aboutsummaryrefslogtreecommitdiff
path: root/lib/efi_loader/efi_variable_tee.c
Commit message (Collapse)AuthorAgeFilesLines
* efi_loader: Enable run-time variable support for tee based variablesIlias Apalodimas2020-08-011-35/+47
| | | | | | | | | | | | | | | | | | | | We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Trim output buffer size correctly for tee variablesIlias Apalodimas2020-08-011-10/+3
| | | | | | | | | | | | | | | | The current code does not trim the output buffer correctly. In fact it doesn't trim the buffer at all, since it calculates a wrong value for it, which isn't even applied. So let's remove the unused temporary size variable and trim the buffer correctly. Since we are editing efi_get_next_variable_name_int(), fix an indentation error along the way. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Remove superfluous conversion to (u8 *) for memcpy argument. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Check for the native OP-TEE result on mm_communicate callsIlias Apalodimas2020-07-221-2/+2
| | | | | | | | | | | | | | | Currently we only check for the return value of tee_invoke_func(). Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll eventually return an error, the correct thing to do is check for the OP_TEE return code as well. So let's check for that and move tee_shm_free() and tee_close_session() before exiting with an error to make sure we always clear the registered memory. Fixes: f042e47e8fb43 ("efi_loader: Implement EFI variable handling via OP-TEE") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Use EFI_DEVICE_ERROR for TEE communication problems. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Rename and correct values for ARM_SMC_MM_*Ilias Apalodimas2020-07-221-4/+4
| | | | | | | | | | | Instead of adding the definition for the specific MM SVC used in StandAloneMM we added the one used in the standard SMC calls. So change the value from -4 to -5 to match the correct one defined in EDK2 and rename them to avoid future confusion Fixes 23a397d2e2fb: ("efi_loader: Add headers for EDK2 StandAloneMM communication") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: update secure stateHeinrich Schuchardt2020-07-161-0/+10
| | | | | | | | Update the UEFI secure state when variable 'PK' is updated in the TEE variables implementation. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
* efi_loader: display RO attribute with TEE-backed variablesIlias Apalodimas2020-07-161-6/+136
| | | | | | | | A previous commit adds support for displaying variables RO flag. Let's add it on the TEE backed variable storage as well. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: separate UEFI variable API from implemementationHeinrich Schuchardt2020-07-111-46/+9
| | | | | | | Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: prepare for read only OP-TEE variablesHeinrich Schuchardt2020-07-111-54/+21
| | | | | | | | | | | | | | | | | | We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: cleanup for tee backed variablesIlias Apalodimas2020-07-111-5/+3
| | | | | | | | | There's 2 variables in efi_get_next_variable_name() checking the size of the variable name. Let's get rid of the reduntant definition and simplitfy the code a bit. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
* efi_loader: Implement EFI variable handling via OP-TEEIlias Apalodimas2020-05-171-0/+662
In OP-TEE we can run EDK2's StandAloneMM on a secure partition. StandAloneMM is responsible for the UEFI variable support. In combination with OP-TEE and it's U-Boot supplicant, variables are authenticated/validated in secure world and stored on an RPMB partition. So let's add a new config option in U-Boot implementing the necessary calls to OP-TEE for the variable management. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-30 00:31:47 +0000