diff options
author | Tom Rini <trini@konsulko.com> | 2020-12-31 22:28:09 -0500 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-12-31 22:28:09 -0500 |
commit | c86b18074c9d40bfa63cda1068b6dfb810d4377d (patch) | |
tree | 391c7d8705d38ff7f059c242b514a2cc1fdecc97 /include | |
parent | 958b9e2482538ebfeb2e1161257603d4dec498cb (diff) | |
parent | c35df7c9e43eaf5f8bf2113a58ea257291988589 (diff) | |
download | u-boot-c86b18074c9d40bfa63cda1068b6dfb810d4377d.tar.gz u-boot-c86b18074c9d40bfa63cda1068b6dfb810d4377d.tar.xz u-boot-c86b18074c9d40bfa63cda1068b6dfb810d4377d.zip |
Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next
Pull request for UEFI sub-system for next
* UEFI capsule authentication
* UEFI capsule update on QEMU ARM
* fsuuid command for FAT file system
* bug fixes
Diffstat (limited to 'include')
-rw-r--r-- | include/efi_api.h | 18 | ||||
-rw-r--r-- | include/efi_loader.h | 23 | ||||
-rw-r--r-- | include/efi_variable.h | 2 | ||||
-rw-r--r-- | include/fat.h | 13 | ||||
-rw-r--r-- | include/signatures.h | 62 |
5 files changed, 112 insertions, 6 deletions
diff --git a/include/efi_api.h b/include/efi_api.h index e82d4ca9ff..ecb43a0607 100644 --- a/include/efi_api.h +++ b/include/efi_api.h @@ -1813,6 +1813,24 @@ struct efi_variable_authentication_2 { } __attribute__((__packed__)); /** + * efi_firmware_image_authentication - Capsule authentication method + * descriptor + * + * This structure describes an authentication information for + * a capsule with IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED set + * and should be included as part of the capsule. + * Only EFI_CERT_TYPE_PKCS7_GUID is accepted. + * + * @monotonic_count: Count to prevent replay + * @auth_info: Authentication info + */ +struct efi_firmware_image_authentication { + uint64_t monotonic_count; + struct win_certificate_uefi_guid auth_info; +} __attribute__((__packed__)); + + +/** * efi_signature_data - A format of signature * * This structure describes a single signature in signature database. diff --git a/include/efi_loader.h b/include/efi_loader.h index 365f3d01dc..4719fa93f0 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -304,15 +304,17 @@ enum efi_image_auth_status { * @exit_status: exit status passed to Exit() * @exit_data_size: exit data size passed to Exit() * @exit_data: exit data passed to Exit() - * @exit_jmp: long jump buffer for returning form started image + * @exit_jmp: long jump buffer for returning from started image * @entry: entry address of the relocated image + * @image_type: indicates if the image is an applicition or a driver + * @auth_status: indicates if the image is authenticated */ struct efi_loaded_image_obj { struct efi_object header; - efi_status_t exit_status; + efi_status_t *exit_status; efi_uintn_t *exit_data_size; u16 **exit_data; - struct jmp_buf_data exit_jmp; + struct jmp_buf_data *exit_jmp; EFIAPI efi_status_t (*entry)(efi_handle_t image_handle, struct efi_system_table *st); u16 image_type; @@ -811,18 +813,27 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs, int nocheck); void efi_sigstore_free(struct efi_signature_store *sigstore); +struct efi_signature_store *efi_build_signature_store(void *sig_list, + efi_uintn_t size); struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name); bool efi_secure_boot_enabled(void); +bool efi_capsule_auth_enabled(void); + bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, WIN_CERTIFICATE **auth, size_t *auth_len); +struct pkcs7_message *efi_parse_pkcs7_header(const void *buf, + size_t buflen, + u8 **tmpbuf); + /* runtime implementation of memcpy() */ void efi_memcpy_runtime(void *dest, const void *src, size_t n); /* commonly used helper function */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index); +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index); extern const struct efi_firmware_management_protocol efi_fmp_fit; extern const struct efi_firmware_management_protocol efi_fmp_raw; @@ -838,6 +849,10 @@ efi_status_t EFIAPI efi_query_capsule_caps( u64 *maximum_capsule_size, u32 *reset_type); +efi_status_t efi_capsule_authenticate(const void *capsule, + efi_uintn_t capsule_size, + void **image, efi_uintn_t *image_size); + #define EFI_CAPSULE_DIR L"\\EFI\\UpdateCapsule\\" /* Hook at initialization */ diff --git a/include/efi_variable.h b/include/efi_variable.h index 4704a3c16e..bf5076233e 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -91,7 +91,7 @@ efi_status_t efi_query_variable_info_int(u32 attributes, #define EFI_VAR_FILE_NAME "ubootefi.var" -#define EFI_VAR_BUF_SIZE 0x4000 +#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE /* * This constant identifies the file format for storing UEFI variables in diff --git a/include/fat.h b/include/fat.h index 3c29a4484d..b9f273f381 100644 --- a/include/fat.h +++ b/include/fat.h @@ -22,7 +22,6 @@ struct disk_partition; #define MAX_CLUSTSIZE CONFIG_FS_FAT_MAX_CLUSTSIZE -#define DIRENTSPERBLOCK (mydata->sect_size / sizeof(dir_entry)) #define DIRENTSPERCLUST ((mydata->clust_size * mydata->sect_size) / \ sizeof(dir_entry)) @@ -213,4 +212,16 @@ int fat_unlink(const char *filename); int fat_mkdir(const char *dirname); void fat_close(void); void *fat_next_cluster(fat_itr *itr, unsigned int *nbytes); + +/** + * fat_uuid() - get FAT volume ID + * + * The FAT volume ID returned in @uuid_str as hexadecimal number in XXXX-XXXX + * format. + * + * @uuid_str: caller allocated buffer of at least 10 bytes for the volume ID + * Return: 0 on success + */ +int fat_uuid(char *uuid_str); + #endif /* _FAT_H_ */ diff --git a/include/signatures.h b/include/signatures.h new file mode 100644 index 0000000000..4042db1e00 --- /dev/null +++ b/include/signatures.h @@ -0,0 +1,62 @@ +/* SPDX-License-Identifier: Intel */ +/* + * Copyright (C) 2013, Intel Corporation + * Copyright (C) 2014, Bin Meng <bmeng.cn@gmail.com> + */ + +#ifndef __SIGNATURES_H__ +#define __SIGNATURES_H__ + +/** + * Returns a 16-bit signature built from 2 ASCII characters. + * + * This macro returns a 16-bit value built from the two ASCII characters + * specified by A and B. + * + * @A: The first ASCII character. + * @B: The second ASCII character. + * + * @return: A 16-bit value built from the two ASCII characters specified by + * A and B. + */ +#define SIGNATURE_16(A, B) ((A) | (B << 8)) + +/** + * Returns a 32-bit signature built from 4 ASCII characters. + * + * This macro returns a 32-bit value built from the four ASCII characters + * specified by A, B, C, and D. + * + * @A: The first ASCII character. + * @B: The second ASCII character. + * @C: The third ASCII character. + * @D: The fourth ASCII character. + * + * @return: A 32-bit value built from the two ASCII characters specified by + * A, B, C and D. + */ +#define SIGNATURE_32(A, B, C, D) \ + (SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16)) + +/** + * Returns a 64-bit signature built from 8 ASCII characters. + * + * This macro returns a 64-bit value built from the eight ASCII characters + * specified by A, B, C, D, E, F, G,and H. + * + * @A: The first ASCII character. + * @B: The second ASCII character. + * @C: The third ASCII character. + * @D: The fourth ASCII character. + * @E: The fifth ASCII character. + * @F: The sixth ASCII character. + * @G: The seventh ASCII character. + * @H: The eighth ASCII character. + * + * @return: A 64-bit value built from the two ASCII characters specified by + * A, B, C, D, E, F, G and H. + */ +#define SIGNATURE_64(A, B, C, D, E, F, G, H) \ + (SIGNATURE_32(A, B, C, D) | ((u64)(SIGNATURE_32(E, F, G, H)) << 32)) + +#endif /* __SIGNATURES_H__ */ |