| Age | Commit message (Collapse) | Author |
|---|
|
With TPM2 we don't actually lock the TPM once verified boot is finished.
Instead we disable the platform hierarchy which serves the same purpose.
Add an implementation of this so we can safely boot into the kernel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Implement this API function for TPM2.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Implement this API function for TPM2.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add support for this so that the TPM can be set up for use with
Chromium OS verified boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Update tpm2_clear() and tpm2_pcr_extend() so that the command size
is not repeated twice. Add a small comment to the latter.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add support for TPMv2 versions of API functions. So far this is not
complete as the standard is quite large, but it implements everything
currently available for TPMv2 in U-Boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Take over the plain 'tpm_...' functions for use by the new TPM API. Rename
all the TPMv1 functions so they are called from the API.
Update the TPMv1 functions so that they are called from the API. Change
existing users to use the tpm1_ prefix so they don't need to go through
the API, which might introduce uncertainty.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
There are two different TPM standards. U-Boot supports both but each has
its own set of functions. We really need a single TPM API that can call
one or the other. This is not always possible as there are some
differences between the two standards, but it is mostly possible.
Add an API to handle this. So far it is not plumbed into the build and
only supports TPMv1.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The response is shown but not the request. Update the code to show both
if debugging is enabled.
Use a 'uint' type for size so it matches the register-word size on both
32- and 64-bit machines.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
VenHw and VenMedia device path nodes may carry vendor defined data of
arbitrary length. When converting a device path node to text ensure that we
do not overrun our internal buffer.
In our implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() we could first
determine the output length and then allocate buffers but that would nearly
double the code size. Therefore keep the preallocated buffers and truncate
excessive device paths instead.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The UEFI spec does not allow ACPI tables to be in runtime services memory.
It recommends EfiACPIReclaimMemory.
Remove a superfluous check that the allocated pages are 16 byte aligned.
EFI pages are 4 KiB aligned.
Fixes: 86df34d42b05 ("efi_loader: Install ACPI configuration tables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Include "compiler.h" in sha512.c. This is needed by 'cpu_to_be64' macro
that used in 'sha512_base_do_finalize' function.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Currently we fail silently if there is an algorithm mismatch. To help
distinguish this failure condition.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
|
|
Our current implementation of
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() truncates multi
part device paths after the first part. We should convert all parts.
Render device path instance ends as commas. This is not explicitly
described in the UEFI spec but mimics what EDK II does.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Test EFI_DEVICE_PATH_TO_TEXT_PROTOCOL.ConvertDevicePathToText() for a multi
part device path.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Fix a typo. Apply the correct compiler flags to dtbdump.o.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The last block is of size media->block_size
Signed-off-by: Jesper Schmitz Mouridsen <jesper@schmitz.computer>
Simplify expression.
Apply same change to efi_disk_write_blocks().
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
- Merge the patch to take <asm/global_data.h> out of <common.h>
|
|
On Rockchip platforms we need this area of code in TPL, but there is no
TPL_SEPARATE_BSS symbol.
This reverts commit 0a2aaab0b678fd1778ff2fc59d0770fc82995532.
Reported-by: Markus Reichl <m.reichl@fivetechno.de>
Reported-by: Jesper Schmitz Mouridsen <jesper@schmitz.computer>
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
fix get_last_capsule() leads to writes beyond the stack allocated buffer.
This was indicated when enabling the stack protector.
utf16_utf8_strcpy() only stops copying when reaching '\0'. The current
invocation always writes beyond the end of value[].
The output length of utf16_utf8_strcpy() may be longer than the number of
UTF-16 tokens. E.g has "CapsuleКиев" has 11 UTF-16 tokens but 15 UTF-8
tokens. Hence, using utf16_utf8_strcpy() without checking the input may
lead to further writes beyond value[].
The current invocation of strict_strtoul() reads beyond the end of value[].
A non-hexadecimal value after "Capsule" (e.g. "CapsuleZZZZ") must result in
an error. We cat catch this by checking the return value of strict_strtoul().
A value that is too short after "Capsule" (e.g. "Capsule0") must result in
an error. We must check the string length of value[].
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
'.' and '..' are directories. So when looking for capsule files it is
sufficient to check that the attribute EFI_FILE_DIRECTORY is not set. We
don't have to check for these special names.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
PE section table entries' SizeOfRawData must be a multiple of
FileAlignment, and thus may be rounded up and larger than their
VirtualSize.
We should not load beyond the VirtualSize, which is "the total size of
the section when loaded into memory" -- we may clobber real data at the
target in some other section, since we load sections in reverse order
and sections are usually laid out sequentially.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
While static configuration is useful it cannot cover every case. Sometimes
board revisions are encoded in resistor straps and must be read at
runtime.
The easiest way to provide this information is via sysinfo, since the
board can then provide a driver to read whatever is needed.
Add some standard sysinfo options for this, and use them to obtain the
required information.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
At present the version string is obtained from PLAIN_VERSION. Some boards
may want to configure this using the device tree, since the build system
can more easily insert things there after U-Boot itself is built. Add this
option to the code.
Also in some cases the version needs to be generated programmatically,
such as when it is stored elsewhere in the ROM and must be read first.
To handle this, keep a pointer around so that it can be updated later.
This works by storing the last string in the context, since it is easier
than passing out a little-used extra parameter.
Provide a function to update the version string.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Add a new member to the context struct which tracks the end of the string
table. This allows us to avoid recalculating this at the end.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
We can store this in the context and avoid passing it to each function.
This makes it easier to follow and will also allow keeping track of the
end of the string table (in future patches).
Add an 'eos' field to the context and create a function to set it up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
At present we pass the ofnode to each function. We also pass the 'eos'
pointer for adding new strings. We don't track the current end of the
string table, so have smbios_string_table_len() to find that.
The code can be made more efficient if it keeps information in a
context struct. This also makes it easier to add more features.
As a first step, switch the ofnode parameter to be a context pointer.
Update smbios_add_prop() at the same time to avoid changing the same
lines of code in consecutive patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
We may as well include the U-Boot release information in the type-0 table
since it is designed for that purpose.
U-Boot uses release versions based on the year and month. The year cannot
fit in a byte, so drop the century.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
This type is not used outside the smbios.c file so there is no need for it
to be in the header file. Move it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-04-rc2
Bug fixes:
* do not allow creating of files with filenames on FAT file system
* install UEFI System Partition GUID on ESP handle
* in dtbdump.efi test tool use GUID to find ESP handle
Documentation:
* man-page for load command
* describe end of life of plat_auto
|
|
The Load File2 protocol exposes a device path with a VenMedia() node. Hence
our implementation of the device path to text protocol should support this
node.
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
If dtbdump.efi is loaded from memory when calling LoadImage the loaded
image protocol will not indicate the partition from where it was loaded.
In this case use the EFI system partition for the 'load' and 'save'
commands.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
On the handle for the UEFI System Partition we must install the System
Partition GUID (with a NULL interface).
Let the efidebug command display the GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
In the implementation of the EFI_DT_FIXUP_PROTOCOL:
* Only check the buffer size when EFI_DT_APPLY_FIXUPS is set.
* In this case the field totalsize of the device-tree may not exceed the
buffer size.
* Install device-tree only if EFI_DT_INSTALL_TABLE is set.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
At present prior_stage_fdt_address is declared as phys_addr_t. On
a 32-bit platform where phys_addr_t can be 64-bit, assigning its
value to gd->fdt_blob which is a pointer, can cause warnings.
Cast it to uintptr_t before the assignment.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-dm
tpm fixes for coral
binman fixes support for symbols in sub-sections
support for additional cros_ec commands
various minor fixes / tweaks
|
|
Add some debugging to indicate which node the binman library is looking
at.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Some ARMv7 boards using PSCI require to be in secure-mode when booted via
'bootz' or 'bootm'. During distro-boot 'bootefi bootmgr' is called to check
if booting via UEFI is possible.
With the change we change the switch from secure mode to non-secure mode is
moved from the UEFI subsystem setup to just before calling StartImage().
Cc: Jernej Škrabec <jernej.skrabec@gmail.com>
Reported by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
If the field Media->IoAlign of the EFI block IO protocol is zero, no
alignment is required. Our code required 4 GiB alignment in this case.
Don't check buffer alignment if Media->IoAlign == 0.
Fixes: f59f0825e8b9 ("efi_loader: parameter checks BLOCK_IO_PROTOCOL")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The field Media->LastBlock of the EFI_BLOCK_IO_PROTOCOL must be filled
with the index of the last logical block (LBA) for the block device that
our test driver provides.
After calling ConnectController() U-Boot exposes the block IO protocol for
the partition check that the value of Media->LastBlock equals the partition
size minus one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Some images may have multiple copies of the same thing, e.g. two versions
of the read/write U-Boots. It is necessary to read data from one or other
of these under selection of the verified-boot logic. Add a function to
select the subnode to use.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this logic out of the main init function so it is available for
other purpose.
Use a different error when multiple-images is in use but no subnode is
available. This makes it easier to determine what is wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Unfortunately the toolchain often brings in the crc32 table even if the
function is not actually used. For now, exclude it from the TPL build,
which is very sensitive to size.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
At present this code uses a simple printf() format if running in SPL. But
SPL can use the full printf. Use USE_TINY_PRINTF instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This setting may be different in SPL and TPL. Update the code to check
the correct setting.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This includes information about sandbox which is not relevant for most
boards. Drop it.
Also add the address to help figure out the problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The field Media.LastBlock of the EFI_BLOCK_IO_PROTOCOL.Media was filled
incorrectly both for block devices as well as for partitions.
The field must be filled with the index of the last logical block (LBA):
* block devices: device size minus 1
* partitions: partition size minus 1
Reported-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
The UEFI specification requires event notification levels to be
> TPL_APPLICATION and <= TPL_HIGH_LEVEL.
With the patch the CreateEvent() and CreatedEventEx() services are changed
to check that the notification level is not TPL_APPLICATION.
Reference:
UEFI Specification 2.8 Errata B, table 27 "TPL Restrictions",
"Event Notification Levels"
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
