summaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* efi_loader: fix Sphinx warningHeinrich Schuchardt2021-06-091-1/+1
| | | | | | | | | | Brackets '[' need to be escaped to avoid a build warning lib/efi_loader/efi_image_loader.c:223: WARNING: Inline strong start-string without end-string. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Masahisa Kojima <masahisa.kojima@linaro.org>
* efi_loader: efi_capsule_delete_file() NULL dereferenceHeinrich Schuchardt2021-06-091-1/+2
| | | | | | | If opening a file fails, the file handle pointer is not valid and must not be dereferenced. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: partition numbers are hexadecimalHeinrich Schuchardt2021-06-092-3/+3
| | | | | | | | | | | If we want to address partition 15 of virtio block device 11, we have to write: virtio b:f When calling sprintf() we must use %x for the device and partition numbers. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* fastboot: Fix overflow when calculating chunk sizeSean Anderson2021-06-011-8/+9
| | | | | | | | | If a chunk was larger than 4GiB, then chunk_data_sz would overflow and blkcnt would not be calculated correctly. Upgrade it to a u64 and cast its multiplicands as well. Also fix bytes_written while we're at it. Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Heiko Schocher <hs@denx.de>
* efi_loader: add PE/COFF image measurementMasahisa Kojima2021-05-283-26/+244
| | | | | | | | | | | | | | | | "TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log. Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Replace CONFIG_HASH_CALCULATE by CONFIG_HASH Fix conversions between pointers and u64. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* efi_loader: Work-around build issue due to missing hash_calculate()Alexandru Gagniuc2021-05-282-1/+3
| | | | | | | | | | | | | | | | | | | | | The hash_calculate() symbol is provided by hash-checksum.c. It depends on hash_progressive_lookup_algo(), provided when CONFIG_HASH=y. The issue is that hash_calculate() is used by the efi_loader, irregardless of CONFIG_FIT_SIGNATURE. As pointed out in commit 87316da05f2f ("lib: introduce HASH_CALCULATE option"), enabling hash_calculate() based on CONFIG_FIT_SIGNATURE is incorrect. To resolve this, use CONFIG_HASH as the compile switch for hash-checksum.c. This ensures that all dependencies are compiled, and is the most natural Kconfig to use. There is the issue of having to 'select HASH' in a couple of places that already 'select SHA256'. This is a deeper problem with how hashes are organized, and fixing it is beyonf the scope of this change. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
* Revert "lib: introduce HASH_CALCULATE option"Alexandru Gagniuc2021-05-283-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When we think of Kconfig, we usually think of features that we like to enable or not. Ideally, we wouldn't use Kconfig to fix a build issue, although sometimes it might make sense. With Kconfig it's hard to guarantee that the fix is universal. We can only say that it works for the set of tested configurations. In the majority of cases, it's preferable to let the linker figure things out for us. The reverted commit attempted to fix a build issue by adding an invisible Kconfig option. This is wrong in several ways: It invents a new Kconfig variable when CONFIG_HASH already exists for the same purpose. Second, hash-checksum.c makes use of the hash_progressive_lookup_algo() symbol, which is only provided with CONFIG_HASH, but this dependency was not expressed in the reverted patch. It feels like Kconfig is turning into a listing of all available source files, and a buffet to 'select' which ones to compile. The purpose of this revert is to enable the next change to make use of CONFIG_HASH instead of adding to Kconfig. This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
* efi_loader: Fix coverity warnings for efi tcg2 protocolIlias Apalodimas2021-05-281-2/+5
| | | | | | | | | | | | | Coverity reported 3 warnings on the current code. CID 331856, 331855, 331854 on the latest scan. Fix the rest of the warnings by initializing the variables before passing them to tpm2_get_pcr_info(). In order to avoid future warnings and errors initialize them to 0 within the function as well, since the values are always OR'ed after querying the hardware. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* efi_loader: Fix -Wextra warning for EFI TCG2Ilias Apalodimas2021-05-251-18/+22
| | | | | | | | Compiling with -Wextra produces a number of (harmless) warnings for the EFI TCG2 protocol. Let's fix those in case we ever enable the flag on the EFI subsystem Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* efi_loader: path length in efi_dp_from_name()Heinrich Schuchardt2021-05-251-2/+7
| | | | | | | | | | Before this patch efi_dp_from_name() only accommodated a maximum file path length of 31 characters. This leads to boot failures due to file name truncation. Allow arbitrary path lengths. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabledMasahisa Kojima2021-05-255-68/+73
| | | | | | | | | | | | | | | This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled. This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: remove weak efi_get_public_key_data()Heinrich Schuchardt2021-05-251-10/+0
| | | | | | | | | Configuring a system with CONFIG_EFI_CAPSULE_AUTHENTICATE=y but without a method to retrieve the public key data is a misconfiguration. We should get a build failure for it. Therefore remove the weak efi_get_public_key_data() implementation. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* sandbox: errno: avoid conflict with libc's errnoMarek Behún2021-05-241-1/+3
| | | | | | | | | | | | | | | | When building with LTO, the system libc's `errno` variable used in arch/sandbox/cpu/os.c conflicts with U-Boot's `errno` (defined in lib/errno.c) with the following error: .../ld: errno@@GLIBC_PRIVATE: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference in /tmp/u-boot.EQlEXz.ltrans0.ltrans.o To avoid this conflict use different asm label for this variable when CONFIG_SANDBOX is enabled. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: crc32: put the crc_table variable into efi_runtime_rodata sectionMarek Behún2021-05-241-1/+2
| | | | | | | | | | | | | | | When compiling with LTO, the compiler fails with an error saying that `crc_table` causes a section type conflict with `efi_var_buf`. This is because both are declared to be in the same section (via macro `__efi_runtime_data`), but one is const while the other is not. Put this variable into the section .rodata.efi_runtime, instead of .data.efi_runtime, via macro __efi_runtime_rodata. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Marek Vasut <marex@denx.de> Reviewed-by: Heinrich Schuchardt <xypron.gpk@gmx.de>
* efi_selftest: compiler flags for efi_selftest_miniapp_exception.oMarek Behún2021-05-241-0/+2
| | | | | | | | | | | | | Add $(CFLAGS_EFI) and remove $(CFLAGS_NON_EFI) for efi_selftest_miniapp_exception.o. The removal is needed when compiling with LTO - this object file needs to be compiled without -flto. The adding is for consistency with other miniapps. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* string: make memcpy(), memset(), memcmp() and memmove() visible for LTOMarek Behún2021-05-241-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems that sometimes (happening on ARM64, for example with turris_mox_defconfig) GCC, when linking with LTO, changes the symbol names of some functions, for example lib/string.c's memcpy() function to memcpy.isra.0. This is a problem however when GCC for a code such as this: struct some_struct *info = get_some_struct(); struct some struct tmpinfo; tmpinfo = *info; emits a call to memcpy() by builtin behaviour, to copy *info to tmpinfo. This then results in the following linking error: .../lz4.c:93: undefined reference to `memcpy' .../uuid.c:206: more undefined references to `memcpy' follow GCC's documentation says this about -nodefaultlibs option: The compiler may generate calls to "memcmp", "memset", "memcpy" and "memmove". These entries are usually resolved by entries in libc. These entry points should be supplied through some other mechanism when this option is specified. Make these functions visible by using the __used macro to avoid this error. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Simon Glass <sjg@chromium.org>
* treewide: Convert macro and uses of __section(foo) to __section("foo")Marek Behún2021-05-241-2/+2
| | | | | | | | | | | | | | | | | This commit does the same thing as Linux commit 33def8498fdd. Use a more generic form for __section that requires quotes to avoid complications with clang and gcc differences. Remove the quote operator # from compiler_attributes.h __section macro. Convert all unquoted __section(foo) uses to quoted __section("foo"). Also convert __attribute__((section("foo"))) uses to __section("foo") even if the __attribute__ has multiple list entry forms. Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: kconfig: Limit BINMAN_FDT for OF_SEPARATE or OF_EMBEDBin Meng2021-05-191-1/+1
| | | | | | | | | | Generally speaking BINMAN_FDT makes sense for OF_SEPARATE or OF_EMBED. For the other OF_CONTROL methods, it's quite possible binman node is not available as binman is invoked during the build phase instead of runtime. Let's only turn it on for OF_SEPARATE or OF_EMBED by default. Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: introduce HASH_CALCULATE optionMasahisa Kojima2021-05-183-1/+6
| | | | | | | | | | | | | | Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled. Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Fix Kconfig for EFI_TCG2 protocolIlias Apalodimas2021-05-181-0/+6
| | | | | | | | | | | EFI_TCG2 depends not only on TPMv2 but also on the underlying algorithms. So select the missing SHA1, SHA256, SHA384 and SHA512 we currently support Reported-by: Michal Simek <michal.simek@xilinx.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Add 'default y'. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Don't stop EFI subsystem init if installing TCG2 failsIlias Apalodimas2021-05-181-5/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Up to now we are stopping the EFI subsystem if a TPMv2 exists but the protocol fails to install. Now that we've switched the config to 'default y' the sandbox TPM fails, since it doesn't support all the required capabilities of the protocol. Not installing the protocol is not catastrophic. If the protocol fails to install the PCRs will never be extended to the expected values, so some other entity later in the boot flow will eventually figure it out and take the necessary actions. While at it fix a corner case were the user can see an invalid error message when the protocol failed to install. We do have a tcg2_uninit() which we call when the protocol installation fails. There are cases though that this might be called before the configuration table is installed (e.g probing the TPM for capabilities failed). In that case the user will see "Failed to delete final events config table". So stop printing it since it's not an actual failure , simply because the config table was never installed in the first place. In order to stop printing it make efi_init_event_log() and create_final_event() cleanup themselves and only call tcg2_uninit() when the protocol installation fails. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Uninstall the TCG2 protocol if logging s-crtm failsIlias Apalodimas2021-05-181-5/+3
| | | | | | | | | | | Instead of just failing, clean up the installed config table and EventLog memory if logging an s-crtm event fails during the protocol installation Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Eliminate label 'out:' by using return. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Clean up tcg2 once in case of failureIlias Apalodimas2021-05-181-4/+0
| | | | | | | | | efi_init_event_log() calls tcg2_uninit() in case of failure. We can skip that since the function is called on efi_tcg2_register() which also cleans up if an error occurs Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: loosen buffer parameter check in efi_file_read_intPeng Fan2021-05-181-1/+1
| | | | | | | | | | | | | | | | | | | This is same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1733817, but that fix was wrongly partial reverted. When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when the supplied buffer is too small, so a use-case is to call EFI_FILE_PROTOCOL.Read() with *buffer_size=0 and buffer=NULL to obtain the needed size before doing the actual read. So remove the check only for directory reading, file reading already do the check by itself. Fixes: db12f518edb0("efi_loader: implement non-blocking file services") Signed-off-by: Peng Fan <peng.fan@nxp.com> Cc: Stefan Sørensen <stefan.sorensen@spectralink.com> Tested-by: Peter Robinson <pbrobinson@gmail.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: capsule: Remove the check for capsule_authentication_enabled ↵Sughosh Ganu2021-05-181-3/+2
| | | | | | | | | | | | | | environment variable The current capsule authentication code checks if the environment variable capsule_authentication_enabled is set, for authenticating the capsule. This is in addition to the check for the config symbol CONFIG_EFI_CAPSULE_AUTHENTICATE. Remove the check for the environment variable. The capsule will now be authenticated if the config symbol is set. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* hash: Kconfig option for SHA512 hardware accelerationHeinrich Schuchardt2021-05-181-5/+16
| | | | | | | | | | | | | | | | | | | | | | Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations") defined function definitions for hardware accelerated SHA384 and SHA512. If CONFIG_SHA_HW_ACCEL=y, these functions are used. We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the new functions hw_sha384() and hw_sha512(). For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The missing hardware acceleration functions lead to build errors on boards like peach-pi_defconfig. Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the functions hw_sha384() and hw_sha512() shall be used to implement the SHA384 and SHA512 algorithms. Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
* efi_loader: build warning in efi_tcg2_hash_log_extend_eventHeinrich Schuchardt2021-05-181-2/+2
| | | | | | | | | | | | | | Building 32bit boards with the TCG2 protocol enabled leads to a build warning due to a missing conversion. lib/efi_loader/efi_tcg2.c:774:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 774 | ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len, | ^ Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* dm: core: Add address translation in fdt_get_resourcePatrick Delaunay2021-04-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Today of_address_to_resource() is called only in ofnode_read_resource() for livetree support and fdt_get_resource() is called when livetree is not supported. The fdt_get_resource() doesn't do the address translation so when it is required, but the address translation is done by ofnode_read_resource() caller, for example in drivers/firmware/scmi/smt.c::scmi_dt_get_smt_buffer() { ... ret = ofnode_read_resource(args.node, 0, &resource); if (ret) return ret; faddr = cpu_to_fdt32(resource.start); paddr = ofnode_translate_address(args.node, &faddr); ... The both behavior should be aligned and the address translation must be called in fdt_get_resource() and removed for each caller. Fixes: a44810123f9e ("dm: core: Add dev_read_resource() to read device resources") Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
* efi_loader: capsule: return a correct error code at find_boot_device()AKASHI Takahiro2021-04-241-1/+1
| | | | | | | | | | In case of failure at efi_get_variable_int("BootOrder"), we should skip examining boot option variables and return an appropriate error code which is the one the function returned. Fixes: CID 331153 Code maintainability issues (UNUSED_VALUE) Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi: Fix ESRT refresh after Capsule updateJose Marinho2021-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Indicated by Coverity Scan CID 331147 The ESRT was being refreshed in situations where the UpdateCapsule procedure failed. In that scenario: 1) the ESRT refresh was superfluous. 2) a failed ESRT refresh return code overwrites the UpdateCapsule error return code. This commit ensures that the ESRT is only refreshed when the UpdateCapsule performs successfully. CC: Heinrich Schuchardt <xypron.glpk@gmx.de> CC: Sughosh Ganu <sughosh.ganu@linaro.org> CC: AKASHI Takahiro <takahiro.akashi@linaro.org> CC: Tom Rini <trini@konsulko.com> CC: Andre Przywara <andre.przywara@arm.com> CC: nd@arm.com Signed-off-by: Jose Marinho <jose.marinho@arm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: simplify tcg2_create_digest()Ilias Apalodimas2021-04-241-4/+1
| | | | | | | | | Bumping the digest list count, for all supported algorithms, can be calculated outside of the individual switch statements. So let's do that for every loop iteration instead and simplify the code a bit. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: missing include in efi_string.cHeinrich Schuchardt2021-04-241-0/+1
| | | | | | | To avoid diverging function definitions we need to include efi_loader.h. Fixes: fe179d7fb5c1 ("efi_loader: Add size checks to efi_create_indexed_name()") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* lmb: Add 2 config to define the max number of regionsPatrick Delaunay2021-04-222-2/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 2 configs CONFIG_LMB_MEMORY_REGIONS and CONFIG_LMB_RESERVED_REGIONS to change independently the max number of the regions in lmb library. When CONFIG_LMB_USE_MAX_REGIONS=y, move the lmb property arrays to struct lmb and manage the array size with the element 'max' of struct lmb_region; their are still allocated in stack. When CONFIG_LMB_USE_MAX_REGIONS=n, keep the current location in struct lmb_region to allow compiler optimization. Increase CONFIG_LMB_RESERVED_REGIONS is useful to avoid lmb errors in bootm when the number of reserved regions (not adjacent) is reached: + 1 region for relocated U-Boot + 1 region for initrd + 1 region for relocated linux device tree + reserved memory regions present in Linux device tree. The current limit of 8 regions is reached with only 5 reserved regions in DT. see Linux kernel commit bf23c51f1f49 ("memblock: Move memblock arrays to static storage in memblock.c and make their size a variable") Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
* lmb: move MAX_LMB_REGIONS value in KconfigPatrick Delaunay2021-04-222-3/+11
| | | | | | | Move MAX_LMB_REGIONS value in Kconfig, the max number of the regions in lmb library. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
* lmb: add a max parameter in the struct lmb_regionPatrick Delaunay2021-04-221-1/+4
| | | | | | | | | | | Add a max parameter in lmb_region struct to handle test in lmb_add_region without using the MAX_LMB_REGIONS define. This patch allows to modify these size independently for memory of reserved regions in the next patches. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
* lmb: remove lmb_region.sizePatrick Delaunay2021-04-221-6/+0
| | | | | | | | | | Remove the unused field size of struct lmb_region as it is initialized to 0 and never used after in lmb library. See Linux kernel commit 4734b594c6ca ("memblock: Remove memblock_type.size and add memblock.memory_size instead") Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
* lmb: move CONFIG_LMB in KconfigPatrick Delaunay2021-04-221-0/+7
| | | | | | Migrate CONFIG_LMB in Kconfig. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
* lz4: Fix unaligned accessesKarl Beldan2021-04-201-3/+12
| | | | Signed-off-by: Karl Beldan <karl.beldan+oss@gmail.com>
* efi_loader: fix possible buffer overflowMasahisa Kojima2021-04-171-1/+1
| | | | | | | | | Variable "final" will have SHA512 digest, but currently the array size is not sufficient. Let's fix it. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: memory leak in efi_capsule_scan_dir()Heinrich Schuchardt2021-04-171-0/+3
| | | | | | | If realloc() fails, we should free the old buffer. Fixes: c74cd8bd08d1: ("efi_loader: capsule: add capsule_on_disk support") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: esrt: Remove incorrect invocations of EFI_CALL macroSughosh Ganu2021-04-171-14/+14
| | | | | | | | | | | | | | | | | | | Remove function invocations using the EFI_CALL macro for those functions that do not have an EFI_ENTRY call in their definition. Such functions can use u-boot api's which rely on u-boot global data(gd) pointer. The Arm and RiscV architectures maintain a separate gd pointer, one for u-boot, and a separate gd for the efi application. Calling a function through the EFI_CALL macro changes the gd pointer to that used for the efi application, with u-boot gd being unavailable. Any function then trying to dereference u-boot's gd will result in an abort. Fix this issue by removing the EFI_CALL macro for all of such functions which do not begin by an EFI_ENTRY function call. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* lib/rsa: Use EVP_PKEY instead of RSAChan, Donald2021-04-141-102/+67
| | | | | | | | | | Most modern OpenSSL engines have methods overridden at the EVP level rather than at RSA level, to make these engines work properly with mkimage, the RSA signing code needs to switch to using EVP_* APIs as much as possible. Signed-off-by: Donald Chan <hoiho@lab126.com> [trini: Rebase on top of keyfile changes] Signed-off-by: Tom Rini <trini@konsulko.com>
* lib/ecdsa: Use the 'keydir' argument from mkimage if appropriateAlexandru Gagniuc2021-04-141-1/+13
| | | | | | | | | Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the ECDSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib/rsa: Use the 'keyfile' argument from mkimageAlexandru Gagniuc2021-04-141-8/+26
| | | | | | | | | Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the RSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: Add support for ECDSA image signingAlexandru Gagniuc2021-04-141-0/+306
| | | | | | | | | | | | | mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib/rsa: Make fdt_add_bignum() available outside of RSA codeAlexandru Gagniuc2021-04-142-64/+73
| | | | | | | | | | | fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/. The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: Rename rsa-checksum.c to hash-checksum.cAlexandru Gagniuc2021-04-145-4/+6
| | | | | | | | | | | rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: string: Implement strlcatSean Anderson2021-04-121-0/+19
| | | | | | | | | | | | | This introduces strlcat, which provides a safer interface than strncat. It never copies more than its size bytes, including the terminating nul. In addition, it never reads past dest[size - 1], even if dest is not nul-terminated. This also removes the stub for dwc3 now that we have a proper implementation. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
* lib: string: Fix strlcpy return valueSean Anderson2021-04-121-4/+8
| | | | | | | | | | strlcpy should always return the number of bytes copied. We were accidentally missing the nul-terminator. We also always used to return a non-zero value, even if we did not actually copy anything. Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer") Signed-off-by: Sean Anderson <seanga2@gmail.com>
* hash: Allow for SHA512 hardware implementationsJoel Stanley2021-04-121-8/+7
| | | | | | | | Similar to support for SHA1 and SHA256, allow the use of hardware hashing engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL / CONFIG_SHA_PROG_HW_ACCEL. Signed-off-by: Joel Stanley <joel@jms.id.au>