUCCESS; } + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && net_objs[i]->dev == dev) { + // Do not register duplicate devices + return EFI_SUCCESS; + } + } + + seq_num = -1; + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (!net_objs[i]) { + seq_num = i; + break; + } + } + if (seq_num < 0) + return EFI_OUT_OF_RESOURCES; + /* We only expose the "active" network device, so one is enough */ netobj = calloc(1, sizeof(*netobj)); if (!netobj) goto out_of_resources; + netobj->dev = dev; + /* Allocate an aligned transmit buffer */ transmit_buffer = calloc(1, PKTSIZE_ALIGN + PKTALIGN); if (!transmit_buffer) goto out_of_resources; transmit_buffer = (void *)ALIGN((uintptr_t)transmit_buffer, PKTALIGN); + netobj->transmit_buffer = transmit_buffer; /* Allocate a number of receive buffers */ receive_buffer = calloc(ETH_PACKETS_BATCH_RECV, @@ -914,10 +1178,13 @@ efi_status_t efi_net_register(void) if (!receive_buffer[i]) goto out_of_resources; } + netobj->receive_buffer = receive_buffer; + receive_lengths = calloc(ETH_PACKETS_BATCH_RECV, sizeof(*receive_lengths)); if (!receive_lengths) goto out_of_resources; + netobj->receive_lengths = receive_lengths; /* Hook net up to the device list */ efi_add_handle(&netobj->header); @@ -927,12 +1194,7 @@ efi_status_t efi_net_register(void) &netobj->net); if (r != EFI_SUCCESS) goto failure_to_add_protocol; - if (!net_dp) - efi_net_set_dp("Net", NULL); - r = efi_add_protocol(&netobj->header, &efi_guid_device_path, - net_dp); - if (r != EFI_SUCCESS) - goto failure_to_add_protocol; + r = efi_add_protocol(&netobj->header, &efi_pxe_base_code_protocol_guid, &netobj->pxe); if (r != EFI_SUCCESS) @@ -953,7 +1215,9 @@ efi_status_t efi_net_register(void) netobj->net.receive = efi_net_receive; netobj->net.mode = &netobj->net_mode; netobj->net_mode.state = EFI_NETWORK_STOPPED; - memcpy(netobj->net_mode.current_address.mac_addr, eth_get_ethaddr(), 6); + if (dev_get_plat(dev)) + memcpy(netobj->net_mode.current_address.mac_addr, + ((struct eth_pdata *)dev_get_plat(dev))->enetaddr, 6); netobj->net_mode.hwaddr_size = ARP_HLEN; netobj->net_mode.media_header_size = ETHER_HDR_SIZE; netobj->net_mode.max_packet_size = PKTSIZE; @@ -973,20 +1237,31 @@ efi_status_t efi_net_register(void) netobj->pxe.set_station_ip = efi_pxe_base_code_set_station_ip; netobj->pxe.set_packets = efi_pxe_base_code_set_packets; netobj->pxe.mode = &netobj->pxe_mode; - if (dhcp_ack) - netobj->pxe_mode.dhcp_ack = *dhcp_ack; + + /* + * Scan dhcp entries for one corresponding + * to this udevice, from newest to oldest + */ + i = (next_dhcp_entry + MAX_NUM_DHCP_ENTRIES - 1) % MAX_NUM_DHCP_ENTRIES; + for (j = 0; dhcp_cache[i].is_valid && j < MAX_NUM_DHCP_ENTRIES; + i = (i + MAX_NUM_DHCP_ENTRIES - 1) % MAX_NUM_DHCP_ENTRIES, j++) { + if (dev == dhcp_cache[i].dev) { + netobj->pxe_mode.dhcp_ack = *dhcp_cache[i].dhcp_ack; + break; + } + } /* * Create WaitForPacket event. */ r = efi_create_event(EVT_NOTIFY_WAIT, TPL_CALLBACK, efi_network_timer_notify, NULL, NULL, - &wait_for_packet); + &netobj->wait_for_packet); if (r != EFI_SUCCESS) { printf("ERROR: Failed to register network event\n"); return r; } - netobj->net.wait_for_packet = wait_for_packet; + netobj->net.wait_for_packet = netobj->wait_for_packet; /* * Create a timer event. * @@ -997,13 +1272,13 @@ efi_status_t efi_net_register(void) */ r = efi_create_event(EVT_TIMER | EVT_NOTIFY_SIGNAL, TPL_NOTIFY, efi_network_timer_notify, &netobj->net, NULL, - &network_timer_event); + &netobj->network_timer_event); if (r != EFI_SUCCESS) { printf("ERROR: Failed to register network event\n"); return r; } /* Network is time critical, create event in every timer cycle */ - r = efi_set_timer(network_timer_event, EFI_TIMER_PERIODIC, 0); + r = efi_set_timer(netobj->network_timer_event, EFI_TIMER_PERIODIC, 0); if (r != EFI_SUCCESS) { printf("ERROR: Failed to set network timer\n"); return r; @@ -1019,15 +1294,9 @@ efi_status_t efi_net_register(void) r = efi_http_register(&netobj->header, &netobj->http_service_binding); if (r != EFI_SUCCESS) goto failure_to_add_protocol; - /* - * No harm on doing the following. If the PXE handle is present, the client could - * find it and try to get its IP address from it. In here the PXE handle is present - * but the PXE protocol is not yet implmenented, so we add this in the meantime. - */ - efi_net_get_addr((struct efi_ipv4_address *)&netobj->pxe_mode.station_ip, - (struct efi_ipv4_address *)&netobj->pxe_mode.subnet_mask, NULL); #endif - + netobj->efi_seq_num = seq_num; + net_objs[seq_num] = netobj; return EFI_SUCCESS; failure_to_add_protocol: printf("ERROR: Failure to add protocol\n"); @@ -1046,46 +1315,103 @@ out_of_resources: } /** - * efi_net_set_dp() - set device path of efi net device + * efi_net_new_dp() - update device path associated to a net udevice * * This gets called to update the device path when a new boot * file is downloaded * * @dev: dev to set the device path from * @server: remote server address + * @udev: net udevice * Return: status code */ -efi_status_t efi_net_set_dp(const char *dev, const char *server) +efi_status_t efi_net_new_dp(const char *dev, const char *server, struct udevice *udev) { - efi_free_pool(net_dp); + efi_status_t ret; + struct efi_net_obj *netobj; + struct efi_device_path *old_net_dp, *new_net_dp; + struct efi_device_path **dp; + int i; + + dp = &dp_cache[next_dp_entry].net_dp; - net_dp = NULL; + dp_cache[next_dp_entry].dev = udev; + dp_cache[next_dp_entry].is_valid = true; + next_dp_entry++; + next_dp_entry %= MAX_NUM_DP_ENTRIES; + + old_net_dp = *dp; + new_net_dp = NULL; if (!strcmp(dev, "Net")) - net_dp = efi_dp_from_eth(); + new_net_dp = efi_dp_from_eth(udev); else if (!strcmp(dev, "Http")) - net_dp = efi_dp_from_http(server); + new_net_dp = efi_dp_from_http(server, udev); + if (!new_net_dp) + return EFI_OUT_OF_RESOURCES; - if (!net_dp) + *dp = new_net_dp; + // Free the old cache entry + efi_free_pool(old_net_dp); + + netobj = NULL; + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && net_objs[i]->dev == udev) { + netobj = net_objs[i]; + break; + } + } + if (!netobj) + return EFI_SUCCESS; + + new_net_dp = efi_dp_dup(*dp); + if (!new_net_dp) return EFI_OUT_OF_RESOURCES; + ret = efi_netobj_set_dp(netobj, new_net_dp); + if (ret != EFI_SUCCESS) + efi_free_pool(new_net_dp); - return EFI_SUCCESS; + return ret; } /** - * efi_net_get_dp() - get device path of efi net device + * efi_net_dp_from_dev() - get device path associated to a net udevice * * Produce a copy of the current device path * - * @dp: copy of the current device path, or NULL on error + * @dp: copy of the current device path + * @udev: net udevice + * @cache_only: get device path from cache only */ -void efi_net_get_dp(struct efi_device_path **dp) +void efi_net_dp_from_dev(struct efi_device_path **dp, struct udevice *udev, bool cache_only) { + int i, j; + if (!dp) return; - if (!net_dp) - efi_net_set_dp("Net", NULL); - if (net_dp) - *dp = efi_dp_dup(net_dp); + + *dp = NULL; + + if (cache_only) + goto cache; + + // If a netobj matches: + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && net_objs[i]->dev == udev) { + *dp = efi_netobj_get_dp(net_objs[i]); + if (*dp) + return; + } + } +cache: + // Search in the cache + i = (next_dp_entry + MAX_NUM_DP_ENTRIES - 1) % MAX_NUM_DP_ENTRIES; + for (j = 0; dp_cache[i].is_valid && j < MAX_NUM_DP_ENTRIES; + i = (i + MAX_NUM_DP_ENTRIES - 1) % MAX_NUM_DP_ENTRIES, j++) { + if (dp_cache[i].dev == udev) { + *dp = efi_dp_dup(dp_cache[i].net_dp); + return; + } + } } /** @@ -1101,11 +1427,15 @@ void efi_net_get_dp(struct efi_device_path **dp) * be filled with the current network mask * @gw: pointer to an efi_ipv4_address struct to be * filled with the current network gateway + * @dev: udevice */ void efi_net_get_addr(struct efi_ipv4_address *ip, struct efi_ipv4_address *mask, - struct efi_ipv4_address *gw) + struct efi_ipv4_address *gw, + struct udevice *dev) { + if (!dev) + dev = eth_get_dev(); #ifdef CONFIG_NET_LWIP char ipstr[] = "ipaddr\0\0"; char maskstr[] = "netmask\0\0"; @@ -1114,7 +1444,7 @@ void efi_net_get_addr(struct efi_ipv4_address *ip, struct in_addr tmp; char *env; - idx = dev_seq(eth_get_dev()); + idx = dev_seq(dev); if (idx < 0 || idx > 99) { log_err("unexpected idx %d\n", idx); @@ -1161,11 +1491,15 @@ void efi_net_get_addr(struct efi_ipv4_address *ip, * @ip: pointer to new IP address * @mask: pointer to new network mask to set * @gw: pointer to new network gateway + * @dev: udevice */ void efi_net_set_addr(struct efi_ipv4_address *ip, struct efi_ipv4_address *mask, - struct efi_ipv4_address *gw) + struct efi_ipv4_address *gw, + struct udevice *dev) { + if (!dev) + dev = eth_get_dev(); #ifdef CONFIG_NET_LWIP char ipstr[] = "ipaddr\0\0"; char maskstr[] = "netmask\0\0"; @@ -1174,7 +1508,7 @@ void efi_net_set_addr(struct efi_ipv4_address *ip, struct in_addr *addr; char tmp[46]; - idx = dev_seq(eth_get_dev()); + idx = dev_seq(dev); if (idx < 0 || idx > 99) { log_err("unexpected idx %d\n", idx); @@ -1212,6 +1546,7 @@ void efi_net_set_addr(struct efi_ipv4_address *ip, #endif } +#if IS_ENABLED(CONFIG_EFI_HTTP_PROTOCOL) /** * efi_net_set_buffer() - allocate a buffer of min 64K * @@ -1299,26 +1634,41 @@ void efi_net_parse_headers(ulong *num_headers, struct http_header *headers) * @status_code: HTTP status code * @file_size: file size in bytes * @headers_buffer: headers buffer + * @parent: service binding protocol * Return: status code */ efi_status_t efi_net_do_request(u8 *url, enum efi_http_method method, void **buffer, - u32 *status_code, ulong *file_size, char *headers_buffer) + u32 *status_code, ulong *file_size, char *headers_buffer, + struct efi_service_binding_protocol *parent) { efi_status_t ret = EFI_SUCCESS; int wget_ret; static bool last_head; + struct udevice *dev; + int i; - if (!buffer || !file_size) + if (!buffer || !file_size || !parent) return EFI_ABORTED; efi_wget_info.method = (enum wget_http_method)method; efi_wget_info.headers = headers_buffer; + // Set corresponding udevice + dev = NULL; + for (i = 0; i < MAX_EFI_NET_OBJS; i++) { + if (net_objs[i] && &net_objs[i]->http_service_binding == parent) + dev = net_objs[i]->dev; + } + if (!dev) + return EFI_ABORTED; + switch (method) { case HTTP_METHOD_GET: ret = efi_net_set_buffer(buffer, last_head ? (size_t)efi_wget_info.hdr_cont_len : 0); if (ret != EFI_SUCCESS) goto out; + eth_set_dev(dev); + env_set("ethact", eth_get_name()); wget_ret = wget_request((ulong)*buffer, url, &efi_wget_info); if ((ulong)efi_wget_info.hdr_cont_len > efi_wget_info.buffer_size) { // Try again with updated buffer size @@ -1326,6 +1676,8 @@ efi_status_t efi_net_do_request(u8 *url, enum efi_http_method method, void **buf ret = efi_net_set_buffer(buffer, (size_t)efi_wget_info.hdr_cont_len); if (ret != EFI_SUCCESS) goto out; + eth_set_dev(dev); + env_set("ethact", eth_get_name()); if (wget_request((ulong)*buffer, url, &efi_wget_info)) { efi_free_pool(*buffer); ret = EFI_DEVICE_ERROR; @@ -1345,6 +1697,8 @@ efi_status_t efi_net_do_request(u8 *url, enum efi_http_method method, void **buf ret = efi_net_set_buffer(buffer, 0); if (ret != EFI_SUCCESS) goto out; + eth_set_dev(dev); + env_set("ethact", eth_get_name()); wget_request((ulong)*buffer, url, &efi_wget_info); *file_size = 0; *status_code = efi_wget_info.status_code; @@ -1358,3 +1712,4 @@ efi_status_t efi_net_do_request(u8 *url, enum efi_http_method method, void **buf out: return ret; } +#endif diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index aa59bc7779d..48f91da5df7 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -11,7 +11,9 @@ #include <efi_variable.h> #include <log.h> #include <asm-generic/unaligned.h> +#include <net.h> +#define OBJ_LIST_INITIALIZED 0 #define OBJ_LIST_NOT_INITIALIZED 1 efi_status_t efi_obj_list_initialized = OBJ_LIST_NOT_INITIALIZED; @@ -209,6 +211,21 @@ out: } /** + * efi_start_obj_list() - Start EFI object list + * + * Return: status code + */ +static efi_status_t efi_start_obj_list(void) +{ + efi_status_t ret = EFI_SUCCESS; + + if (IS_ENABLED(CONFIG_NETDEVICES)) + ret = efi_net_do_start(eth_get_dev()); + + return ret; +} + +/** * efi_init_obj_list() - Initialize and populate EFI object list * * Return: status code @@ -217,7 +234,9 @@ efi_status_t efi_init_obj_list(void) { efi_status_t ret = EFI_SUCCESS; - /* Initialize once only */ + /* Initialize only once, but start every time if correctly initialized*/ + if (efi_obj_list_initialized == OBJ_LIST_INITIALIZED) + return efi_start_obj_list(); if (efi_obj_list_initialized != OBJ_LIST_NOT_INITIALIZED) return efi_obj_list_initialized; @@ -318,7 +337,7 @@ efi_status_t efi_init_obj_list(void) goto out; } if (IS_ENABLED(CONFIG_NETDEVICES)) { - ret = efi_net_register(); + ret = efi_net_register(eth_get_dev()); if (ret != EFI_SUCCESS) goto out; } @@ -349,6 +368,10 @@ efi_status_t efi_init_obj_list(void) if (IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK) && !IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK_EARLY)) ret = efi_launch_capsules(); + if (ret != EFI_SUCCESS) + goto out; + + ret = efi_start_obj_list(); out: efi_obj_list_initialized = ret; return ret; diff --git a/lib/efi_selftest/efi_selftest_snp.c b/lib/efi_selftest/efi_selftest_snp.c index 15af8d3e18c..b00c76c2f17 100644 --- a/lib/efi_selftest/efi_selftest_snp.c +++ b/lib/efi_selftest/efi_selftest_snp.c @@ -67,7 +67,6 @@ struct dhcp { static struct efi_boot_services *boottime; static struct efi_simple_network *net; static struct efi_event *timer; -static const efi_guid_t efi_net_guid = EFI_SIMPLE_NETWORK_PROTOCOL_GUID; /* IP packet ID */ static unsigned int net_ip_id; diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c index 46421588fef..ef51a5ac168 100644 --- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c +++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c @@ -298,6 +298,9 @@ altcp_mbedtls_lower_recv_process(struct altcp_pcb *conn, altcp_mbedtls_state_t * if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_handshake failed: %d\n", ret)); /* handshake failed, connection has to be closed */ + if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { + printf("Certificate verification failed\n"); + } if (conn->err) { conn->err(conn->arg, ERR_CLSD); } @@ -786,6 +789,7 @@ altcp_tls_create_config(int is_server, u8_t cert_count, u8_t pkey_count, int hav int ret; struct altcp_tls_config *conf; mbedtls_x509_crt *mem; + int authmode = have_ca ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; if (TCP_WND < MBEDTLS_SSL_IN_CONTENT_LEN || TCP_WND < MBEDTLS_SSL_OUT_CONTENT_LEN) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG|LWIP_DBG_LEVEL_SERIOUS, @@ -840,7 +844,10 @@ altcp_tls_create_config(int is_server, u8_t cert_count, u8_t pkey_count, int hav altcp_mbedtls_free_config(conf); return NULL; } - mbedtls_ssl_conf_authmode(&conf->conf, ALTCP_MBEDTLS_AUTHMODE); + if (authmode == MBEDTLS_SSL_VERIFY_NONE) { + printf("WARNING: no CA certificates, HTTPS connections not authenticated\n"); + } + mbedtls_ssl_conf_authmode(&conf->conf, authmode); mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg); #if ALTCP_MBEDTLS_LIB_DEBUG != LWIP_DBG_OFF diff --git a/lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h b/lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h index e41301c061c..71aa5993935 100644 --- a/lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h +++ b/lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h @@ -100,12 +100,6 @@ #define ALTCP_MBEDTLS_SESSION_TICKET_TIMEOUT_SECONDS (60 * 60 * 24) #endif -/** Certificate verification mode: MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL (default), - * MBEDTLS_SSL_VERIFY_REQUIRED (recommended)*/ -#ifndef ALTCP_MBEDTLS_AUTHMODE -#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_OPTIONAL -#endif - #endif /* LWIP_ALTCP */ #endif /* LWIP_HDR_ALTCP_TLS_OPTS_H */ diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 35d8c507a89..789721ee6cd 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -1,57 +1,54 @@ +# For U-Boot Proper + choice - prompt "Select crypto libraries" - default LEGACY_CRYPTO + prompt "Crypto libraries (U-Boot Proper)" + default LEGACY_HASHING_AND_CRYPTO help Select crypto libraries. - LEGACY_CRYPTO for legacy crypto libraries, + LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, MBEDTLS_LIB for MbedTLS libraries. -config LEGACY_CRYPTO +config LEGACY_HASHING_AND_CRYPTO bool "legacy crypto libraries" - select LEGACY_CRYPTO_BASIC - select LEGACY_CRYPTO_CERT + select LEGACY_HASHING + select LEGACY_CRYPTO config MBEDTLS_LIB bool "MbedTLS libraries" select MBEDTLS_LIB_X509 endchoice -if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT +if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT -config LEGACY_CRYPTO_BASIC - bool "legacy basic crypto libraries" +config LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries" select MD5_LEGACY if MD5 select SHA1_LEGACY if SHA1 select SHA256_LEGACY if SHA256 select SHA512_LEGACY if SHA512 select SHA384_LEGACY if SHA384 - select SPL_MD5_LEGACY if SPL_MD5 - select SPL_SHA1_LEGACY if SPL_SHA1 - select SPL_SHA256_LEGACY if SPL_SHA256 - select SPL_SHA512_LEGACY if SPL_SHA512 - select SPL_SHA384_LEGACY if SPL_SHA384 help - Enable legacy basic crypto libraries. + Enable U-Boot legacy hashing libraries. -if LEGACY_CRYPTO_BASIC +if LEGACY_HASHING config SHA1_LEGACY bool "Enable SHA1 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA1 + depends on LEGACY_HASHING && SHA1 help This option enables support of hashing using SHA1 algorithm with legacy crypto library. config SHA256_LEGACY bool "Enable SHA256 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA256 + depends on LEGACY_HASHING && SHA256 help This option enables support of hashing using SHA256 algorithm with legacy crypto library. config SHA512_LEGACY bool "Enable SHA512 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA512 + depends on LEGACY_HASHING && SHA512 default y if TI_SECURE_DEVICE && FIT_SIGNATURE help This option enables support of hashing using SHA512 algorithm @@ -59,7 +56,7 @@ config SHA512_LEGACY config SHA384_LEGACY bool "Enable SHA384 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA384 + depends on LEGACY_HASHING && SHA384 select SHA512_LEGACY help This option enables support of hashing using SHA384 algorithm @@ -67,95 +64,16 @@ config SHA384_LEGACY config MD5_LEGACY bool "Enable MD5 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && MD5 + depends on LEGACY_HASHING && MD5 help This option enables support of hashing using MD5 algorithm with legacy crypto library. -if SPL - -config SPL_SHA1_LEGACY - bool "Enable SHA1 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config SPL_SHA256_LEGACY - bool "Enable SHA256 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. +endif # LEGACY_HASHING -config SPL_SHA512_LEGACY - bool "Enable SHA512 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config SPL_SHA384_LEGACY - bool "Enable SHA384 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 - select SPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config SPL_MD5_LEGACY - bool "Enable MD5 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -endif # SPL - -if VPL - -config VPL_SHA1_LEGACY - bool "Enable SHA1 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config VPL_SHA256_LEGACY - bool "Enable SHA256 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. - -config VPL_SHA512_LEGACY - bool "Enable SHA512 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config VPL_SHA384_LEGACY - bool "Enable SHA384 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA384 - select VPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config VPL_MD5_LEGACY - bool "Enable MD5 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -endif # VPL - -endif # LEGACY_CRYPTO_BASIC - -config LEGACY_CRYPTO_CERT +config LEGACY_CRYPTO bool "legacy certificate libraries" + depends on LEGACY_HASHING_AND_CRYPTO select ASN1_DECODER_LEGACY if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -163,24 +81,20 @@ config LEGACY_CRYPTO_CERT select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER - select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER help Enable legacy certificate libraries. -if LEGACY_CRYPTO_CERT +if LEGACY_CRYPTO config ASN1_DECODER_LEGACY bool "ASN1 decoder with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASN1_DECODER + depends on LEGACY_CRYPTO && ASN1_DECODER help This option chooses legacy certificate library for ASN1 decoder. config ASYMMETRIC_PUBLIC_KEY_LEGACY bool "Asymmetric public key crypto with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE + depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses legacy certificate library for asymmetric public key crypto algorithm. @@ -211,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY config MSCODE_PARSER_LEGACY bool "MS authenticode parser with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER + depends on LEGACY_CRYPTO && MSCODE_PARSER select ASN1_DECODER_LEGACY help This option chooses legacy certificate library for MS authenticode parser. -if SPL - -config SPL_ASN1_DECODER_LEGACY - bool "ASN1 decoder with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER - help - This option chooses legacy certificate library for ASN1 decoder in - SPL. - -config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - bool "Asymmetric public key crypto with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - help - This option chooses legacy certificate library for asymmetric public - key crypto algorithm in SPL. - -config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY - bool "RSA public key parser with legacy certificate library in SPL" - depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - select SPL_ASN1_DECODER_LEGACY - help - This option chooses legacy certificate library for RSA public key - parser in SPL. - -endif # SPL - -endif # LEGACY_CRYPTO_CERT - endif # LEGACY_CRYPTO +endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT + if MBEDTLS_LIB -config MBEDTLS_LIB_CRYPTO_ALT - bool "MbedTLS crypto alternatives" +config MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries" depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO - select LEGACY_CRYPTO_BASIC + select LEGACY_HASHING default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO help - Enable MbedTLS crypto alternatives. + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. Mutually incompatible with MBEDTLS_LIB_CRYPTO. config MBEDTLS_LIB_CRYPTO - bool "MbedTLS crypto libraries" + bool "Use MbedTLS native crypto libraries for hashing" + default y if MBEDTLS_LIB select MD5_MBEDTLS if MD5 select SHA1_MBEDTLS if SHA1 select SHA256_MBEDTLS if SHA256 select SHA512_MBEDTLS if SHA512 select SHA384_MBEDTLS if SHA384 - select SPL_MD5_MBEDTLS if SPL_MD5 - select SPL_SHA1_MBEDTLS if SPL_SHA1 - select SPL_SHA256_MBEDTLS if SPL_SHA256 - select SPL_SHA512_MBEDTLS if SPL_SHA512 - select SPL_SHA384_MBEDTLS if SPL_SHA384 help - Enable MbedTLS crypto libraries. - Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT. + Enable MbedTLS native crypto libraries. + Mutually incompatible with MBEDTLS_LIB_HASHING_ALT. if MBEDTLS_LIB_CRYPTO @@ -344,53 +231,6 @@ config HKDF_MBEDTLS This option enables support of key derivation using HKDF algorithm with MbedTLS crypto library. -if SPL - -config SPL_SHA1_MBEDTLS - bool "Enable SHA1 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with MbedTLS crypto library. - -config SPL_SHA256_MBEDTLS - bool "Enable SHA256 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with MbedTLS crypto library. - -config SPL_SHA512_MBEDTLS - bool "Enable SHA512 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with MbedTLS crypto library. - -config SPL_SHA384_MBEDTLS - bool "Enable SHA384 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384 - select SPL_SHA512 - help - This option enables support of hashing using SHA384 algorithm - with MbedTLS crypto library. - -config SPL_MD5_MBEDTLS - bool "Enable MD5 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with MbedTLS crypto library. - -config SPL_HKDF_MBEDTLS - bool "Enable HKDF support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO - help - This option enables support of key derivation using HKDF algorithm - with MbedTLS crypto library. - -endif # SPL - endif # MBEDTLS_LIB_CRYPTO config MBEDTLS_LIB_X509 @@ -402,10 +242,6 @@ config MBEDTLS_LIB_X509 select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER - select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER help Enable MbedTLS certificate libraries. @@ -456,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for MS authenticode parser. +endif # MBEDTLS_LIB_X509 + +config MBEDTLS_LIB_TLS + bool "MbedTLS TLS library" + depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on X509_CERTIFICATE_PARSER_MBEDTLS + depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on ASN1_DECODER_MBEDTLS + depends on MBEDTLS_LIB + help + Enable MbedTLS TLS library. Required for HTTPs support + in wget + +endif # MBEDTLS_LIB + +# For SPL + if SPL +choice + prompt "Crypto libraries (SPL)" + default SPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in SPL. + SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + SPL_MBEDTLS_LIB for MbedTLS libraries. + +config SPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select SPL_LEGACY_HASHING + select SPL_LEGACY_CRYPTO + +config SPL_MBEDTLS_LIB + bool "MbedTLS libraries" + select SPL_MBEDTLS_LIB_X509 +endchoice + +if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +config SPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (SPL)" + select SPL_MD5_LEGACY if SPL_MD5 + select SPL_SHA1_LEGACY if SPL_SHA1 + select SPL_SHA256_LEGACY if SPL_SHA256 + select SPL_SHA512_LEGACY if SPL_SHA512 + select SPL_SHA384_LEGACY if SPL_SHA384 + help + Enable U-Boot legacy hashing libraries in SPL. + +if SPL_LEGACY_HASHING + +config SPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in SPL. + +config SPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in SPL. + +config SPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in SPL. + +config SPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA384 + select SPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in SPL. + +config SPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in SPL. + +endif # SPL_LEGACY_HASHING + +config SPL_LEGACY_CRYPTO + bool "legacy certificate libraries (SPL)" + depends on SPL_LEGACY_HASHING_AND_CRYPTO + select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable legacy certificate libraries in SPL. + +if SPL_LEGACY_CRYPTO + +config SPL_ASN1_DECODER_LEGACY + bool "ASN1 decoder with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER + help + This option chooses legacy certificate library for ASN1 decoder in + SPL. + +config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + bool "Asymmetric public key crypto with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option chooses legacy certificate library for asymmetric public + key crypto algorithm in SPL. + +config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY + bool "RSA public key parser with legacy certificate library (SPL)" + depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + select SPL_ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for RSA public key + parser in SPL. + +endif # SPL_LEGACY_CRYPTO + +endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +if SPL_MBEDTLS_LIB + +config SPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)" + depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + select SPL_LEGACY_HASHING + default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in SPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO. + +config SPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (SPL)" + default y if SPL_MBEDTLS_LIB + select SPL_MD5_MBEDTLS if SPL_MD5 + select SPL_SHA1_MBEDTLS if SPL_SHA1 + select SPL_SHA256_MBEDTLS if SPL_SHA256 + select SPL_SHA512_MBEDTLS if SPL_SHA512 + select SPL_SHA384_MBEDTLS if SPL_SHA384 + help + Enable MbedTLS native crypto libraries in SPL. + +if SPL_MBEDTLS_LIB_CRYPTO + +config SPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384 + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in SPL. + +config SPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in SPL. + +config SPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in SPL. + +endif # SPL_MBEDTLS_LIB_CRYPTO + +config SPL_MBEDTLS_LIB_X509 + bool "MbedTLS certificate libraries (SPL)" + select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable MbedTLS certificate libraries in SPL. + +if SPL_MBEDTLS_LIB_X509 + config SPL_ASN1_DECODER_MBEDTLS - bool "ASN1 decoder with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER + bool "ASN1 decoder with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER help This option chooses MbedTLS certificate library for ASN1 decoder in SPL. config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS - bool "Asymmetric public key crypto with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm in SPL. config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS - bool "RSA public key parser with MbedTLS certificate library in SPL" + bool "RSA public key parser with MbedTLS certificate library (SPL)" depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS select SPL_ASN1_DECODER_MBEDTLS help This option chooses MbedTLS certificate library for RSA public key parser in SPL. +endif # SPL_MBEDTLS_LIB_X509 + +config SPL_MBEDTLS_LIB_TLS + bool "MbedTLS TLS library (SPL)" + depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS + depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on SPL_ASN1_DECODER_MBEDTLS + depends on SPL_MBEDTLS_LIB + help + Enable MbedTLS TLS library in SPL. Required for HTTPs support + in wget + +endif # SPL_MBEDTLS_LIB + endif # SPL -endif # MBEDTLS_LIB_X509 +# For TPL -config MBEDTLS_LIB_TLS - bool "MbedTLS TLS library" - depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS - depends on X509_CERTIFICATE_PARSER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on ASN1_DECODER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on MBEDTLS_LIB_CRYPTO +if TPL + +choice + prompt "Crypto libraries (TPL)" + default TPL_LEGACY_HASHING_AND_CRYPTO help - Enable MbedTLS TLS library. Required for HTTPs support - in wget + Select crypto libraries in TPL. + TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + TPL_MBEDTLS_LIB for MbedTLS libraries. -endif # MBEDTLS_LIB +config TPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select TPL_LEGACY_HASHING + select TPL_LEGACY_CRYPTO + +config TPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +config TPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (TPL)" + select TPL_MD5_LEGACY if TPL_MD5 + select TPL_SHA1_LEGACY if TPL_SHA1 + select TPL_SHA256_LEGACY if TPL_SHA256 + select TPL_SHA512_LEGACY if TPL_SHA512 + select TPL_SHA384_LEGACY if TPL_SHA384 + help + Enable U-Boot legacy hashing libraries in TPL. + +if TPL_LEGACY_HASHING + +config TPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in TPL. + +config TPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in TPL. + +config TPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in TPL. + +config TPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA384 + select TPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in TPL. + +config TPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in TPL. + +endif # TPL_LEGACY_HASHING + +endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +if TPL_MBEDTLS_LIB + +config TPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)" + depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + select TPL_LEGACY_HASHING + default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in TPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO. + +config TPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (TPL)" + default y if TPL_MBEDTLS_LIB + select TPL_MD5_MBEDTLS if TPL_MD5 + select TPL_SHA1_MBEDTLS if TPL_SHA1 + select TPL_SHA256_MBEDTLS if TPL_SHA256 + select TPL_SHA512_MBEDTLS if TPL_SHA512 + select TPL_SHA384_MBEDTLS if TPL_SHA384 + help + Enable MbedTLS native crypto libraries in TPL. + +if TPL_MBEDTLS_LIB_CRYPTO + +config TPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384 + select TPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in TPL. + +config TPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in TPL. + +config TPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in TPL. + +endif # TPL_MBEDTLS_LIB_CRYPTO + +endif # TPL_MBEDTLS_LIB + +endif # TPL + +# For VPL + +if VPL + +choice + prompt "Crypto libraries (VPL)" + default VPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in VPL. + VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + VPL_MBEDTLS_LIB for MbedTLS libraries. + +config VPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select VPL_LEGACY_HASHING + +config VPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +config VPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (VPL)" + select VPL_MD5_LEGACY if VPL_MD5 + select VPL_SHA1_LEGACY if VPL_SHA1 + select VPL_SHA256_LEGACY if VPL_SHA256 + select VPL_SHA512_LEGACY if VPL_SHA512 + select VPL_SHA384_LEGACY if VPL_SHA384 + help + Enable U-Boot legacy hashing libraries in VPL. + +if VPL_LEGACY_HASHING + +config VPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in VPL. + +config VPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in VPL. + +config VPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in VPL. + +config VPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA384 + select VPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in VPL. + +config VPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in VPL. + +endif # VPL_LEGACY_HASHING + +endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +if VPL_MBEDTLS_LIB + +config VPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)" + depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + select VPL_LEGACY_HASHING + default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in VPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO. + +config VPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (VPL)" + default y if VPL_MBEDTLS_LIB + select VPL_MD5_MBEDTLS if VPL_MD5 + select VPL_SHA1_MBEDTLS if VPL_SHA1 + select VPL_SHA256_MBEDTLS if VPL_SHA256 + select VPL_SHA512_MBEDTLS if VPL_SHA512 + select VPL_SHA384_MBEDTLS if VPL_SHA384 + help + Enable MbedTLS native crypto libraries in VPL. + +if VPL_MBEDTLS_LIB_CRYPTO + +config VPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384 + select VPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in VPL. + +config VPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in VPL. + +config VPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in VPL. + +endif # VPL_MBEDTLS_LIB_CRYPTO + +endif # VPL_MBEDTLS_LIB + +endif # VPL diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index e66c2018d97..4bbe7ceec45 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -6,60 +6,60 @@ MBEDTLS_LIB_DIR = external/mbedtls/library # shim layer for hash -obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o -obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o -obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o -obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o +obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o +obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o +obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o +obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o # x509 libraries -obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ public_key.o -obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o -obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o -obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o +obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o +obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o +obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o # MbedTLS crypto library -obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y := \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o # MbedTLS X509 library -obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/bignum.o \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/x509_crl.o \ $(MBEDTLS_LIB_DIR)/x509_crt.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs7.o #mbedTLS TLS support -obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o mbedtls_lib_tls-y := \ $(MBEDTLS_LIB_DIR)/mps_reader.o \ $(MBEDTLS_LIB_DIR)/mps_trace.o \ diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index fd440c392f9..dda3f4dd6e4 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -11,12 +11,12 @@ * Author: Raymond Mao <raymond.mao@linaro.org> */ -#if defined CONFIG_MBEDTLS_LIB +#if CONFIG_IS_ENABLED(MBEDTLS_LIB) #if CONFIG_IS_ENABLED(MD5) #define MBEDTLS_MD_C #define MBEDTLS_MD5_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_MD5_ALT #endif #endif @@ -24,7 +24,7 @@ #if CONFIG_IS_ENABLED(SHA1) #define MBEDTLS_MD_C #define MBEDTLS_SHA1_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA1_ALT #endif #endif @@ -32,7 +32,7 @@ #if CONFIG_IS_ENABLED(SHA256) #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA256_ALT #endif #if CONFIG_IS_ENABLED(SHA256_SMALLER) @@ -48,7 +48,7 @@ #if CONFIG_IS_ENABLED(SHA512) #define MBEDTLS_MD_C #define MBEDTLS_SHA512_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA512_ALT #endif #if CONFIG_IS_ENABLED(SHA512_SMALLER) @@ -60,7 +60,7 @@ #define MBEDTLS_HKDF_C #endif -#if defined CONFIG_MBEDTLS_LIB_X509 +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_X509_USE_C @@ -89,9 +89,9 @@ #define MBEDTLS_ASN1_WRITE_C #endif -#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ -#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS) +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) #include "rtc.h" /* Generic options */ @@ -106,25 +106,36 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_SSL_PROTO_TLS1_2 +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_SSL_SERVER_NAME_INDICATION +#endif #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /* RSA */ +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \ + CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER) #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#endif #define MBEDTLS_GCM_C /* ECDSA */ +#if CONFIG_IS_ENABLED(ASN1_DECODER) #define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C #define MBEDTLS_ECDH_C +#endif #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + #define MBEDTLS_CAN_ECDH #define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_ECP_C +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#endif + #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED @@ -138,6 +149,6 @@ #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */ -#endif /* #if defined CONFIG_MBEDTLS_LIB */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */ diff --git a/lib/mbedtls/port/mbedtls_options.h b/lib/mbedtls/port/mbedtls_options.h new file mode 100644 index 00000000000..885ed6990b6 --- /dev/null +++ b/lib/mbedtls/port/mbedtls_options.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Internal build options for MbedTLS + * + * Copyright (c) 2025 Linaro Limited + * Author: Raymond Mao <raymond.mao@linaro.org> + */ + +#ifndef _MBEDTLS_OPT_H +#define _MBEDTLS_OPT_H + +/* + * FIXME: + * U-Boot/MbedTLS port requires to access a few of members which are defined + * as private in MbedTLS context. + * E.g: x509_internal.h, mbedtls_sha256_context and mbedtls_sha1_context. + * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external + * access, but directly including <external/mbedtls/library/common.h> is not + * allowed, since this will include <malloc.h> and break the sandbox test. + */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#endif /* _MBEDTLS_OPT_H */ |