diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Kconfig | 2 | ||||
-rw-r--r-- | lib/asm-offsets.c | 3 | ||||
-rw-r--r-- | lib/efi_loader/efi_boottime.c | 17 | ||||
-rw-r--r-- | lib/efi_loader/efi_capsule.c | 51 | ||||
-rw-r--r-- | lib/efi_loader/efi_disk.c | 4 | ||||
-rw-r--r-- | lib/efi_loader/efi_setup.c | 36 | ||||
-rw-r--r-- | lib/efi_loader/efi_tcg2.c | 110 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_exitbootservices.c | 67 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_fdt.c | 15 | ||||
-rw-r--r-- | lib/lmb.c | 5 | ||||
-rw-r--r-- | lib/rsa/Kconfig | 10 | ||||
-rw-r--r-- | lib/tpm-v1.c | 4 |
12 files changed, 214 insertions, 110 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 70bf8e7a46..807a4c6ade 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -793,7 +793,7 @@ config LMB Support the library logical memory blocks. config LMB_USE_MAX_REGIONS - bool "Use a commun number of memory and reserved regions in lmb lib" + bool "Use a common number of memory and reserved regions in lmb lib" depends on LMB default y help diff --git a/lib/asm-offsets.c b/lib/asm-offsets.c index c691066332..0808cd4b0c 100644 --- a/lib/asm-offsets.c +++ b/lib/asm-offsets.c @@ -29,6 +29,9 @@ int main(void) DEFINE(GD_SIZE, sizeof(struct global_data)); DEFINE(GD_BD, offsetof(struct global_data, bd)); + + DEFINE(GD_FLAGS, offsetof(struct global_data, flags)); + #if CONFIG_VAL(SYS_MALLOC_F_LEN) DEFINE(GD_MALLOC_BASE, offsetof(struct global_data, malloc_base)); #endif diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 1823990d9b..8492b732f3 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -71,6 +71,9 @@ const efi_guid_t efi_guid_driver_binding_protocol = /* event group ExitBootServices() invoked */ const efi_guid_t efi_guid_event_group_exit_boot_services = EFI_EVENT_GROUP_EXIT_BOOT_SERVICES; +/* event group before ExitBootServices() invoked */ +const efi_guid_t efi_guid_event_group_before_exit_boot_services = + EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES; /* event group SetVirtualAddressMap() invoked */ const efi_guid_t efi_guid_event_group_virtual_address_change = EFI_EVENT_GROUP_VIRTUAL_ADDRESS_CHANGE; @@ -2123,6 +2126,16 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, if (!systab.boottime) goto out; + /* Notify EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES event group. */ + list_for_each_entry(evt, &efi_events, link) { + if (evt->group && + !guidcmp(evt->group, + &efi_guid_event_group_before_exit_boot_services)) { + efi_signal_event(evt); + break; + } + } + /* Stop all timer related activities */ timers_enabled = false; @@ -2154,6 +2167,7 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, } if (!efi_st_keep_devices) { + bootm_disable_interrupts(); if (IS_ENABLED(CONFIG_USB_DEVICE)) udc_disconnect(); board_quiesce_devices(); @@ -2166,9 +2180,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, /* Fix up caches for EFI payloads if necessary */ efi_exit_caches(); - /* This stops all lingering devices */ - bootm_disable_interrupts(); - /* Disable boot time services */ systab.con_in_handle = NULL; systab.con_in = NULL; diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 850937fd12..8301eed631 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -1037,30 +1037,45 @@ efi_status_t __weak efi_load_capsule_drivers(void) } /** - * check_run_capsules - Check whether capsule update should run + * check_run_capsules() - check whether capsule update should run * * The spec says OsIndications must be set in order to run the capsule update * on-disk. Since U-Boot doesn't support runtime SetVariable, allow capsules to * run explicitly if CONFIG_EFI_IGNORE_OSINDICATIONS is selected + * + * Return: EFI_SUCCESS if update to run, EFI_NOT_FOUND otherwise */ -static bool check_run_capsules(void) +static efi_status_t check_run_capsules(void) { u64 os_indications; efi_uintn_t size; - efi_status_t ret; - - if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) - return true; + efi_status_t r; size = sizeof(os_indications); - ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, - NULL, &size, &os_indications, NULL); - if (ret == EFI_SUCCESS && - (os_indications - & EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED)) - return true; - - return false; + r = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, + NULL, &size, &os_indications, NULL); + if (r != EFI_SUCCESS || size != sizeof(os_indications)) + return EFI_NOT_FOUND; + + if (os_indications & + EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED) { + os_indications &= + ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED; + r = efi_set_variable_int(L"OsIndications", + &efi_global_variable_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(os_indications), + &os_indications, false); + if (r != EFI_SUCCESS) + log_err("Setting %ls failed\n", L"OsIndications"); + return EFI_SUCCESS; + } else if (IS_ENABLED(CONFIG_EFI_IGNORE_OSINDICATIONS)) { + return EFI_SUCCESS; + } else { + return EFI_NOT_FOUND; + } } /** @@ -1078,7 +1093,7 @@ efi_status_t efi_launch_capsules(void) unsigned int nfiles, index, i; efi_status_t ret; - if (!check_run_capsules()) + if (check_run_capsules() != EFI_SUCCESS) return EFI_SUCCESS; index = get_last_capsule(); @@ -1108,13 +1123,13 @@ efi_status_t efi_launch_capsules(void) log_err("Applying capsule %ls failed\n", files[i]); + /* create CapsuleXXXX */ + set_capsule_result(index, capsule, ret); + free(capsule); } else { log_err("Reading capsule %ls failed\n", files[i]); } - /* create CapsuleXXXX */ - set_capsule_result(index, capsule, ret); - /* delete a capsule either in case of success or failure */ ret = efi_capsule_delete_file(files[i]); if (ret != EFI_SUCCESS) diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c index ef8b5c88ff..45127d1768 100644 --- a/lib/efi_loader/efi_disk.c +++ b/lib/efi_loader/efi_disk.c @@ -424,7 +424,7 @@ static efi_status_t efi_disk_add_dev( &efi_block_io_guid, &diskobj->ops, guid, NULL, NULL)); if (ret != EFI_SUCCESS) - return ret; + goto error; /* * On partitions or whole disks without partitions install the @@ -573,7 +573,7 @@ efi_status_t efi_disk_register(void) if (ret) { log_err("ERROR: failure to add disk device %s, r = %lu\n", dev->name, ret & ~EFI_ERROR_MASK); - return ret; + continue; } disks++; diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index a2338d74af..1aba71cd96 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -176,43 +176,13 @@ static efi_status_t efi_init_os_indications(void) /** - * efi_clear_os_indications() - clear OsIndications - * - * Clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED - */ -static efi_status_t efi_clear_os_indications(void) -{ - efi_uintn_t size; - u64 os_indications; - efi_status_t ret; - - size = sizeof(os_indications); - ret = efi_get_variable_int(L"OsIndications", &efi_global_variable_guid, - NULL, &size, &os_indications, NULL); - if (ret != EFI_SUCCESS) - os_indications = 0; - else - os_indications &= - ~EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED; - ret = efi_set_variable_int(L"OsIndications", &efi_global_variable_guid, - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | - EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(os_indications), &os_indications, - false); - if (ret != EFI_SUCCESS) - log_err("Setting %ls failed\n", L"OsIndications"); - return ret; -} - -/** * efi_init_obj_list() - Initialize and populate EFI object list * * Return: status code */ efi_status_t efi_init_obj_list(void) { - efi_status_t r, ret = EFI_SUCCESS; + efi_status_t ret = EFI_SUCCESS; /* Initialize once only */ if (efi_obj_list_initialized != OBJ_LIST_NOT_INITIALIZED) @@ -331,11 +301,7 @@ efi_status_t efi_init_obj_list(void) if (IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK) && !IS_ENABLED(CONFIG_EFI_CAPSULE_ON_DISK_EARLY)) ret = efi_launch_capsules(); - out: - r = efi_clear_os_indications(); - if (ret == EFI_SUCCESS) - ret = r; efi_obj_list_initialized = ret; return ret; } diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 189e4a5ba5..8c1f22e337 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -18,6 +18,7 @@ #include <smbios.h> #include <version_string.h> #include <tpm-v2.h> +#include <tpm_api.h> #include <u-boot/hash-checksum.h> #include <u-boot/sha1.h> #include <u-boot/sha256.h> @@ -27,6 +28,17 @@ #include <linux/unaligned/generic.h> #include <hexdump.h> +/** + * struct event_log_buffer - internal eventlog management structure + * + * @buffer: eventlog buffer + * @final_buffer: finalevent config table buffer + * @pos: current position of 'buffer' + * @final_pos: current position of 'final_buffer' + * @get_event_called: true if GetEventLog has been invoked at least once + * @ebs_called: true if ExitBootServices has been invoked + * @truncated: true if the 'buffer' is truncated + */ struct event_log_buffer { void *buffer; void *final_buffer; @@ -34,6 +46,7 @@ struct event_log_buffer { size_t final_pos; /* final events config table position */ size_t last_event_size; bool get_event_called; + bool ebs_called; bool truncated; }; @@ -186,39 +199,29 @@ static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index, return EFI_SUCCESS; } -/* tcg2_agile_log_append - Append an agile event to out eventlog +/* put_event - Append an agile event to an eventlog * * @pcr_index: PCR index * @event_type: type of event added * @digest_list: list of digest algorithms to add * @size: size of event * @event: event to add + * @log: log buffer to append the event * - * @Return: status code */ -static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, - struct tpml_digest_values *digest_list, - u32 size, u8 event[]) +static void put_event(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, u32 size, + u8 event[], void *log) { - void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos); size_t pos; size_t i; u32 event_size; - if (event_log.get_event_called) - log = (void *)((uintptr_t)event_log.final_buffer + - event_log.final_pos); - /* * size refers to the length of event[] only, we need to check against * the final tcg_pcr_event2 size */ event_size = size + tcg_event_final_size(digest_list); - if (event_log.pos + event_size > TPM2_EVENT_LOG_SIZE || - event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) { - event_log.truncated = true; - return EFI_VOLUME_FULL; - } put_unaligned_le32(pcr_index, log); pos = offsetof(struct tcg_pcr_event2, event_type); @@ -242,25 +245,62 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, memcpy((void *)((uintptr_t)log + pos), event, size); pos += size; - /* make sure the calculated buffer is what we checked against */ + /* + * make sure the calculated buffer is what we checked against + * This check should never fail. It checks the code above is + * calculating the right length for the event we are adding + */ if (pos != event_size) - return EFI_INVALID_PARAMETER; + log_err("Appending to the EventLog failed\n"); +} - /* if GetEventLog hasn't been called update the normal log */ - if (!event_log.get_event_called) { - event_log.pos += pos; - event_log.last_event_size = pos; - } else { - /* if GetEventLog has been called update config table log */ - struct efi_tcg2_final_events_table *final_event; +/* tcg2_agile_log_append - Append an agile event to an eventlog + * + * @pcr_index: PCR index + * @event_type: type of event added + * @digest_list: list of digest algorithms to add + * @size: size of event + * @event: event to add + * @log: log buffer to append the event + * + * @Return: status code + */ +static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, + struct tpml_digest_values *digest_list, + u32 size, u8 event[]) +{ + void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos); + u32 event_size = size + tcg_event_final_size(digest_list); + struct efi_tcg2_final_events_table *final_event; + efi_status_t ret = EFI_SUCCESS; - final_event = - (struct efi_tcg2_final_events_table *)(event_log.final_buffer); - final_event->number_of_events++; - event_log.final_pos += pos; + /* if ExitBootServices hasn't been called update the normal log */ + if (!event_log.ebs_called) { + if (event_log.truncated || + event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) { + event_log.truncated = true; + return EFI_VOLUME_FULL; + } + put_event(pcr_index, event_type, digest_list, size, event, log); + event_log.pos += event_size; + event_log.last_event_size = event_size; } - return EFI_SUCCESS; + if (!event_log.get_event_called) + return ret; + + /* if GetEventLog has been called update FinalEventLog as well */ + if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) + return EFI_VOLUME_FULL; + + log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos); + put_event(pcr_index, event_type, digest_list, size, event, log); + + final_event = event_log.final_buffer; + final_event->number_of_events++; + event_log.final_pos += event_size; + + return ret; } /** @@ -1303,6 +1343,7 @@ static efi_status_t efi_init_event_log(void) event_log.pos = 0; event_log.last_event_size = 0; event_log.get_event_called = false; + event_log.ebs_called = false; event_log.truncated = false; /* @@ -1472,7 +1513,7 @@ static efi_status_t tcg2_measure_boot_variable(struct udevice *dev) &var_data_size); if (!bootvar) { - log_info("%ls not found\n", boot_name); + log_debug("%ls not found\n", boot_name); continue; } @@ -1792,6 +1833,7 @@ efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context) EFI_ENTRY("%p, %p", event, context); + event_log.ebs_called = true; ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) goto out; @@ -1902,6 +1944,7 @@ efi_status_t efi_tcg2_register(void) efi_status_t ret = EFI_SUCCESS; struct udevice *dev; struct efi_event *event; + u32 err; ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) { @@ -1909,6 +1952,13 @@ efi_status_t efi_tcg2_register(void) return EFI_SUCCESS; } + /* initialize the TPM as early as possible. */ + err = tpm_startup(dev, TPM_ST_CLEAR); + if (err) { + log_err("TPM startup failed\n"); + goto fail; + } + ret = efi_init_event_log(); if (ret != EFI_SUCCESS) goto fail; diff --git a/lib/efi_selftest/efi_selftest_exitbootservices.c b/lib/efi_selftest/efi_selftest_exitbootservices.c index 4fecd1b415..59ab15407a 100644 --- a/lib/efi_selftest/efi_selftest_exitbootservices.c +++ b/lib/efi_selftest/efi_selftest_exitbootservices.c @@ -10,9 +10,34 @@ #include <efi_selftest.h> +static efi_guid_t guid_before_exit_boot_services = + EFI_GUID(0x8be0e274, 0x3970, 0x4b44, 0x80, 0xc5, + 0x1a, 0xb9, 0x50, 0x2f, 0x3b, 0xfc); +#define CAPACITY 4 + +struct notification_record { + unsigned int count; + unsigned int type[CAPACITY]; +}; + +struct notification_context { + struct notification_record *record; + unsigned int type; +}; + static struct efi_boot_services *boottime; static struct efi_event *event_notify; -static unsigned int notification_count; +struct notification_record record; + +struct notification_context context_before = { + .record = &record, + .type = 1, +}; + +struct notification_context context = { + .record = &record, + .type = 2, +}; /* * Notification function, increments the notification count. @@ -20,11 +45,15 @@ static unsigned int notification_count; * @event notified event * @context pointer to the notification count */ -static void EFIAPI notify(struct efi_event *event, void *context) +static void EFIAPI ebs_notify(struct efi_event *event, void *context) { - unsigned int *count = context; + struct notification_context *ctx = context; + + if (ctx->record->count >= CAPACITY) + return; - ++*count; + ctx->record->type[ctx->record->count] = ctx->type; + ctx->record->count++; } /* @@ -43,15 +72,23 @@ static int setup(const efi_handle_t handle, boottime = systable->boottime; - notification_count = 0; ret = boottime->create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, - TPL_CALLBACK, notify, - (void *)¬ification_count, + TPL_CALLBACK, ebs_notify, + &context, &event_notify); if (ret != EFI_SUCCESS) { efi_st_error("could not create event\n"); return EFI_ST_FAILURE; } + ret = boottime->create_event_ex(0, TPL_CALLBACK, ebs_notify, + &context_before, + &guid_before_exit_boot_services, + &event_notify); + if (ret != EFI_SUCCESS) { + efi_st_error("could not create event\n"); + return EFI_ST_FAILURE; + } + return EFI_ST_SUCCESS; } @@ -68,13 +105,21 @@ static int setup(const efi_handle_t handle, */ static int execute(void) { - if (notification_count != 1) { - efi_st_error("ExitBootServices was not notified\n"); + if (record.count != 2) { + efi_st_error("Incorrect event count %u\n", record.count); + return EFI_ST_FAILURE; + } + if (record.type[0] != 1) { + efi_st_error("EFI_GROUP_BEFORE_EXIT_BOOT_SERVICE not notified\n"); + return EFI_ST_FAILURE; + } + if (record.type[1] != 2) { + efi_st_error("EVT_SIGNAL_EXIT_BOOT_SERVICES was not notified\n"); return EFI_ST_FAILURE; } efi_st_exit_boot_services(); - if (notification_count != 1) { - efi_st_error("ExitBootServices was notified twice\n"); + if (record.count != 2) { + efi_st_error("Incorrect event count %u\n", record.count); return EFI_ST_FAILURE; } return EFI_ST_SUCCESS; diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index eae98208f6..412ba286ea 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -23,23 +23,24 @@ static const char *fdt; static const efi_guid_t fdt_guid = EFI_FDT_GUID; static const efi_guid_t acpi_guid = EFI_ACPI_TABLE_GUID; -/* - * Convert FDT value to host endianness. +/** + * f2h() - convert FDT value to host endianness. * - * @val FDT value - * @return converted value + * UEFI code is always low endian. The FDT is big endian. + * + * @val: FDT value + * Return: converted value */ static uint32_t f2h(fdt32_t val) { char *buf = (char *)&val; char i; -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* Swap the bytes */ i = buf[0]; buf[0] = buf[3]; buf[3] = i; i = buf[1]; buf[1] = buf[2]; buf[2] = i; -#endif - return *(uint32_t *)buf; + + return val; } /** @@ -13,6 +13,7 @@ #include <malloc.h> #include <asm/global_data.h> +#include <asm/sections.h> DECLARE_GLOBAL_DATA_PTR; @@ -144,6 +145,10 @@ void arch_lmb_reserve_generic(struct lmb *lmb, ulong sp, ulong end, ulong align) bank_end = end - 1; lmb_reserve(lmb, sp, bank_end - sp + 1); + + if (gd->flags & GD_FLG_SKIP_RELOC) + lmb_reserve(lmb, (phys_addr_t)(uintptr_t)_start, gd->mon_len); + break; } } diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 469596abe7..be9775bcce 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,7 +1,8 @@ config RSA bool "Use RSA Library" select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 - select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP + select RSA_ASPEED_EXP if ASPEED_ACRY + select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP help RSA support. This enables the RSA algorithm used for FIT image verification in U-Boot. @@ -62,4 +63,11 @@ config RSA_FREESCALE_EXP Enables driver for RSA modular exponentiation using Freescale cryptographic accelerator - CAAM. +config RSA_ASPEED_EXP + bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator" + depends on DM && ASPEED_ACRY + help + Enables driver for RSA modular exponentiation using ASPEED cryptographic + accelerator - ACRY + endif diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 8dc144080c..22a769c587 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -840,7 +840,7 @@ u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], unsigned int i; /* fetch list of already loaded keys in the TPM */ - err = tpm_get_capability(dev, TPM_CAP_HANDLE, TPM_RT_KEY, buf, + err = tpm1_get_capability(dev, TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf)); if (err) return -1; @@ -852,7 +852,7 @@ u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); - err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len); + err = tpm1_get_pub_key_oiap(dev, key_handles[i], auth, buf, &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) |