u-boot.git/lib/Makefile, branch master Unnamed repository; edit this file 'description' to name the repository. efi_loader: Work-around build issue due to missing hash_calculate() 2021-05-28T14:17:01+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-05-24T19:28:57+00:00 464010b0be09505aaf50ec208f996a6cf478a2dc The hash_calculate() symbol is provided by hash-checksum.c. It depends on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y. The issue is that hash_calculate() is used by the efi_loader, irregardless of CONFIG_FIT_SIGNATURE. As pointed out in commit 87316da05f2f ("lib: introduce HASH_CALCULATE option"), enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect. To resolve this, use CONFIG_HASH as the compile switch for hash-checksum.c. This ensures that all dependencies are compiled, and is the most natural Kconfig to use. There is the issue of having to 'select HASH' in a couple of places that already 'select SHA256'. This is a deeper problem with how hashes are organized, and fixing it is beyonf the scope of this change. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
The hash_calculate() symbol is provided by hash-checksum.c. It depends
on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y.

The issue is that hash_calculate() is used by the efi_loader,
irregardless of CONFIG_FIT_SIGNATURE. As pointed out in
commit 87316da05f2f ("lib: introduce HASH_CALCULATE option"),
enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect.

To resolve this, use CONFIG_HASH as the compile switch for
hash-checksum.c. This ensures that all dependencies are compiled, and
is the most natural Kconfig to use.

There is the issue of having to 'select HASH' in a couple of places
that already 'select SHA256'. This is a deeper problem with how hashes
are organized, and fixing it is beyonf the scope of this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Revert "lib: introduce HASH_CALCULATE option" 2021-05-28T14:17:01+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-05-24T19:28:56+00:00 ec0512b173bfe45bc6dc03dfcff40fec419239bb When we think of Kconfig, we usually think of features that we like to enable or not. Ideally, we wouldn't use Kconfig to fix a build issue, although sometimes it might make sense. With Kconfig it's hard to guarantee that the fix is universal. We can only say that it works for the set of tested configurations. In the majority of cases, it's preferable to let the linker figure things out for us. The reverted commit attempted to fix a build issue by adding an invisible Kconfig option. This is wrong in several ways: It invents a new Kconfig variable when CONFIG_HASH already exists for the same purpose. Second, hash-checksum.c makes use of the hash_progressive_lookup_algo() symbol, which is only provided with CONFIG_HASH, but this dependency was not expressed in the reverted patch. It feels like Kconfig is turning into a listing of all available source files, and a buffet to 'select' which ones to compile. The purpose of this revert is to enable the next change to make use of CONFIG_HASH instead of adding to Kconfig. This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.

The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:

It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.

It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.

This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
lib: introduce HASH_CALCULATE option 2021-05-18T10:36:13+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-05-13T14:48:08+00:00 87316da05f2fd49d3709275e64ef0c5980366ade Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled. Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
tpm: Switch TPMv1 over to use the new API 2021-03-02T20:53:37+00:00 Simon Glass sjg@chromium.org 2021-02-06T21:23:36+00:00 d6a885f0878043d572bfd85a423e4a6bb6073178 Take over the plain 'tpm_...' functions for use by the new TPM API. Rename all the TPMv1 functions so they are called from the API. Update the TPMv1 functions so that they are called from the API. Change existing users to use the tpm1_ prefix so they don't need to go through the API, which might introduce uncertainty. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Take over the plain 'tpm_...' functions for use by the new TPM API. Rename
all the TPMv1 functions so they are called from the API.

Update the TPMv1 functions so that they are called from the API. Change
existing users to use the tpm1_ prefix so they don't need to go through
the API, which might introduce uncertainty.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
crc32: Exclude crc32 from TPL 2021-01-27T22:03:16+00:00 Simon Glass sjg@chromium.org 2021-01-14T03:29:55+00:00 ec5f101a3794396fed93e480ebcf8d389041b30e Unfortunately the toolchain often brings in the crc32 table even if the function is not actually used. For now, exclude it from the TPL build, which is very sensitive to size. Signed-off-by: Simon Glass <sjg@chromium.org> 
Unfortunately the toolchain often brings in the crc32 table even if the
function is not actually used. For now, exclude it from the TPL build,
which is very sensitive to size.

Signed-off-by: Simon Glass <sjg@chromium.org>
smbios: add parsing API 2020-11-05T06:58:45+00:00 Christian Gmeiner christian.gmeiner@gmail.com 2020-11-03T14:34:51+00:00 415eab0655a8bdfa07464e2b3f9724a198afc81f Add a very simple API to be able to access SMBIOS strings like vendor, model and bios version. Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> 
Add a very simple API to be able to access SMBIOS strings
like vendor, model and bios version.

Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
lib: Add getopt 2020-10-30T14:56:11+00:00 Sean Anderson seanga2@gmail.com 2020-10-27T23:55:36+00:00 72eda5074b92d54ff67979f7a45ced9a119c4a8c Some commands can get very unweildy if they have too many positional arguments. Adding options makes them easier to read, remember, and understand. This implementation of getopt has been taken from barebox, which has had option support for quite a while. I have made a few modifications to their version, such as the removal of opterr in favor of a separate getopt_silent function. In addition, I have moved all global variables into struct getopt_context. The getopt from barebox also re-orders the arguments passed to it so that non-options are placed last. This allows users to specify options anywhere. For example, `ls -l foo/ -R` would be re-ordered to `ls -l -R foo/` as getopt parsed the options. However, this feature conflicts with the const argv in cmd_tbl->cmd. This was originally added in 54841ab50c ("Make sure that argv[] argument pointers are not modified."). The reason stated in that commit is that hush requires argv to stay unmodified. Has this situation changed? Barebox also uses hush, and does not have this problem. Perhaps we could use their fix? I have assigned maintenance of getopt to Simon Glass, as it is currently only used by the log command. I would also be fine maintaining it. Signed-off-by: Sean Anderson <seanga2@gmail.com> 
Some commands can get very unweildy if they have too many positional
arguments. Adding options makes them easier to read, remember, and
understand.

This implementation of getopt has been taken from barebox, which has had
option support for quite a while. I have made a few modifications to their
version, such as the removal of opterr in favor of a separate getopt_silent
function. In addition, I have moved all global variables into struct
getopt_context.

The getopt from barebox also re-orders the arguments passed to it so that
non-options are placed last. This allows users to specify options anywhere.
For example, `ls -l foo/ -R` would be re-ordered to `ls -l -R foo/` as
getopt parsed the options. However, this feature conflicts with the const
argv in cmd_tbl->cmd. This was originally added in 54841ab50c ("Make sure
that argv[] argument pointers are not modified."). The reason stated in
that commit is that hush requires argv to stay unmodified. Has this
situation changed? Barebox also uses hush, and does not have this problem.
Perhaps we could use their fix?

I have assigned maintenance of getopt to Simon Glass, as it is currently
only used by the log command. I would also be fine maintaining it.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
lib: sscanf: add sscanf implementation 2020-08-14T19:18:30+00:00 Andrii Anisov andrii_anisov@epam.com 2020-08-06T09:42:52+00:00 e87dfb0526be231de89b299531a0e637d343fccd Port sscanf implementation from mini-os and introduce new Kconfig option to enable it: CONFIG_SSCANF. Disable by default. Signed-off-by: Andrii Anisov <andrii_anisov@epam.com> Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> 
Port sscanf implementation from mini-os and introduce new
Kconfig option to enable it: CONFIG_SSCANF. Disable by default.

Signed-off-by: Andrii Anisov <andrii_anisov@epam.com>
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Add support for SHA384 and SHA512 2020-06-12T17:14:07+00:00 Reuben Dowle reubendowle0@gmail.com 2020-04-16T05:36:52+00:00 d16b38f42704fe3cc94fbee1601be96045013151 The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com> 
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>