Merge tag 'efi-next' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next

Pull request for UEFI sub-system for next

* UEFI capsule authentication
* UEFI capsule update on QEMU ARM
* fsuuid command for FAT file system
* bug fixes

5 files changed, 112 insertions, 6 deletions

diff --git a/include/efi_api.h b/include/efi_api.h
index e82d4ca9ff..ecb43a0607 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -1813,6 +1813,24 @@ struct efi_variable_authentication_2 {
 } __attribute__((__packed__));
 
 /**
+ * efi_firmware_image_authentication - Capsule authentication method
+ * descriptor
+ *
+ * This structure describes an authentication information for
+ * a capsule with IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED set
+ * and should be included as part of the capsule.
+ * Only EFI_CERT_TYPE_PKCS7_GUID is accepted.
+ *
+ * @monotonic_count: Count to prevent replay
+ * @auth_info: Authentication info
+ */
+struct efi_firmware_image_authentication {
+	uint64_t monotonic_count;
+	struct win_certificate_uefi_guid auth_info;
+} __attribute__((__packed__));
+
+
+/**
  * efi_signature_data - A format of signature
  *
  * This structure describes a single signature in signature database.
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 365f3d01dc..4719fa93f0 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -304,15 +304,17 @@ enum efi_image_auth_status {
  * @exit_status:	exit status passed to Exit()
  * @exit_data_size:	exit data size passed to Exit()
  * @exit_data:		exit data passed to Exit()
- * @exit_jmp:		long jump buffer for returning form started image
+ * @exit_jmp:		long jump buffer for returning from started image
  * @entry:		entry address of the relocated image
+ * @image_type:		indicates if the image is an applicition or a driver
+ * @auth_status:	indicates if the image is authenticated
  */
 struct efi_loaded_image_obj {
 	struct efi_object header;
-	efi_status_t exit_status;
+	efi_status_t *exit_status;
 	efi_uintn_t *exit_data_size;
 	u16 **exit_data;
-	struct jmp_buf_data exit_jmp;
+	struct jmp_buf_data *exit_jmp;
 	EFIAPI efi_status_t (*entry)(efi_handle_t image_handle,
 				     struct efi_system_table *st);
 	u16 image_type;
@@ -811,18 +813,27 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 				  int nocheck);
 
 void efi_sigstore_free(struct efi_signature_store *sigstore);
+struct efi_signature_store *efi_build_signature_store(void *sig_list,
+						      efi_uintn_t size);
 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name);
 
 bool efi_secure_boot_enabled(void);
 
+bool efi_capsule_auth_enabled(void);
+
 bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
 		     WIN_CERTIFICATE **auth, size_t *auth_len);
 
+struct pkcs7_message *efi_parse_pkcs7_header(const void *buf,
+					     size_t buflen,
+					     u8 **tmpbuf);
+
 /* runtime implementation of memcpy() */
 void efi_memcpy_runtime(void *dest, const void *src, size_t n);
 
 /* commonly used helper function */
-u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index);
+u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name,
+			     unsigned int index);
 
 extern const struct efi_firmware_management_protocol efi_fmp_fit;
 extern const struct efi_firmware_management_protocol efi_fmp_raw;
@@ -838,6 +849,10 @@ efi_status_t EFIAPI efi_query_capsule_caps(
 		u64 *maximum_capsule_size,
 		u32 *reset_type);
 
+efi_status_t efi_capsule_authenticate(const void *capsule,
+				      efi_uintn_t capsule_size,
+				      void **image, efi_uintn_t *image_size);
+
 #define EFI_CAPSULE_DIR L"\\EFI\\UpdateCapsule\\"
 
 /* Hook at initialization */
diff --git a/include/efi_variable.h b/include/efi_variable.h
index 4704a3c16e..bf5076233e 100644
--- a/include/efi_variable.h
+++ b/include/efi_variable.h
@@ -91,7 +91,7 @@ efi_status_t efi_query_variable_info_int(u32 attributes,
 
 #define EFI_VAR_FILE_NAME "ubootefi.var"
 
-#define EFI_VAR_BUF_SIZE 0x4000
+#define EFI_VAR_BUF_SIZE CONFIG_EFI_VAR_BUF_SIZE
 
 /*
  * This constant identifies the file format for storing UEFI variables in
diff --git a/include/fat.h b/include/fat.h
index 3c29a4484d..b9f273f381 100644
--- a/include/fat.h
+++ b/include/fat.h
@@ -22,7 +22,6 @@ struct disk_partition;
 
 #define MAX_CLUSTSIZE	CONFIG_FS_FAT_MAX_CLUSTSIZE
 
-#define DIRENTSPERBLOCK	(mydata->sect_size / sizeof(dir_entry))
 #define DIRENTSPERCLUST	((mydata->clust_size * mydata->sect_size) / \
 			 sizeof(dir_entry))
 
@@ -213,4 +212,16 @@ int fat_unlink(const char *filename);
 int fat_mkdir(const char *dirname);
 void fat_close(void);
 void *fat_next_cluster(fat_itr *itr, unsigned int *nbytes);
+
+/**
+ * fat_uuid() - get FAT volume ID
+ *
+ * The FAT volume ID returned in @uuid_str as hexadecimal number in XXXX-XXXX
+ * format.
+ *
+ * @uuid_str:	caller allocated buffer of at least 10 bytes for the volume ID
+ * Return:	0 on success
+ */
+int fat_uuid(char *uuid_str);
+
 #endif /* _FAT_H_ */
diff --git a/include/signatures.h b/include/signatures.h
new file mode 100644
index 0000000000..4042db1e00
--- /dev/null
+++ b/include/signatures.h
@@ -0,0 +1,62 @@
+/* SPDX-License-Identifier: Intel */
+/*
+ * Copyright (C) 2013, Intel Corporation
+ * Copyright (C) 2014, Bin Meng <bmeng.cn@gmail.com>
+ */
+
+#ifndef __SIGNATURES_H__
+#define __SIGNATURES_H__
+
+/**
+ * Returns a 16-bit signature built from 2 ASCII characters.
+ *
+ * This macro returns a 16-bit value built from the two ASCII characters
+ * specified by A and B.
+ *
+ * @A: The first ASCII character.
+ * @B: The second ASCII character.
+ *
+ * @return: A 16-bit value built from the two ASCII characters specified by
+ *          A and B.
+ */
+#define SIGNATURE_16(A, B)	((A) | (B << 8))
+
+/**
+ * Returns a 32-bit signature built from 4 ASCII characters.
+ *
+ * This macro returns a 32-bit value built from the four ASCII characters
+ * specified by A, B, C, and D.
+ *
+ * @A: The first ASCII character.
+ * @B: The second ASCII character.
+ * @C: The third ASCII character.
+ * @D: The fourth ASCII character.
+ *
+ * @return: A 32-bit value built from the two ASCII characters specified by
+ *          A, B, C and D.
+ */
+#define SIGNATURE_32(A, B, C, D)	\
+	(SIGNATURE_16(A, B) | (SIGNATURE_16(C, D) << 16))
+
+/**
+ * Returns a 64-bit signature built from 8 ASCII characters.
+ *
+ * This macro returns a 64-bit value built from the eight ASCII characters
+ * specified by A, B, C, D, E, F, G,and H.
+ *
+ * @A: The first ASCII character.
+ * @B: The second ASCII character.
+ * @C: The third ASCII character.
+ * @D: The fourth ASCII character.
+ * @E: The fifth ASCII character.
+ * @F: The sixth ASCII character.
+ * @G: The seventh ASCII character.
+ * @H: The eighth ASCII character.
+ *
+ * @return: A 64-bit value built from the two ASCII characters specified by
+ *          A, B, C, D, E, F, G and H.
+ */
+#define SIGNATURE_64(A, B, C, D, E, F, G, H)	\
+	(SIGNATURE_32(A, B, C, D) | ((u64)(SIGNATURE_32(E, F, G, H)) << 32))
+
+#endif /* __SIGNATURES_H__ */