diff options
| author | Tom Rini <trini@konsulko.com> | 2021-05-25 11:48:55 -0400 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-05-25 11:48:55 -0400 |
| commit | f25a0c3742cf96714fa34c80370e706d6df9bf66 (patch) | |
| tree | ff10cf5994211aceae488e8368e79d60f092334b | |
| parent | 4c3e99460c6551ef1a626375dd1dd1f7f7c55af8 (diff) | |
| parent | 1f6871df40d6ad94a00a2dcd46f3cc91b232c4d6 (diff) | |
Merge tag 'efi-2021-07-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-07-rc4
Documentation:
* correct mmc man-page
Bug fixes:
* reduce code size of efidebug command
* remove 31 character limit for file paths in efidebug command
* fix build warning in the TCG2 protocol implementation
| -rw-r--r-- | cmd/efidebug.c | 96 | ||||
| -rw-r--r-- | doc/usage/mmc.rst | 3 | ||||
| -rw-r--r-- | lib/efi_loader/Kconfig | 5 | ||||
| -rw-r--r-- | lib/efi_loader/Makefile | 2 | ||||
| -rw-r--r-- | lib/efi_loader/efi_capsule.c | 10 | ||||
| -rw-r--r-- | lib/efi_loader/efi_device_path.c | 9 | ||||
| -rw-r--r-- | lib/efi_loader/efi_image_loader.c | 64 | ||||
| -rw-r--r-- | lib/efi_loader/efi_signature.c | 67 | ||||
| -rw-r--r-- | lib/efi_loader/efi_tcg2.c | 40 | ||||
| -rw-r--r-- | lib/efi_loader/efi_var_common.c | 3 |
10 files changed, 137 insertions, 162 deletions
diff --git a/cmd/efidebug.c b/cmd/efidebug.c index 0bf7b8856c..c6352719dd 100644 --- a/cmd/efidebug.c +++ b/cmd/efidebug.c @@ -12,6 +12,7 @@ #include <efi_load_initrd.h> #include <efi_loader.h> #include <efi_rng.h> +#include <efi_variable.h> #include <exports.h> #include <hexdump.h> #include <log.h> @@ -227,8 +228,7 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag, { int capsule_id; char *endp; - char var_name[12]; - u16 var_name16[12], *p; + u16 var_name16[12]; efi_guid_t guid; struct efi_capsule_result_variable_header *result = NULL; efi_uintn_t size; @@ -240,8 +240,9 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag, guid = efi_guid_capsule_report; if (argc == 1) { size = sizeof(var_name16); - ret = EFI_CALL(RT->get_variable(L"CapsuleLast", &guid, NULL, - &size, var_name16)); + ret = efi_get_variable_int(L"CapsuleLast", &guid, NULL, + &size, var_name16, NULL); + if (ret != EFI_SUCCESS) { if (ret == EFI_NOT_FOUND) printf("CapsuleLast doesn't exist\n"); @@ -259,19 +260,18 @@ static int do_efi_capsule_res(struct cmd_tbl *cmdtp, int flag, if (capsule_id < 0 || capsule_id > 0xffff) return CMD_RET_USAGE; - sprintf(var_name, "Capsule%04X", capsule_id); - p = var_name16; - utf8_utf16_strncpy(&p, var_name, 9); + efi_create_indexed_name(var_name16, sizeof(var_name16), + "Capsule", capsule_id); } size = 0; - ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, NULL)); + ret = efi_get_variable_int(var_name16, &guid, NULL, &size, NULL, NULL); if (ret == EFI_BUFFER_TOO_SMALL) { result = malloc(size); if (!result) return CMD_RET_FAILURE; - ret = EFI_CALL(RT->get_variable(var_name16, &guid, NULL, &size, - result)); + ret = efi_get_variable_int(var_name16, &guid, NULL, &size, + result, NULL); } if (ret != EFI_SUCCESS) { free(result); @@ -954,8 +954,7 @@ static int do_efi_boot_add(struct cmd_tbl *cmdtp, int flag, { int id; char *endp; - char var_name[9]; - u16 var_name16[9], *p; + u16 var_name16[9]; efi_guid_t guid; size_t label_len, label_len16; u16 *label; @@ -988,9 +987,8 @@ static int do_efi_boot_add(struct cmd_tbl *cmdtp, int flag, if (*endp != '\0' || id > 0xffff) return CMD_RET_USAGE; - sprintf(var_name, "Boot%04X", id); - p = var_name16; - utf8_utf16_strncpy(&p, var_name, 9); + efi_create_indexed_name(var_name16, sizeof(var_name16), + "Boot", id); /* label */ label_len = strlen(argv[2]); @@ -1066,11 +1064,11 @@ static int do_efi_boot_add(struct cmd_tbl *cmdtp, int flag, goto out; } - ret = EFI_CALL(efi_set_variable(var_name16, &guid, - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | - EFI_VARIABLE_RUNTIME_ACCESS, - size, data)); + ret = efi_set_variable_int(var_name16, &guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + size, data, false); if (ret != EFI_SUCCESS) { printf("Cannot set %ls\n", var_name16); r = CMD_RET_FAILURE; @@ -1107,8 +1105,7 @@ static int do_efi_boot_rm(struct cmd_tbl *cmdtp, int flag, efi_guid_t guid; int id, i; char *endp; - char var_name[9]; - u16 var_name16[9], *p; + u16 var_name16[9]; efi_status_t ret; if (argc == 1) @@ -1120,11 +1117,10 @@ static int do_efi_boot_rm(struct cmd_tbl *cmdtp, int flag, if (*endp != '\0' || id > 0xffff) return CMD_RET_FAILURE; - sprintf(var_name, "Boot%04X", id); - p = var_name16; - utf8_utf16_strncpy(&p, var_name, 9); - - ret = EFI_CALL(efi_set_variable(var_name16, &guid, 0, 0, NULL)); + efi_create_indexed_name(var_name16, sizeof(var_name16), + "Boot", id); + ret = efi_set_variable_int(var_name16, &guid, 0, 0, NULL, + false); if (ret) { printf("Cannot remove %ls\n", var_name16); return CMD_RET_FAILURE; @@ -1147,8 +1143,6 @@ static void show_efi_boot_opt_data(u16 *varname16, void *data, size_t *size) { struct efi_device_path *initrd_path = NULL; struct efi_load_option lo; - char *label, *p; - size_t label_len16, label_len; u16 *dp_str; efi_status_t ret; efi_uintn_t initrd_dp_size; @@ -1160,14 +1154,6 @@ static void show_efi_boot_opt_data(u16 *varname16, void *data, size_t *size) return; } - label_len16 = u16_strlen(lo.label); - label_len = utf16_utf8_strnlen(lo.label, label_len16); - label = malloc(label_len + 1); - if (!label) - return; - p = label; - utf16_utf8_strncpy(&p, lo.label, label_len16); - printf("%ls:\nattributes: %c%c%c (0x%08x)\n", varname16, /* ACTIVE */ @@ -1177,7 +1163,7 @@ static void show_efi_boot_opt_data(u16 *varname16, void *data, size_t *size) /* HIDDEN */ lo.attributes & LOAD_OPTION_HIDDEN ? 'H' : '-', lo.attributes); - printf(" label: %s\n", label); + printf(" label: %ls\n", lo.label); dp_str = efi_dp_str(lo.file_path); printf(" file_path: %ls\n", dp_str); @@ -1194,7 +1180,6 @@ static void show_efi_boot_opt_data(u16 *varname16, void *data, size_t *size) printf(" data:\n"); print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1, lo.optional_data, *size, true); - free(label); } /** @@ -1324,12 +1309,9 @@ static int show_efi_boot_order(void) u16 *bootorder; efi_uintn_t size; int num, i; - char var_name[9]; - u16 var_name16[9], *p16; + u16 var_name16[9]; void *data; struct efi_load_option lo; - char *label, *p; - size_t label_len16, label_len; efi_status_t ret; size = 0; @@ -1357,16 +1339,15 @@ static int show_efi_boot_order(void) num = size / sizeof(u16); for (i = 0; i < num; i++) { - sprintf(var_name, "Boot%04X", bootorder[i]); - p16 = var_name16; - utf8_utf16_strncpy(&p16, var_name, 9); + efi_create_indexed_name(var_name16, sizeof(var_name16), + "Boot", i); size = 0; ret = EFI_CALL(efi_get_variable(var_name16, &efi_global_variable_guid, NULL, &size, NULL)); if (ret != EFI_BUFFER_TOO_SMALL) { - printf("%2d: %s: (not defined)\n", i + 1, var_name); + printf("%2d: %ls: (not defined)\n", i + 1, var_name16); continue; } @@ -1391,18 +1372,7 @@ static int show_efi_boot_order(void) goto out; } - label_len16 = u16_strlen(lo.label); - label_len = utf16_utf8_strnlen(lo.label, label_len16); - label = malloc(label_len + 1); - if (!label) { - free(data); - ret = CMD_RET_FAILURE; - goto out; - } - p = label; - utf16_utf8_strncpy(&p, lo.label, label_len16); - printf("%2d: %s: %s\n", i + 1, var_name, label); - free(label); + printf("%2d: %ls: %ls\n", i + 1, var_name16, lo.label); free(data); } @@ -1449,11 +1419,11 @@ static int do_efi_boot_next(struct cmd_tbl *cmdtp, int flag, guid = efi_global_variable_guid; size = sizeof(u16); - ret = EFI_CALL(efi_set_variable(L"BootNext", &guid, + ret = efi_set_variable_int(L"BootNext", &guid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - size, &bootnext)); + size, &bootnext, false); if (ret != EFI_SUCCESS) { printf("Cannot set BootNext\n"); r = CMD_RET_FAILURE; @@ -1510,11 +1480,11 @@ static int do_efi_boot_order(struct cmd_tbl *cmdtp, int flag, } guid = efi_global_variable_guid; - ret = EFI_CALL(efi_set_variable(L"BootOrder", &guid, + ret = efi_set_variable_int(L"BootOrder", &guid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - size, bootorder)); + size, bootorder, true); if (ret != EFI_SUCCESS) { printf("Cannot set BootOrder\n"); r = CMD_RET_FAILURE; diff --git a/doc/usage/mmc.rst b/doc/usage/mmc.rst index 57284ed674..458c7642c0 100644 --- a/doc/usage/mmc.rst +++ b/doc/usage/mmc.rst @@ -40,7 +40,7 @@ The 'mmc write' command writes raw data to MMC device from memory address with b cnt block count -The 'mmc erase' command erases MMC device from block offset until count. +The 'mmc erase' command erases *cnt* blocks on the MMC device starting at block *blk#*. blk# start block offset @@ -110,6 +110,7 @@ The 'mmc partconf' command shows or changes PARTITION_CONFIG field. partitions to access The 'mmc bootpart-resize' command changes sizes of boot and RPMB partitions. + dev device number boot part size MB diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index eb5c4d6f29..98845b8ba3 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_VERIFY select IMAGE_SIGN_INFO select HASH_CALCULATE + select EFI_SIGNATURE_SUPPORT default n help Select this option if you want to enable capsule @@ -344,6 +345,7 @@ config EFI_SECURE_BOOT select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select HASH_CALCULATE + select EFI_SIGNATURE_SUPPORT default n help Select this option to enable EFI secure boot support. @@ -351,6 +353,9 @@ config EFI_SECURE_BOOT it is signed with a trusted key. To do that, you need to install, at least, PK, KEK and db. +config EFI_SIGNATURE_SUPPORT + bool + config EFI_ESRT bool "Enable the UEFI ESRT generation" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8bd343e258..fd344cea29 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o -obj-y += efi_signature.o +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE)) $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 6ee883d5b1..9ead0d2c78 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -208,16 +208,6 @@ skip: const efi_guid_t efi_guid_capsule_root_cert_guid = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) -{ - /* The platform is supposed to provide - * a method for getting the public key - * stored in the form of efi signature - * list - */ - return 0; -} - efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size, void **image, efi_uintn_t *image_size) { diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 4b20859b25..76c2f82fe6 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -1171,7 +1171,7 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, struct blk_desc *desc = NULL; struct disk_partition fs_partition; int part = 0; - char filename[32] = { 0 }; /* dp->str is u16[32] long */ + char *filename; char *s; if (path && !file) @@ -1198,12 +1198,17 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, if (!path) return EFI_SUCCESS; - snprintf(filename, sizeof(filename), "%s", path); + filename = calloc(1, strlen(path) + 1); + if (!filename) + return EFI_OUT_OF_RESOURCES; + + sprintf(filename, "%s", path); /* DOS style file path: */ s = filename; while ((s = strchr(s, '/'))) *s++ = '\\'; *file = efi_dp_from_file(desc, part, filename); + free(filename); if (!*file) return EFI_INVALID_PARAMETER; diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index f53ef367ec..fe1ee198e2 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type( } } -#ifdef CONFIG_EFI_SECURE_BOOT +/** + * efi_image_region_add() - add an entry of region + * @regs: Pointer to array of regions + * @start: Start address of region (included) + * @end: End address of region (excluded) + * @nocheck: flag against overlapped regions + * + * Take one entry of region [@start, @end[ and insert it into the list. + * + * * If @nocheck is false, the list will be sorted ascending by address. + * Overlapping entries will not be allowed. + * + * * If @nocheck is true, the list will be sorted ascending by sequence + * of adding the entries. Overlapping is allowed. + * + * Return: status code + */ +efi_status_t efi_image_region_add(struct efi_image_regions *regs, + const void *start, const void *end, + int nocheck) +{ + struct image_region *reg; + int i, j; + + if (regs->num >= regs->max) { + EFI_PRINT("%s: no more room for regions\n", __func__); + return EFI_OUT_OF_RESOURCES; + } + + if (end < start) + return EFI_INVALID_PARAMETER; + + for (i = 0; i < regs->num; i++) { + reg = ®s->reg[i]; + if (nocheck) + continue; + + /* new data after registered region */ + if (start >= reg->data + reg->size) + continue; + + /* new data preceding registered region */ + if (end <= reg->data) { + for (j = regs->num - 1; j >= i; j--) + memcpy(®s->reg[j + 1], ®s->reg[j], + sizeof(*reg)); + break; + } + + /* new data overlapping registered region */ + EFI_PRINT("%s: new region already part of another\n", __func__); + return EFI_INVALID_PARAMETER; + } + + reg = ®s->reg[i]; + reg->data = start; + reg->size = end - start; + regs->num++; + + return EFI_SUCCESS; +} + /** * cmp_pe_section() - compare virtual addresses of two PE image sections * @arg1: pointer to pointer to first section header @@ -422,6 +483,7 @@ err: return false; } +#ifdef CONFIG_EFI_SECURE_BOOT /** * efi_image_unsigned_authenticate() - authenticate unsigned image with * SHA256 hash diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index c7ec275414..bdd09881fc 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -15,18 +15,16 @@ #include <crypto/public_key.h> #include <linux/compat.h> #include <linux/oid_registry.h> +#include <u-boot/hash-checksum.h> #include <u-boot/rsa.h> #include <u-boot/sha256.h> -const efi_guid_t efi_guid_image_security_database = - EFI_IMAGE_SECURITY_DATABASE_GUID; const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) static u8 pkcs7_hdr[] = { /* SEQUENCE */ 0x30, 0x82, 0x05, 0xc7, @@ -540,68 +538,6 @@ out: } /** - * efi_image_region_add() - add an entry of region - * @regs: Pointer to array of regions - * @start: Start address of region (included) - * @end: End address of region (excluded) - * @nocheck: flag against overlapped regions - * - * Take one entry of region [@start, @end[ and insert it into the list. - * - * * If @nocheck is false, the list will be sorted ascending by address. - * Overlapping entries will not be allowed. - * - * * If @nocheck is true, the list will be sorted ascending by sequence - * of adding the entries. Overlapping is allowed. - * - * Return: status code - */ -efi_status_t efi_image_region_add(struct efi_image_regions *regs, - const void *start, const void *end, - int nocheck) -{ - struct image_region *reg; - int i, j; - - if (regs->num >= regs->max) { - EFI_PRINT("%s: no more room for regions\n", __func__); - return EFI_OUT_OF_RESOURCES; - } - - if (end < start) - return EFI_INVALID_PARAMETER; - - for (i = 0; i < regs->num; i++) { - reg = ®s->reg[i]; - if (nocheck) - continue; - - /* new data after registered region */ - if (start >= reg->data + reg->size) - continue; - - /* new data preceding registered region */ - if (end <= reg->data) { - for (j = regs->num - 1; j >= i; j--) - memcpy(®s->reg[j + 1], ®s->reg[j], - sizeof(*reg)); - break; - } - - /* new data overlapping registered region */ - EFI_PRINT("%s: new region already part of another\n", __func__); - return EFI_INVALID_PARAMETER; - } - - reg = ®s->reg[i]; - reg->data = start; - reg->size = end - start; - regs->num++; - - return EFI_SUCCESS; -} - -/** * efi_sigstore_free - free signature store * @sigstore: Pointer to signature store structure * @@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name) return efi_build_signature_store(db, db_size); } -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */ diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 39ef250bf9..39074f7547 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -53,7 +53,7 @@ struct digest_info { u16 hash_len; }; -const static struct digest_info hash_algo_list[] = { +static const struct digest_info hash_algo_list[] = { { TPM2_ALG_SHA1, EFI_TCG2_BOOT_HASH_ALG_SHA1, @@ -87,7 +87,7 @@ const static struct digest_info hash_algo_list[] = { */ static u32 alg_to_mask(u16 hash_alg) { - int i; + size_t i; for (i = 0; i < MAX_HASH_COUNT; i++) { if (hash_algo_list[i].hash_alg == hash_alg) @@ -106,7 +106,7 @@ static u32 alg_to_mask(u16 hash_alg) */ static u16 alg_to_len(u16 hash_alg) { - int i; + size_t i; for (i = 0; i < MAX_HASH_COUNT; i++) { if (hash_algo_list[i].hash_alg == hash_alg) @@ -119,7 +119,7 @@ static u16 alg_to_len(u16 hash_alg) static u32 tcg_event_final_size(struct tpml_digest_values *digest_list) { u32 len; - int i; + size_t i; len = offsetof(struct tcg_pcr_event2, digests); len += offsetof(struct tpml_digest_values, digests); @@ -145,7 +145,7 @@ static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, struct tpml_digest_values *digest_list) { u32 rc; - int i; + size_t i; for (i = 0; i < digest_list->count; i++) { u32 alg = digest_list->digests[i].hash_alg; @@ -178,7 +178,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, { void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos); size_t pos; - int i; + size_t i; u32 event_size; if (event_log.get_event_called) @@ -400,7 +400,8 @@ static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr, u8 response[TPM2_RESPONSE_BUFFER_SIZE]; struct tpml_pcr_selection pcrs; u32 ret, num_pcr; - int i, tpm_ret; + size_t i; + int tpm_ret; memset(response, 0, sizeof(response)); ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1); @@ -518,7 +519,7 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length, u8 final[TPM2_SHA512_DIGEST_SIZE]; efi_status_t ret; u32 active; - int i; + size_t i; ret = __get_active_pcr_banks(&active); if (ret != EFI_SUCCESS) @@ -749,8 +750,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, goto out; } - if (efi_tcg_event->header.pcr_index < 0 || - efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) { + if (efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) { ret = EFI_INVALID_PARAMETER; goto out; } @@ -810,9 +810,11 @@ out: * Return: status code */ static efi_status_t EFIAPI -efi_tcg2_submit_command(struct efi_tcg2_protocol *this, - u32 input_param_block_size, u8 *input_param_block, - u32 output_param_block_size, u8 *output_param_block) +efi_tcg2_submit_command(__maybe_unused struct efi_tcg2_protocol *this, + u32 __maybe_unused input_param_block_size, + u8 __maybe_unused *input_param_block, + u32 __maybe_unused output_param_block_size, + u8 __maybe_unused *output_param_block) { return EFI_UNSUPPORTED; } @@ -847,8 +849,8 @@ efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this, * Return: status code */ static efi_status_t EFIAPI -efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this, - u32 active_pcr_banks) +efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this, + u32 __maybe_unused active_pcr_banks) { return EFI_UNSUPPORTED; } @@ -866,8 +868,9 @@ efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this, * Return: status code */ static efi_status_t EFIAPI -efi_tcg2_get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this, - u32 *operation_present, u32 *response) +efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this, + u32 __maybe_unused *operation_present, + u32 __maybe_unused *response) { return EFI_UNSUPPORTED; } @@ -898,7 +901,8 @@ static efi_status_t create_specid_event(struct udevice *dev, void *buffer, size_t spec_event_size; efi_status_t ret = EFI_DEVICE_ERROR; u32 active, supported; - int err, i; + int err; + size_t i; /* * Create Spec event. This needs to be the first event in the log diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index b11ed91a74..83479dd142 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -24,6 +24,9 @@ struct efi_auth_var_name_type { const enum efi_auth_var_type type; }; +const efi_guid_t efi_guid_image_security_database = + EFI_IMAGE_SECURITY_DATABASE_GUID; + static const struct efi_auth_var_name_type name_type[] = { {u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK}, {u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK}, |